For the past two weeks, I've been getting bounce messages in my catchall address because some spammer is forging random addresses at my domain as his sender address.
I cannot turn off catchall because I have given out hundreds of unique addresses by which I can be reached. Each unique address is prefaced with an underscore and it identifies who should be mailing me on it (example "_Ameritrade@{my domain}"). This way, if a company sells/leaks an address to spammers, I know who did it and can block that address from receiving any more mail.
How do I drop connections for email addresses which do not begin with an underscore AND which are not specifically directed to a particular mailbox in my domain?
HELP! My domain is being "joe-jobbed"
-
- Posts: 14
- Joined: Fri Oct 07, 2005 9:19 pm
- Location: Fort Smith, Arkansas, USA
- Contact:
I would like to know this also.
I use many addresses also and would like to block a defined set of addresses. Is there a method to block incoming email to addresses that do not fit a filter? like _*.mydomain.com
Re: I would like to know this also.
Actually, I think you want to unblock a defined set of addresses and turn off catchall -- which is the same thing that I want to do.jfenwickar wrote:I use many addresses also and would like to block a defined set of addresses. Is there a method to block incoming email to addresses that do not fit a filter? like _*.mydomain.com
I had really hoped that a feature as simple as what we are requesting could have been added years ago. MailEnable already understands *@{mydomain.com}, so I can't understand why it would be so hard to have it understand _*@{mydomain.com} or *sales@{mydomain.com}. All that it would need to do is check for an exact match first, not finding that, a partially-specified wildcard match, and, following that, a catchall wildcard match.
Then we could set up one mailbox and send everything to it:
Me@{mydomain.com}, postmaster@{mydomain.com}, abuse@{mydomain.com}, _*@{mydomain.com}
If lkjsdlksdfj@{mydomain.com} was specified in an RCPT, then MailEnable could reply with a no-such-address message and the connection would be dropped.
What's really ugly, and it's happened to me, is the spammer dictionary attack, where they try a whole list of words, names, etc. to the left of the @ for your domain (e.g., aarona@{mydomain.com}, aaronb@{mydomain.com}, aaronc@{mydomain.com}, etc.). With a catchall, you can find, hours later, that your connection is saturated and that you have tens of thousands of messages. If you don't find it in time, your server's hard drive will just fill up.
P.S. The spammers are still forging e-mail to look like it came from my domain and I'm still getting bounce messages -- constantly.