[afnog] Help my mail problem

Brian Candler B.Candler at pobox.com
Wed Sep 7 14:07:52 EAT 2005


On Wed, Sep 07, 2005 at 11:57:07AM +0200, David Chima wrote:
> Brian
> No I don't see the to=<> in the logs, but I get them as sent to the postmaster

Really - sendmail's logging is that bad? Are you sure there's not another
line somewhere else which has the same queue ID that you can link it with?

As a guess, they might be double bounces. That is:

- spammer sends mail from forged at forgedomain.com to user at yourdomain.com
- sendmail accepts the mail, not rejecting with 5xx
- however it can't deliver it (e.g. user at yourdomain.com is over quota,
  procmail filter fails)
- sendmail tries to send bounce from <> to forged at forgeddomain.com
- the bounce is rejected
- sendmail sends the double bounce to postmaster

I'm not sure if sendmail does send double bounces to postmaster (I know
qmail does).

To be honest though, if sendmail is giving you grief, install a decent
modern MTA with proper logging and policy control, such as exim.

Regards,

Brian.



More information about the afnog mailing list