From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 16 14:01:39 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B759106568C
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Oct 2008 14:01:39 +0000 (UTC)
	(envelope-from eculp@casasponti.net)
Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19])
	by mx1.freebsd.org (Postfix) with ESMTP id A7FEF8FC19
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Oct 2008 14:01:38 +0000 (UTC)
	(envelope-from eculp@casasponti.net)
Received: from casasponti.net ([201.155.7.3])
	by ns2.bafirst.com with esmtp; Thu, 16 Oct 2008 09:01:34 -0500
	id 000D52E3.48F7493F.000016F9
Received: from localhost (localhost [127.0.0.1]) (uid 80)
	by casasponti.net with local; Thu, 16 Oct 2008 09:01:02 -0500
	id 00130CC4.48F7491E.00005AA8
Received: from dsl-189-190-8-164.prod-infinitum.com.mx
	(dsl-189-190-8-164.prod-infinitum.com.mx [189.190.8.164]) by
	intranet.casasponti.net (Horde Framework) with HTTP; Thu, 16 Oct 2008
	09:01:02 -0500
Message-ID: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net>
Date: Thu, 16 Oct 2008 09:01:02 -0500
From: eculp@casasponti.net
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain;
	charset=ISO-8859-1;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs)
X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.17)
	Gecko/20080925 Firefox/2.0.0.17
X-IMP-Server: 201.155.7.3
X-Originating-IP: 189.190.8.164
X-Originating-User: eculp@casasponti.net
Subject: I've just found a new and interesting spam source - legitimate
	bounce messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2008 14:01:39 -0000

In the last hour, I've received over 200 legitimate bounce messages  
from email services as a result of someone having used or worse is  
using my email address in spam from multiple windows machines and ip  
addresses.  The end result is that I am getting the bounce messages.   
I'm sure that others on this list have experienced the problem and  
maybe have a solution that I don't have.

The messages are allowed through my obspamd/pf and pf smtp bruteforce  
blocking rules because they are completely legit.

I guess the work around is to filter them on incoming together with  
our local bounce messaages util the spammers get tired of my address.

Thanks for any suggestions,

ed