Spam attack/relay on Qmail

I noticed somebody is using one of my servers with qmail for spam.

The attacker send an email to unexistentuser@localdomain.com usig forged headers as the email came from finaldestination@aol.com

Because the user does not exist the server will bounce back the message to finaldestination@aol.com.

With proper formatting the email will go very well on aol servers. I tested this method against several qmail servers and all are vulnerable.

Any suggestion or patch would be really appreciated.

 

 

 

 

Top