Doing a little server maintenance because I noticed 8000 e-mails in my inbox!

I get a lot of junk mail, as I'm sure we all do. I've had the same e-mail address since I originally registered the domain name in 1995, so it's been around for a while. I'm pretty good about locking down my e-mail servers and using anti-spam measures like blacklists and SpamAssassin. I catch about 95% of the junk with no known false-positives, and enjoy a relatively junk-free e-mail experience. Still, it's about 100-200 e-mails a day that I have to toss by hand.

Either during or as a result of updating SpamAssassin in the last couple of days, or due to some other misconfiguration I can't quite identify, something happened that allowed 8000 e-mails to get into my inbox.

A majority of these e-mails were rejections from other mail servers, which I think are normally caught and eliminated by the SpamAssassin. In a spot check (of a dozen or so), the messages invariably were not sent by my server, but did have a user name (bogus or real) and used a domain name served by my server. This means that the other server received the e-mail, rejected it, and sent the rejection to the unfortunate "from" address.

This is a typical junk mail technique. Take a hopefully valid e-mail address and use it as "from," take another and use it as "to," and send the mail, probably to an open relay (not my server), but not really the "from" or "to" server. The relay then forwards the message, the "to" server rejects it, "returning" the message to the "from" server.

EIGHT THOUSAND of these happened in one day, and my server put 'em in my inbox. Now, that's unfortunately not an exaggerated number, but it is a little high. I think either someone just blasted with e-mail addresses that returned to my server, or the messages just got through the anti-spam efforts. It's likely that there are that many messages received and discarded in a day.

A quick check of my mail report shows that the rejected due to UBE is not recorded in the logs in a manner that the report will show. Instead the messages are likely either not reported or are incorrectly reported as delivered. Quite technically the messages are delivered (from the MTA to the mailbox), but are intercepted and analyzed by the SpamAssassin before being allowed to be saved in the mailbox. The report shows that up to this morning, 14,000-ish e-mail were delivered and 50,0000-ish rejected. By comparison, in all of June only 15,000 messages were delivered (rejected takes more time to see...). Also Aug 9 showed an unreasonably high 5000 messages delivered; probably the bulk of these error messages.

I seem to have stopped the swelling of my mailbox, so I'm going to guess it was really during the maintenance that they managed to slip through.