how do I get more info about who is sending to invalid email addresses

[postwick]

I get hit every day by about 30 emails that are sent to invalid email addresses @mydomain. Somebody is trying to find valid email addresses by seeing what doesn't get bounced back.

They're still in "a" (in the alphabet) so I have some time, because my first valid email address is in the "k" range.

I have logwatch running on my Redhat 7.2 system, that's how I know this is happening. But logwatch only tells me what invalid email addresses they attempted to send to. How can I get more information about the sender and a copy of the email they're sending?

Thanks,
Paul

 

[BitFuzzy]

Hello:

The only way I can think of off hand, is to search your logs for the attempted email address, and locate the originating 'ip', however this doesn't mean that the "sender" was actually using that ip, it could have been only the relay for the message.

You're probiably right in assuming that the sender is trying to obtain valid login's however it could also be a "spammer" just trying to get his/her "crap" sent to as many people as possible.

One thing you can do, is setup a account to use as a email dummy. forward all email's for every hosted domain that isn't sent to a valid account, to that one.
[@abc.com dummy] - setup a simple cron job to delete the file once or twice a day (a simple perl script would be handy there) and problem solved. All sent email now appears to be valid

Hope this helps

KC