"James Riden" writes:
It's best to do SMTP rejects for unknown users; this will help cut the load on your servers if the forged From addresses don't exist at your domain. This is relatively straightforward for most MTAs - I believe postfix can do LDAP queries against AD, or can talk to a postgresql database. Since most of the forged addresses will be nonexistent, this should help quite a bit.
(Bonus - it will also stop you generating this kind of traffic for other sites in the future.)
My mail domain is relatively small - about 40 real users - but I still drop about 1500 mail connections a day for email sent to invalid users. About 200 of these were typically virus initiated (and therefore had attachments) and almost all the rest were spam. My MTA is Mailmarshal and it can easily be configured to do this. You can set up LDAP or Active Directory connectors to hook into your directory servers which makes managing the lookup lists simple. And before I hear cries of "argh, not mailmarshal again..." Its configured so that is does *not* send outbound notifications for viruses etc. -- Regan