From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 07:17:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FED316A40F for ; Wed, 20 Dec 2006 07:17:16 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CB1443CA3 for ; Wed, 20 Dec 2006 07:17:14 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id kBK70Na4036555; Wed, 20 Dec 2006 07:00:24 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4588DF80.2090008@infracaninophile.co.uk> Date: Wed, 20 Dec 2006 07:00:16 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.8 (X11/20061216) MIME-Version: 1.0 To: Beastie MRA References: <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <20061220033159.GA70898@wjv.com> <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> In-Reply-To: <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig9D8B64B599030BB87087C2DF" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Wed, 20 Dec 2006 07:00:39 +0000 (GMT) X-Virus-Scanned: ClamAV 0.88.7/2359/Tue Dec 19 23:52:09 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, DKIM_POLICY_TESTING,NO_RELAYS autolearn=ham version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on happy-idiot-talk.infracaninophile.co.uk Cc: bv@wjv.com, freebsd-questions@freebsd.org Subject: Re: undeliverable mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 07:17:16 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9D8B64B599030BB87087C2DF Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Beastie MRA wrote: > On Dec 20, 2006 10:31 AM, Bill Vermillion wrote: >=20 >> It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with >> doors labeled "Dungeon" and "Forbidden". There is noise, the door >> marked Dungeon flies open and Beastie MRA SHOUTS: >> >>> Dear All. >>> >>> For past few days, my MX receive thousand of undeliverable message >>> destinated for my non existent user at my domain. >>> This message source come from valid and well configured (almost) smtp= >>> server on internet. >>> I'ts waste my internet b/w, cause my MX will reject with non existent= >>> user message. >>> I'll try spamd on my firewall and greylist on my MX (postfix), but >>> still >>> no effective, and i cannot block undeliverable >>> message as RFC rules >>> >>> Is there any way i can fix this ? >>> Please help >> I use the virtusertable in sendmail, and I have my valid addresses, >> such as bv@wjv.com bv and then for after that is >> a line of @wjv.com nouser. >> >> And nouser is defined in aliases as nouser: /dev/null >> >> On one of the mail servers I maintain I just checked and I >> had 260,000+ messages routed to "*file*" in the maillog - which >> shows up as mailer=3D*file* in the logs. That maillog rotates >> every night at midnight. >> >> Is not really a freebsd-net problem so I removed that from the >> reply to line. >> >> Bill >> >> -- >> Bill Vermillion - bv @ wjv . com >=20 > Thanks for response... >=20 > but this virtusertable will not stop SMTP server in internet to keep > send you undeliverable message. > I assume someone doing nasty with forged and use my domain email to sen= d > his spam message to non existing user. > and i got undeliverable message. > Is there any clue ?? > Oh.. i forget to mention i use 4.11-STABLE for my MX Hmmm... SPF records are a good tool against this sort of thing. Perhaps if you change from: mra.co.id. "v=3Dspf1 mx " to mra.co.id. "v=3Dspf1 mx -all" That means that SPF compliant mail servers should refuse to accept messages (ie. a hard fail) from any machine other than the MXes for mra.co.id See http://www.openspf.org/SPF_Record_Syntax for the full story on SPF records. It's not a 100% solution and it will take the spammers some time to realise that forging your address in their e-mails is much less effective. On the positive side, it will mean that many mailservers reject the incoming spam during the SMTP dialog so you'll get fewer bounce messages. This problem exposes an architectural flaw in many e-mail server setups. Either all of the MXes for a domain have to be able to verify addresses on incoming e-mails and reject any non-existent destinations during the SMTP dialog, or (like Bill does above) once a message has been accepted by any of the mail servers for your domain, it should never be bounced back to the (probably forged) mail address in the headers because the recipient doesn't exist. Bouncing for other reasons,= (like eg. mailbox over quota) does not generally add to the overall spam load. Normally a very simple site with just one server will get that rig= ht, but a more complex site with several MXes and various SMTP routers etc. internally will frequently not. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig9D8B64B599030BB87087C2DF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFiN+H8Mjk52CukIwRCDF/AJwODnEhqNvudEJ30VeT+hsVo239wACgk+mD wpL59PoFggblEQbb83SKRpI= =bkpn -----END PGP SIGNATURE----- --------------enig9D8B64B599030BB87087C2DF--