Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Dec 2006 10:02:37 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Beastie MRA <beastie@mra.co.id>
Cc:        bv@wjv.com, freebsd-questions@freebsd.org
Subject:   Re: undeliverable mail
Message-ID:  <45890A3D.60107@infracaninophile.co.uk>
In-Reply-To: <13738411.2021166603880825.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id>
References:  <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <20061220033159.GA70898@wjv.com> <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <4588DF80.2090008@infracaninophile.co.uk> <13738411.2021166603880825.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig32ADB489C07064BB73982AA8
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Beastie MRA wrote:
> On Dec 20, 2006 02:00 PM, Matthew Seaman
> <m.seaman@infracaninophile.co.uk> wrote:
>=20
>> Beastie MRA wrote:
>>> On Dec 20, 2006 10:31 AM, Bill Vermillion <bv@wjv.com> wrote:
>>>
>>>> It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with
>>>> doors labeled "Dungeon" and "Forbidden". There is noise, the door
>>>> marked Dungeon flies open and Beastie MRA SHOUTS:
>>>>
>>>>> Dear All.
>>>>>
>>>>> For past few days, my MX receive thousand of undeliverable message
>>>>> destinated for my non existent user at my domain.
>>>>> This message source come from valid and well configured (almost)
>>>>> smtp
>>>>> server on internet.
>>>>> I'ts waste my internet b/w, cause my MX will reject with non
>>>>> existent
>>>>> user message.
>>>>> I'll try spamd on my firewall and greylist on my MX (postfix), but
>>>>> still
>>>>> no effective, and i cannot block undeliverable
>>>>> message as RFC rules
>>>>>
>>>>> Is there any way i can fix this ?
>>>>> Please help
>>>> I use the virtusertable in sendmail, and I have my valid addresses,
>>>> such as bv@wjv.com bv and then for after that is
>>>> a line of @wjv.com nouser.
>>>>
>>>> And nouser is defined in aliases as nouser: /dev/null
>>>>
>>>> On one of the mail servers I maintain I just checked and I
>>>> had 260,000+ messages routed to "*file*" in the maillog - which
>>>> shows up as mailer=3D*file* in the logs. That maillog rotates
>>>> every night at midnight.
>>>>
>>>> Is not really a freebsd-net problem so I removed that from the
>>>> reply to line.
>>>>
>>>> Bill
>>>>
>>>> --
>>>> Bill Vermillion - bv @ wjv . com
>>> Thanks for response...
>>>
>>> but this virtusertable will not stop SMTP server in internet to keep
>>> send you undeliverable message.
>>> I assume someone doing nasty with forged and use my domain email to
>>> send
>>> his spam message to non existing user.
>>> and i got undeliverable message.
>>> Is there any clue ??
>>> Oh.. i forget to mention i use 4.11-STABLE for my MX
>> Hmmm... SPF records are a good tool against this sort of thing.
>> Perhaps if you change from:
>>
>> mra.co.id. "v=3Dspf1 mx "
>>
>> to
>>
>> mra.co.id. "v=3Dspf1 mx -all"
>>
>> That means that SPF compliant mail servers should refuse to accept
>> messages (ie. a hard fail) from any machine other than the MXes for
>> mra.co.id See http://www.openspf.org/SPF_Record_Syntax for the full
>> story on SPF records.
>>
>> It's not a 100% solution and it will take the spammers some time to
>> realise that forging your address in their e-mails is much less
>> effective. On the positive side, it will mean that many mailservers
>> reject the incoming spam during the SMTP dialog so you'll get fewer
>> bounce messages.
>>
>> This problem exposes an architectural flaw in many e-mail server
>> setups. Either all of the MXes for a domain have to be able to verify
>> addresses on incoming e-mails and reject any non-existent destinations=

>> during the SMTP dialog, or (like Bill does above) once a message has
>> been accepted by any of the mail servers for your domain, it should
>> never be bounced back to the (probably forged) mail address in the
>> headers because the recipient doesn't exist. Bouncing for other
>> reasons,
>> (like eg. mailbox over quota) does not generally add to the overall
>> spam
>> load. Normally a very simple site with just one server will get that
>> right,
>> but a more complex site with several MXes and various SMTP routers etc=
=2E
>> internally will frequently not.
>>
>> Cheers,
>>
>> Matthew
>>
>> --
>> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
>> Flat 3
>> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
>> Kent, CT11 9PW
>=20
> Thanks...
>=20
> i have problem with SPF record in dns , because i have serveral mobile
> users and off site users
> that use SMTP provide by internet provider. and i cant list it one by
> one in spf record. :(

The usual solution to that is to set up authentication on your mail
server and require your mobile users to submit new messages via that
machine.  Most mail clients are capable of dealing with several mail=20
accounts with different SMTP server fairly readily.

Enabling SASL in the stock system sendmail under FreeBSD is also fairly
simple and described in the handbook.  Works for me -- I'm writing this a=
t=20
work and sending it through my home mail server.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       Flat 3
                                                      7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW, UK


--------------enig32ADB489C07064BB73982AA8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFiQpD3jDkPpsZ+VYRA3WQAJ4palHf3wNyqpPreYFaKbSELfYXgACePuXI
QqBEW8wPgxswZ4/bat+B2m8=
=2GRF
-----END PGP SIGNATURE-----

--------------enig32ADB489C07064BB73982AA8--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45890A3D.60107>