From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 13:10:39 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6AE5116A403 for ; Wed, 20 Dec 2006 13:10:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id F33C843CAE for ; Wed, 20 Dec 2006 13:10:14 +0000 (GMT) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with ESMTP id XAA11968; Wed, 20 Dec 2006 23:58:31 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 20 Dec 2006 23:58:30 +1100 (EST) From: Ian Smith To: Beastie MRA In-Reply-To: <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Cc: bv@wjv.com, freebsd-questions@freebsd.org Subject: Re: undeliverable mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 13:10:39 -0000 On Wed, 20 Dec 2006, Beastie MRA wrote: > On Dec 20, 2006 10:31 AM, Bill Vermillion wrote: > > >It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with > >doors labeled "Dungeon" and "Forbidden". There is noise, the door > >marked Dungeon flies open and Beastie MRA SHOUTS: > > > >>Dear All. > >> > >>For past few days, my MX receive thousand of undeliverable message > >>destinated for my non existent user at my domain. This happens when you run a mailserver, however big or small, and will keep on happening as long as email mark 1 keeps running; kids, crooks and scammers learn how to assemble kit robots; and M$ rules the waves. > >>This message source come from valid and well configured (almost) smtp > >>server on internet. If it's from a persistent single source, or a class of IPs on a single network or ISP, a polite but well documented message to the responsible contact address for the domain or IP address block often still works. dig, and (e.g) dnsstuff.com or other whois frontends are handy friends. > >>I'ts waste my internet b/w, cause my MX will reject with non existent > >>user message. Always to the same non-user, or a range of them? You'll see both types. > >>I'll try spamd on my firewall and greylist on my MX (postfix), but > >>still > >>no effective, and i cannot block undeliverable > >>message as RFC rules You can block anything you find a nuisance, and sometimes have to. If you can't do it with the mailserver and the RP for the domain won't or can't help, use your firewall. No RFC prohibits you from protecting yourself or the network you're responsible for. 'ipfw add 1 deny tcp from $badmx to any 25 in recv $oif setup' is my mantra for short term blocks .. if still happening after a few days, they may get promoted to a higher rule number, else deleted. Automatic tools are great, but so are logs, tcpdump and your favourite firewall .. But I doubt we get 260,000 messages a year here, so listen to Bill :) > >>Is there any way i can fix this ? > >>Please help > > > >I use the virtusertable in sendmail, and I have my valid addresses, > >such as bv@wjv.com bv and then for after that is > >a line of @wjv.com nouser. > > > >And nouser is defined in aliases as nouser: /dev/null > > > >On one of the mail servers I maintain I just checked and I > >had 260,000+ messages routed to "*file*" in the maillog - which > >shows up as mailer=*file* in the logs. That maillog rotates > >every night at midnight. > > > >Is not really a freebsd-net problem so I removed that from the > >reply to line. Me too. > >Bill > > > >-- > >Bill Vermillion - bv @ wjv . com > > ThanksĀ  for response... > > but this virtusertable will not stop SMTP server in internet to keep > send you undeliverable message. No, but delivery ends with the User Unknown response; you get no body. > I assume someone doing nasty with forged and use my domain email to send > his spam message to non existing user. You get that. Lots. But it's nearly all millions of rooted windows boxes doing their zombie@home dance; don't take it too personally :) > and i got undeliverable message. Sorry, do you mean a message in your maillog, or you're actually getting phony bounce messages mailed to your address? You get that too .. Cheers, Ian > Is there any clue ?? > Oh.. i forget to mention i use 4.11-STABLE for my MX > > regards > Reza