Date: Wed, 20 Dec 2006 15:38:00 +0700 (WIT) From: Beastie MRA <beastie@mra.co.id> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: bv@wjv.com, freebsd-questions@freebsd.org Subject: Re: undeliverable mail Message-ID: <13738411.2021166603880825.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> In-Reply-To: <4588DF80.2090008@infracaninophile.co.uk> References: <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <20061220033159.GA70898@wjv.com> <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <4588DF80.2090008@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 20, 2006 02:00 PM, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: >Beastie MRA wrote: >>On Dec 20, 2006 10:31 AM, Bill Vermillion <bv@wjv.com> wrote: >> >>>It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with >>>doors labeled "Dungeon" and "Forbidden". There is noise, the door >>>marked Dungeon flies open and Beastie MRA SHOUTS: >>> >>>>Dear All. >>>> >>>>For past few days, my MX receive thousand of undeliverable message >>>>destinated for my non existent user at my domain. >>>>This message source come from valid and well configured (almost) >>>>smtp >>>>server on internet. >>>>I'ts waste my internet b/w, cause my MX will reject with non >>>>existent >>>>user message. >>>>I'll try spamd on my firewall and greylist on my MX (postfix), but >>>>still >>>>no effective, and i cannot block undeliverable >>>>message as RFC rules >>>> >>>>Is there any way i can fix this ? >>>>Please help >>>I use the virtusertable in sendmail, and I have my valid addresses, >>>such as bv@wjv.com bv and then for after that is >>>a line of @wjv.com nouser. >>> >>>And nouser is defined in aliases as nouser: /dev/null >>> >>>On one of the mail servers I maintain I just checked and I >>>had 260,000+ messages routed to "*file*" in the maillog - which >>>shows up as mailer=*file* in the logs. That maillog rotates >>>every night at midnight. >>> >>>Is not really a freebsd-net problem so I removed that from the >>>reply to line. >>> >>>Bill >>> >>>-- >>>Bill Vermillion - bv @ wjv . com >> >>Thanks for response... >> >>but this virtusertable will not stop SMTP server in internet to keep >>send you undeliverable message. >>I assume someone doing nasty with forged and use my domain email to >>send >>his spam message to non existing user. >>and i got undeliverable message. >>Is there any clue ?? >>Oh.. i forget to mention i use 4.11-STABLE for my MX > >Hmmm... SPF records are a good tool against this sort of thing. >Perhaps if you change from: > >mra.co.id. "v=spf1 mx " > >to > >mra.co.id. "v=spf1 mx -all" > >That means that SPF compliant mail servers should refuse to accept >messages (ie. a hard fail) from any machine other than the MXes for >mra.co.id See http://www.openspf.org/SPF_Record_Syntax for the full >story on SPF records. > >It's not a 100% solution and it will take the spammers some time to >realise that forging your address in their e-mails is much less >effective. On the positive side, it will mean that many mailservers >reject the incoming spam during the SMTP dialog so you'll get fewer >bounce messages. > >This problem exposes an architectural flaw in many e-mail server >setups. Either all of the MXes for a domain have to be able to verify >addresses on incoming e-mails and reject any non-existent destinations >during the SMTP dialog, or (like Bill does above) once a message has >been accepted by any of the mail servers for your domain, it should >never be bounced back to the (probably forged) mail address in the >headers because the recipient doesn't exist. Bouncing for other >reasons, >(like eg. mailbox over quota) does not generally add to the overall >spam >load. Normally a very simple site with just one server will get that >right, >but a more complex site with several MXes and various SMTP routers etc. >internally will frequently not. > >Cheers, > >Matthew > >-- >Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >Flat 3 >PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >Kent, CT11 9PW Thanks... i have problem with SPF record in dns , because i have serveral mobile users and off site users that use SMTP provide by internet provider. and i cant list it one by one in spf record. :( regards Reza
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13738411.2021166603880825.OPEN-XCHANGE.WebMail.www>