undeliverable mail

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Dec 19 23:17:16 PST 2006 

Beastie MRA wrote:
> On Dec 20, 2006 10:31 AM, Bill Vermillion <bv at wjv.com> wrote:
> 
>> It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with
>> doors labeled "Dungeon" and "Forbidden". There is noise, the door
>> marked Dungeon flies open and Beastie MRA SHOUTS:
>>
>>> Dear All.
>>>
>>> For past few days, my MX receive thousand of undeliverable message
>>> destinated for my non existent user at my domain.
>>> This message source come from valid and well configured (almost) smtp
>>> server on internet.
>>> I'ts waste my internet b/w, cause my MX will reject with non existent
>>> user message.
>>> I'll try spamd on my firewall and greylist on my MX (postfix), but
>>> still
>>> no effective, and i cannot block undeliverable
>>> message as RFC rules
>>>
>>> Is there any way i can fix this ?
>>> Please help
>> I use the virtusertable in sendmail, and I have my valid addresses,
>> such as bv at wjv.com bv and then for after that is
>> a line of @wjv.com nouser.
>>
>> And nouser is defined in aliases as nouser: /dev/null
>>
>> On one of the mail servers I maintain I just checked and I
>> had 260,000+ messages routed to "*file*" in the maillog - which
>> shows up as mailer=*file* in the logs. That maillog rotates
>> every night at midnight.
>>
>> Is not really a freebsd-net problem so I removed that from the
>> reply to line.
>>
>> Bill
>>
>> --
>> Bill Vermillion - bv @ wjv . com
> 
> Thanks  for response...
> 
> but this virtusertable will not stop SMTP server in internet to keep
> send you undeliverable message.
> I assume someone doing nasty with forged and use my domain email to send
> his spam message to non existing user.
> and i got undeliverable message.
> Is there any clue ??
> Oh.. i forget to mention i use 4.11-STABLE for my MX

Hmmm... SPF records are a good tool against this sort of thing.
Perhaps if you change from:

mra.co.id.       "v=spf1 mx "

to

mra.co.id.       "v=spf1 mx -all"

That means that SPF compliant mail servers should refuse to accept
messages (ie. a hard fail) from any machine other than the MXes for
mra.co.id  See http://www.openspf.org/SPF_Record_Syntax for the full
story on SPF records.

It's not a 100% solution and it will take the spammers some time to
realise that forging your address in their e-mails is much less
effective.  On the positive side, it will mean that many mailservers
reject the incoming spam during the SMTP dialog so you'll get fewer
bounce messages.

This problem exposes an architectural flaw in many e-mail server
setups.  Either all of the MXes for a domain have to be able to verify
addresses on incoming e-mails and reject any non-existent destinations
during the SMTP dialog, or (like Bill does above) once a message has
been accepted by any of the mail servers for your domain, it should
never be bounced back to the (probably forged) mail address in the
headers because the recipient doesn't exist.  Bouncing for other reasons,
(like eg. mailbox over quota) does not generally add to the overall spam
load.  Normally a very simple site with just one server will get that right,
but a more complex site with several MXes and various SMTP routers etc.
internally will frequently not.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061220/3e4875d5/signature.pgp

More information about the freebsd-questions mailing list