Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

Unknown user bounces to wrong address

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


werner at sigtrans

Sep 17, 2007, 1:21 AM

Post #1 of 7 (5521 views)
Permalink
Unknown user bounces to wrong address
Hello,

Lately I noticed that my server delivers spam through bouncing a
non-deliverable email to the wrong address. Below I past once such example.
The problem as I see it is that my mailserver behaves properly but the
spammer doesn't (since it reports the wrong return-path).

That being as it is, is it possible to get rid of these messages by stopping
this kind of bounces. I have spamassasin installed, but that works on a per
user level (through procmail), so the mailqueues themselves don't look at the
spam content. In other words, I don't want to start checking spam content at
the queue level, but I would prefer not to bounce this kind of email messages
to the wrong host.

Is it possible to for instance create a solution where emails that would
bounce are delivered to a catch-all account. Then we can either manually
deliver the email to the proper person, or ignore it (our mailserver is not
that high in volume nor persons so this is certainly a feasible option).

With kind regards,

Werner,-


--
Hi. This is the qmail-send program at sigtrans.org.
I tried to deliver a bounce message to this address, but the bounce bounced!

<axdgfbbgtj [at] bobkleinphoto>:
208.65.30.84 does not like recipient.
Remote host said: 550 5.1.1 <axdgfbbgtj [at] bobkleinphoto>: Recipient address
rejected: undeliverable address: host mail.bobkleinphoto.com[208.65.30.91]
said: 550 5.1.1 <axdgfbbgtj [at] bobkleinphoto>: Recipient address rejected:
User unknown in virtual alias table (in reply to RCPT TO command)
Giving up on 208.65.30.84.

--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 4629 invoked for bounce); 13 Sep 2007 11:26:27 +0200
Date: 13 Sep 2007 11:26:27 +0200
From: MAILER-DAEMON [at] sigtrans
To: axdgfbbgtj [at] bobkleinphoto
Subject: failure notice

Hi. This is the qmail-send program at sigtrans.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<200708012146.32137.werner [at] yellowcouch>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.
Return-Path: <axdgfbbgtj [at] bobkleinphoto>
Received: (qmail 4627 invoked from network); 13 Sep 2007 11:26:26 +0200
Received: from 170-dzi-21.acn.waw.pl (85.222.20.170)
by sigtrans.org with SMTP; 13 Sep 2007 11:26:26 +0200
Received: from [85.222.20.170] by mx01.sublimemail.com; Thu, 13 Sep 2007
10:30:40 +0100
Message-ID: <01c7f5e8$bfced710$aa14de55 [at] axdgfbbgt>
From: "Vicky Waddell" <axdgfbbgtj [at] bobkleinphoto>
To: <200708012146.32137.werner [at] yellowcouch>
Subject: The Cheapest Pharmacy
Date: Thu, 13 Sep 2007 10:30:40 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C7F5E8.BFCED710"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2173.0

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C7F5E8.BFCED710
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<<Some craapy spam here>>
------=_NextPart_000_0007_01C7F5E8.BFCED710--


--
Dr. Werner Van Belle
http://werner.sigtrans.org/


freetown at gmail

Sep 17, 2007, 1:54 AM

Post #2 of 7 (5382 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
Top posting because it is just simply.

Return-Path: <axdgfbbgtj [at] bobkleinphoto>
to
<200708012146.32137.werner [at] yellowcouch>

Bounce to <axdgfbbgtj [at] bobkleinphoto> which then double bounces.

I do not see anything wrong with it at all.

On 9/17/07, Werner Van Belle <werner [at] sigtrans> wrote:
> Hello,
>
> Lately I noticed that my server delivers spam through bouncing a
> non-deliverable email to the wrong address. Below I past once such example.
> The problem as I see it is that my mailserver behaves properly but the
> spammer doesn't (since it reports the wrong return-path).
>
> That being as it is, is it possible to get rid of these messages by stopping
> this kind of bounces. I have spamassasin installed, but that works on a per
> user level (through procmail), so the mailqueues themselves don't look at the
> spam content. In other words, I don't want to start checking spam content at
> the queue level, but I would prefer not to bounce this kind of email messages
> to the wrong host.
>
> Is it possible to for instance create a solution where emails that would
> bounce are delivered to a catch-all account. Then we can either manually
> deliver the email to the proper person, or ignore it (our mailserver is not
> that high in volume nor persons so this is certainly a feasible option).
>
> With kind regards,
>
> Werner,-
>
>
> --
> Hi. This is the qmail-send program at sigtrans.org.
> I tried to deliver a bounce message to this address, but the bounce bounced!
>
> <axdgfbbgtj [at] bobkleinphoto>:
> 208.65.30.84 does not like recipient.
> Remote host said: 550 5.1.1 <axdgfbbgtj [at] bobkleinphoto>: Recipient address
> rejected: undeliverable address: host mail.bobkleinphoto.com[208.65.30.91]
> said: 550 5.1.1 <axdgfbbgtj [at] bobkleinphoto>: Recipient address rejected:
> User unknown in virtual alias table (in reply to RCPT TO command)
> Giving up on 208.65.30.84.
>
> --- Below this line is the original bounce.
> Return-Path: <>
> Received: (qmail 4629 invoked for bounce); 13 Sep 2007 11:26:27 +0200
> Date: 13 Sep 2007 11:26:27 +0200
> From: MAILER-DAEMON [at] sigtrans
> To: axdgfbbgtj [at] bobkleinphoto
> Subject: failure notice
>
> Hi. This is the qmail-send program at sigtrans.org.
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <200708012146.32137.werner [at] yellowcouch>:
> Sorry, no mailbox here by that name. (#5.1.1)
>
> --- Below this line is a copy of the message.
> Return-Path: <axdgfbbgtj [at] bobkleinphoto>
> Received: (qmail 4627 invoked from network); 13 Sep 2007 11:26:26 +0200
> Received: from 170-dzi-21.acn.waw.pl (85.222.20.170)
> by sigtrans.org with SMTP; 13 Sep 2007 11:26:26 +0200
> Received: from [85.222.20.170] by mx01.sublimemail.com; Thu, 13 Sep 2007
> 10:30:40 +0100
> Message-ID: <01c7f5e8$bfced710$aa14de55 [at] axdgfbbgt>
> From: "Vicky Waddell" <axdgfbbgtj [at] bobkleinphoto>
> To: <200708012146.32137.werner [at] yellowcouch>
> Subject: The Cheapest Pharmacy
> Date: Thu, 13 Sep 2007 10:30:40 +0100
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0007_01C7F5E8.BFCED710"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 4.71.2173.0
> X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2173.0
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0007_01C7F5E8.BFCED710
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> <<Some craapy spam here>>
> ------=_NextPart_000_0007_01C7F5E8.BFCED710--
>
>
> --
> Dr. Werner Van Belle
> http://werner.sigtrans.org/
>


hanche at math

Sep 17, 2007, 2:11 AM

Post #3 of 7 (5384 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
+ Werner Van Belle <werner [at] sigtrans>:

> Is it possible to for instance create a solution where emails that
> would bounce are delivered to a catch-all account.

Sure thing. Just create ~alias/.qmail-default with suitable delivery
instructions.

> Then we can either manually deliver the email to the proper person,
> or ignore it (our mailserver is not that high in volume nor persons
> so this is certainly a feasible option).

I suspect you may not find it so feasible in the long run, but by all
means go ahead and try it. You may wish to be able to actually create
a proper bounce message from time to time, when you receive non-spam
messages for someone nonexistent at your site. Figuring out how to do
that without qmail's assistance is not an impossible task, but will
require a bit of thought.

- Harald


werner at sigtrans

Sep 17, 2007, 2:27 AM

Post #4 of 7 (5393 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
On Monday 17 September 2007 10:54:20 Giles Turner wrote:
> Top posting because it is just simply.
>
> Return-Path: <axdgfbbgtj [at] bobkleinphoto>
> to
> <200708012146.32137.werner [at] yellowcouch>
>
> Bounce to <axdgfbbgtj [at] bobkleinphoto> which then double bounces.
>
> I do not see anything wrong with it at all.

The sender of the message was mx01.sublimemail.com, which stated a return-path
that didn't exist. This is not a problem for a double-bounce, but it is a
problem if the return-path suddenly exists. In that case, our mailserver is
used to delivery spam. Some of the emails were actually delivered to people
and looked as they came from ebay, thereby claiming that some payement is
overdue. The spam-receiver then sees an email: mail undeliverable, below is
the content and the content seems something important regarding lawsuits and
disputes etc. Okay, you might think it is stupid to fall for these things,
but I really don't want to participate in delivering this kind of fake
failed-deliveries.

Bottomline is that I don't want to end in court with somebody simply because
my server is used as a middleman here.

With kind regards,

--
Dr. Werner Van Belle
http://werner.sigtrans.org/


hanche at math

Sep 17, 2007, 2:45 AM

Post #5 of 7 (5395 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
+ Werner Van Belle <werner [at] sigtrans>:

> Bottomline is that I don't want to end in court with somebody simply
> because my server is used as a middleman here.

I understand your concern, but I wonder: Has anybody ever been dragged
to court because their mail server implemented standard properly? If
it ever happens, then not only you, but the whole email infrastructure
of the entire Internet is at risk.

I also suspect that you may put yourself at risk once you start taking
measures to avoid this problem: If you try to filter out bounce spam
and one slips through, you might be considered to be at fault for lack
of diligence.

All the disclaimers apply triply here, of course, I am not a lawyer
and so fort and so on, and I am definitely not qualified to give legal
advice. Which doesn't stop me from having opinions on legal matters,
but that is all it is: Opinions. Nothing is as dangerous as a little
knowledge, it is said.

- Harald


jms1 at jms1

Sep 17, 2007, 9:00 AM

Post #6 of 7 (5390 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
On 2007-09-17, at 0421, Werner Van Belle wrote:
>
> Lately I noticed that my server delivers spam through bouncing a
> non-deliverable email to the wrong address. Below I past once such
> example.
> The problem as I see it is that my mailserver behaves properly but the
> spammer doesn't (since it reports the wrong return-path).

the problem is that qmail accepted the original message, because it
only verifies the "domain" portion of the recipient addresses.

there are several patches out there which modify qmail-smtpd to check
the "userid" portion of the recipient address as well. the most
popular one, for people who also use vpopmail, is called CHKUSER.

http://www.interazioni.it/opensource/chkuser/

i have also written one, which doesn't require vpopmail, but does
require you to create a .cdb file whose keys are every valid email
address on your server. (yes, addresses with "-default@" are handled
correctly.)

http://qmail.jms1.net/patches/validrcptto.cdb.shtml

but if qmail doesn't accept the message in the first place, you don't
have to worry about whether or not a bounce message can be delivered,
because you won't be generating bounce messages.

CHKUSER is nice because when somebody adds a mailbox or changes their
password, qmail-smtpd immediately "knows" about it. however, it
requires vpopmail, it only works with vpopmail mailboxes, it must run
on the same machine with the mailboxes (at least that's what i've
gotten from the documentation), and it requires you to re-compile
qmail whenever a new version of vpopmail is released.

my patch works with any kind of mailbox management, and it can work
on "mailhubs" which pre-scan the incoming messages for viruses and
spam before handing them to a dedicated mailbox server. however, it
requires you to build and update the .cdb file- and while i have
written some scripts to automate the process, they are not the most
intuitive things in the world.

obviously, i'm slightly biased toward my own patch, but take some
time and read about both of them- and i'm sure others on the list can
provide the URLs for any other patches which are out there. each one
has its own strengths and weaknesses. there are users of both patches
here on the list, so ask questions of people who are already using
them... and make an informed decision as to what's going to work best
for your server.

and if you do end up using my patch, i would also direct your
attention to my combined patch, which includes the validrcptto.cdb
patch, along with several other nice features, including the ability
to use a .cdb file to validate SMTP AUTH commands.

http://qmail.jms1.net/patches/combined.shtml
http://qmail.jms1.net/patches/authcdb.shtml (page almost finished)

----------------------------------------------------------------
| John M. Simpson --- KG4ZOW --- Programmer At Large |
| http://www.jms1.net/ <jms1 [at] jms1> |
----------------------------------------------------------------
| http://video.google.com/videoplay?docid=-1656880303867390173 |
----------------------------------------------------------------
Attachments: PGP.sig (0.18 KB)


jhq at osb

Sep 17, 2007, 4:42 PM

Post #7 of 7 (5386 views)
Permalink
Re: Unknown user bounces to wrong address [In reply to]
Hello Werner,

> Lately I noticed that my server delivers spam through bouncing a
> non-deliverable email to the wrong address. Below I past once such example.
> The problem as I see it is that my mailserver behaves properly but the
> spammer doesn't (since it reports the wrong return-path).

As for one kind of spam e-mails, there is a solution.
Some of spam e-mails are sent to non-existent e-mail address on your
domain , i.e. even if you don't create:
info [at] yourdomain
you will receive spam e-mails to:
info [at] yourdomain
just because info@... is allocated on most domains.
In this case, plain (non-patched) qmail tries to send the bounce e-mail
to its return path, saying that:
info [at] yourdomain
does not exist.
The bad thing is that the return path of spam e-mail is fake, regardless
if it really exists or not.
If the return path exists somewhere in the world, the owner of the
return path will surprise ... i.e. I don't send this e-mail to:
info [at] yourdomain
and get angry.
As for the e-mails to non-existent e-mail address, the bounce e-mail
should not be sent to its return path.
We would be happy if qmail says:
"553 sorry, no mailbox here by that name. (#5.1.1)"
for the e-mail to the non-existence e-mail address, and terminates the
SMTP session soon without reading the contents of e-mail.
And we can ... there are some patches for it:
http://qmail.jms1.net/patches/validrcptto.cdb.shtml
http://www.fehcom.de/qmail/spamcontrol.html

Jun Inamori

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.