Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

How to stop this?

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


carnold at electrichendrix

Nov 6, 2009, 6:23 PM

Post #1 of 6 (210 views)
Permalink
How to stop this?
Hello list. Forgive me if this has been addressed before. I get email that
is addressed to a user that is not even a user on the mail server or domain.
We use zimbra 6 OSS which has builtin spamassassin and uses postfix. Here is
a copy of the headers (with specific stuff changed or cut out):
Return-Path: negro2078[at]hotmail.com
Received: from mail.server.com (LHLO mail.server.com)
(ip.of.server) by mail.server.com with LMTP; Fri, 6 Nov 2009
17:20:34 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
by mail.server.com (Postfix) with ESMTP id D732ABFF51
for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 17:20:33 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.server.com
X-Spam-Flag: NO
X-Spam-Score: 2.346
X-Spam-Level: **
X-Spam-Status: No, score=2.346 tagged_above=-10 required=6.6
tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001, URIBL_BLACK=1.955,
URIBL_OB_SURBL=1.5] autolearn=no
Received: from mail.server.com ([127.0.0.1])
by localhost ( mail.server.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id WTkUevQdagxY for <myemail[at]mail.server.com>;
Fri, 6 Nov 2009 17:20:29 -0500 (EST)
Received: from cdptpa-imtalb.mail.rr.com (cdptpa-imtalb.mail.rr.com
[75.180.132.34])
by mail.server.com (Postfix) with ESMTP id ED71CBFE1E
for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 17:20:28 -0500 (EST)
Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.82])
by cdptpa-imta07.mail.rr.com with ESMTP
id <20091106222028261.ETSN29511[at]cdptpa-imta07.mail.rr.com>
for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 22:20:28 +0000
X-TWC-Junkmail-Folder: true
X-Cloudmark-Score: 100
X-RR-Connecting-IP: 65.55.116.107
X-Authority-Analysis: v=1.0 c=0 p=-ecq8t7vAAAA:8 a=yxkcr7uzOwoA:10
Received: from [65.55.116.107] ([65.55.116.107:3802]
helo=blu0-omc3-s32.blu0.hotmail.com)
by cdptpa-iedge02.mail.rr.com (envelope-from <negro2078[at]hotmail.com>)
(ecelerity 2.2.2.39 r()) with ESMTP
id 9E/E5-02065-C21A4FA4; Fri, 06 Nov 2009 22:20:28 +0000
Received: from BLU145-W5 ([65.55.116.74]) by blu0-omc3-s32.blu0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 6 Nov 2009 14:20:25 -0800
Message-ID: <BLU145-W591D2343383238C3F8857B3AF0[at]phx.gbl>
Content-Type: multipart/alternative;
boundary="_32294ce2-9381-41a6-9a48-aef515301452_"
X-Originating-IP: [113.66.28.156]
From: =?iso-8859-1?B?QU5UT05JTyBKT1PJIGZsb3JlcyBjYXJtb25h?=
<negro2078[at]hotmail.com>
To: <carnold[at]braham.k12.mn.us>
Subject: RE # Business
Date: Fri, 6 Nov 2009 22:20:25 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 06 Nov 2009 22:20:25.0915 (UTC)
FILETIME=[56E0B8B0:01CA5F2F]

Is it possible to stop this?


evan at espphotography

Nov 6, 2009, 6:45 PM

Post #2 of 6 (197 views)
Permalink
Re: How to stop this? [In reply to]
At 06:23 PM 11/6/2009, you wrote:
>Hello list. Forgive me if this has been addressed before. I get
>email that is addressed to a user that is not even a user on the
>mail server or domain. We use zimbra 6 OSS which has builtin
>spamassassin and uses postfix. Here is a copy of the headers (with
>specific stuff changed or cut out):

Please don't post to the list in HTML.

Simple answer: If the e-mail truly is addressed to a user not on the
system, why are you accepting the mail?


carnold at electrichendrix

Nov 6, 2009, 7:49 PM

Post #3 of 6 (194 views)
Permalink
Re: How to stop this? [In reply to]
Sent from my iPhone

On Nov 6, 2009, at 9:45 PM, Evan Platt <evan[at]espphotography.com> wrote:

> At 06:23 PM 11/6/2009, you wrote:
>> Hello list. Forgive me if this has been addressed before. I get
>> email that is addressed to a user that is not even a user on the
>> mail server or domain. We use zimbra 6 OSS which has builtin
>> spamassassin and uses postfix. Here is a copy of the headers (with
>> specific stuff changed or cut out):
>
> Please don't post to the list in HTML.
Sorry about the HTML
>
> Simple answer: If the e-mail truly is addressed to a user not on the
> system, why are you accepting the mail?
Isn't that my question? Sounds like you are answering my question with
my question.
>


jrudd at ucsc

Nov 6, 2009, 7:59 PM

Post #4 of 6 (194 views)
Permalink
Re: How to stop this? [In reply to]
On Fri, Nov 6, 2009 at 19:49, Chris Arnold <carnold[at]electrichendrix.com> wrote:
>
>> Simple answer: If the e-mail truly is addressed to a user not on the
>> system, why are you accepting the mail?
>
> Isn't that my question? Sounds like you are answering my question with my
> question.

Perhaps, but "not accepting the mail" is an MTA issue, not an
SpamAssassin issue.

You need to configure Zimbra not to accept email for non-existent
users. That's a question for the Zimbra folks, not the SpamAssassin
folks.


carnold at electrichendrix

Nov 6, 2009, 8:09 PM

Post #5 of 6 (194 views)
Permalink
Re: How to stop this? [In reply to]
Sent from my iPhone

On Nov 6, 2009, at 10:59 PM, John Rudd <jrudd[at]ucsc.edu> wrote:

> On Fri, Nov 6, 2009 at 19:49, Chris Arnold <carnold[at]electrichendrix.com
> > wrote:
>>
>>> Simple answer: If the e-mail truly is addressed to a user not on the
>>> system, why are you accepting the mail?
>>
>> Isn't that my question? Sounds like you are answering my question
>> with my
>> question.
>
> Perhaps, but "not accepting the mail" is an MTA issue, not an
> SpamAssassin issue.
>
> You need to configure Zimbra not to accept email for non-existent
> users. That's a question for the Zimbra folks, not the SpamAssassin
> folks.
I see. Thank you.


dbfunk at engineering

Nov 7, 2009, 12:35 PM

Post #6 of 6 (172 views)
Permalink
Re: How to stop this? [In reply to]
Chris,
Do you understand that email has two different sets of recipient (To)
addresses?
One is the in the header "To:" (in your example
"To: <carnold[at]braham.k12.mn.us>") the other is called the envelope
recipient which shows up in your mail server logs and -may- also
be embedded in the "Received:" headers (in your example its the
"for <myemail[at]mail.server.com>;" bit).

The header "To:" address is just window dressing, does not play any part
in SMTP mail routing, and could be almost anything.

The envelope recipient is used during the SMTP transactions and controls
the mail routing and delivery. It -must- correspond to a valid
user or recipient on your mail system. Most correctly configured MTA
systems will only let a message in the front-door if it contains a valid
envelope recipient address.

If that address "myemail[at]mail.server.com" does not correspond to a valid
recipient on your mail system then you need to look into the zimbra
(postifx) configuration to see how to fix that.

If your concern is that that "To:" address does not correspond to a valid
recipient on your system then you're misunderstanding how email works.
Please search the archives of this list for a long-winded thread on
exactly this issue (header "To" not matching envelope recipient).

Dave

On Fri, 6 Nov 2009, Chris Arnold wrote:

> Hello list. Forgive me if this has been addressed before. I get email that
> is addressed to a user that is not even a user on the mail server or domain.
> We use zimbra 6 OSS which has builtin spamassassin and uses postfix. Here is
> a copy of the headers (with specific stuff changed or cut out):
>
> Return-Path: negro2078[at]hotmail.com
> Received: from mail.server.com (LHLO mail.server.com)
> (ip.of.server) by mail.server.com with LMTP; Fri, 6 Nov 2009
> 17:20:34 -0500 (EST)
> Received: from localhost (localhost [127.0.0.1])
> by mail.server.com (Postfix) with ESMTP id D732ABFF51
> for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 17:20:33 -0500 (EST)
> X-Virus-Scanned: amavisd-new at mail.server.com
> X-Spam-Flag: NO
> X-Spam-Score: 2.346
> X-Spam-Level: **
> X-Spam-Status: No, score=2.346 tagged_above=-10 required=6.6
> tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001, URIBL_BLACK=1.955,
> URIBL_OB_SURBL=1.5] autolearn=no
> Received: from mail.server.com ([127.0.0.1])
> by localhost ( mail.server.com [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id WTkUevQdagxY for <myemail[at]mail.server.com>;
> Fri, 6 Nov 2009 17:20:29 -0500 (EST)
> Received: from cdptpa-imtalb.mail.rr.com (cdptpa-imtalb.mail.rr.com
> [75.180.132.34])
> by mail.server.com (Postfix) with ESMTP id ED71CBFE1E
> for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 17:20:28 -0500 (EST)
> Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.82])
> by cdptpa-imta07.mail.rr.com with ESMTP
> id <20091106222028261.ETSN29511[at]cdptpa-imta07.mail.rr.com>
> for <myemail[at]mail.server.com>; Fri, 6 Nov 2009 22:20:28 +0000
[snip..]
> X-Originating-IP: [113.66.28.156]
> From: =?iso-8859-1?B?QU5UT05JTyBKT1PJIGZsb3JlcyBjYXJtb25h?=
> <negro2078[at]hotmail.com>
> To: <carnold[at]braham.k12.mn.us>
> Subject: RE # Business
> Date: Fri, 6 Nov 2009 22:20:25 +0000
>
> Is it possible to stop this?

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.