Drop mail with failed RCPT TO bounce.

[unruh]

I have machine A act as a mail forwarder to machine B. I get spam sent
to machine B, which has obviously been harvested from my netnews
postings, where the user does not exist on machine B. This produces an
attempt by A to send back to the sender a bounce message. Since the
spammer has no desire to see those, all email back to sender bounces as
well, filling up the delivery queue on A of such bounced mail
How do I tell A to throw away any such bounced mail?

Running mandriva 9, with postfix. Here is a mailq message of one of
these bounced bits of mail

4F7AAE81C7 93970 Mon Nov 28 05:46:31 em...@yeastar.biz
(host 24.82.146.42[24.82.146.42] said: 450 4.1.1
<slrnj4kuk0...@wormhat.physics.ubc.ca>: Recipient address
rejected: User unknown in local recipient table (in reply to RCPT TO
command))
slrnj4kuk0...@wormhat.phy

[unruh]

On 2011-11-28, Dave <noone$$@llondel.org> wrote:

> If you're doing proper rejection at the initial transaction rather than
> accepting the message and generating a fake bounce, there is no problem
> because I think most spammers just drop rejects on the floor. This is based
> on rejecting spam mail apparently from a valid user and never seeing an
> attempt to deliver that mail to the user concerned.

No, the problem is that machine A gets the email and forwards it to B. B
rejects it, generating a rejection notice which goes to A, who tries to
deliver it to the spammer. But the spammer does not accept the message,
and it thus sits in the queue on A which tries for a few days to deliver
the rejection message until it times out. In the meantime the mail queue
is overfull of junk.
Since it can also fill up if there is some problem on the mailer on
maching A, I have it report to me when the queue gets full, adn thus get
a bunch of messages telling me that the queue is full -- of those junk
messages.

>

[J.O. Aho]

As far I can see from your example, it should have been filtered at site A (if
you aren't running a spam filter on site A, install one or fine tune your spam
filter at site A).
If your filtering works well on site A, then there will be less spam coming to
site B and those it will reject less mail and those site A won't have to try
to give a delayed reject to the "sending" server which will of course reject
none existing users.

> In the meantime the mail queue
> is overfull of junk.
> Since it can also fill up if there is some problem on the mailer on
> maching A, I have it report to me when the queue gets full, adn thus get
> a bunch of messages telling me that the queue is full -- of those junk
> messages.

You could always use postsuper to delete mail, there are a number of scripts
which would make it simple to delete mails in the queue.

http://jwcub.wordpress.com/2006/01/20/bulk-delete-from-postfix-queue/

just delete everything to mailer-daemon or what your system is configured to
use to tell about failed deliveries.

Run it every 10 minutes or what ever, and you shouldn't have too much problem
with queues growing over proportion.

--

//Aho

[Richard Kettlewell]

unruh <un...@invalid.ca> writes:
> I have machine A act as a mail forwarder to machine B. I get spam sent
> to machine B, which has obviously been harvested from my netnews
> postings, where the user does not exist on machine B. This produces an
> attempt by A to send back to the sender a bounce message. Since the
> spammer has no desire to see those, all email back to sender bounces as
> well, filling up the delivery queue on A of such bounced mail
> How do I tell A to throw away any such bounced mail?

My inbound email takes a similar path. My upstream (machine A in your
terms) has their Exim perform "call-forwards" to my system (machine B)
to verify local parts, allowing it to reject invalid recipients
immediately rather than trying to forward them to me and then being left
holding a potentially undeliverable bounce.

I'm afraid I don't know if Postfix can be configured to do the same.

--
http://www.greenend.org.uk/rjk/

[The Natural Philosopher]

unruh wrote:
> I have machine A act as a mail forwarder to machine B. I get spam sent
> to machine B, which has obviously been harvested from my netnews
> postings, where the user does not exist on machine B. This produces an
> attempt by A to send back to the sender a bounce message. Since the
> spammer has no desire to see those, all email back to sender bounces as
> well, filling up the delivery queue on A of such bounced mail
> How do I tell A to throw away any such bounced mail?
>

two approaches.

- Bin anything from 'mailer daemon TO ' 'postmaster'

- Don't bounce spam ever. In the first place. Silently discard it.

[The Natural Philosopher]

why is A accepting spam in the first place?


>

[unruh]

Would be nice. HOw do I do that? (postfix)

Remember that it is the username that is invalid.

[The Natural Philosopher]

There are many and various options: ONE of the most powerful is to only
relay mail from trusted sites - so you reject based on incoming IP
address, ANOTHER is to set up a secure relay that uses SMTP authentication.

Most ISP relays use one or other of these techniques.

That stops you being used as an outbound relay. Insofar as incoming crap
to non existent uses goes, just reject it as you already do. Its not
YOUR problem if an upstream site then generates bounce messages,. The
problem is with that upstream site. That's where you fix it.

[unruh]

Since I control that upstream site (machine A) how do I prevent it from
generating bounce messages. It is being rejected by machine B. I am not
sure if it machine B or A that is generating those bounce messages, but
I would like it to stop. Does anyone have any idea how I can stop it
generating bounce messages?
I cannot just relay messages from trusted sites, since some of my users
on B get mail from all over the place.


>

[The Natural Philosopher]

Reject it at machine A. I don't see WHY you have machine A as an open
relay in the first place.

I am not
> sure if it machine B or A that is generating those bounce messages,

What will happen is that machine A gets what it thinks is valid mail,.
tries to relay it to be. gets refused, and then sends a bounce back to
the sender. Who presumably doesn't exist.

If the sender wasn't valid in the first place, then A should not be
accepting the mail.

but
> I would like it to stop. Does anyone have any idea how I can stop it
> generating bounce messages?
> I cannot just relay messages from trusted sites, since some of my users
> on B get mail from all over the place.

But never one assumes from unreachable senders.

You need to set up a test for unreachable senders

Thats possible on Postfix

http://www.postfix.org/ADDRESS_VERIFICATION_README.html

but I am not sure about Exim. Or sendmail

I must really get back into all this crap. I have to do a personal mail
server and relay sometime..



>
>

[unruh]

Machine A does not know what users are available on Machine B. And even
if I did, I do not know how to tell machine A to reject non-existant
users on machine B. Machine A has a relay to that one specific machine
B.

>
>
>
> I am not
>> sure if it machine B or A that is generating those bounce messages,
>
> What will happen is that machine A gets what it thinks is valid mail,.
> tries to relay it to be. gets refused, and then sends a bounce back to
> the sender. Who presumably doesn't exist.
>
> If the sender wasn't valid in the first place, then A should not be
> accepting the mail.

The sender host may well be valid. The problem is that that sender's
name may not be, and so the mail cannot get sent out.

>
>
>
> but
>> I would like it to stop. Does anyone have any idea how I can stop it
>> generating bounce messages?
>> I cannot just relay messages from trusted sites, since some of my users
>> on B get mail from all over the place.
>
> But never one assumes from unreachable senders.
>
> You need to set up a test for unreachable senders
>
> Thats possible on Postfix
>
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Thanks. That looks very helpful.

[David W. Hodgins]

On Tue, 29 Nov 2011 02:56:36 -0500, unruh <un...@invalid.ca> wrote:

> Would be nice. HOw do I do that? (postfix)
> Remember that it is the username that is invalid.

http://www.dontbouncespam.org/ has a good explanation of the
problem. There are two choices. Either ensure the relay has
a complete list of valid addresses, so it can reject messages
to invalid addresses, or have it start the relay so the downstream
server either accepts or rejects the message before sending
the accept or reject to the originating server.

See the links under the section "What can you do about it?".

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[unruh]

On 2011-11-29, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
> On Tue, 29 Nov 2011 02:56:36 -0500, unruh <un...@invalid.ca> wrote:
>
>> Would be nice. HOw do I do that? (postfix)
>> Remember that it is the username that is invalid.
>
> http://www.dontbouncespam.org/ has a good explanation of the
> problem. There are two choices. Either ensure the relay has
> a complete list of valid addresses, so it can reject messages
> to invalid addresses, or have it start the relay so the downstream
> server either accepts or rejects the message before sending
> the accept or reject to the originating server.

Well, how do I make sure that the relay has a complee list of valid
addesses (in particular has a list of all the valid usernames on machine
B so it can reject those it does not understand)?

>
> See the links under the section "What can you do about it?".

I cannot see the answer to the above question in there.

>
> Regards, Dave Hodgins
>

[The Natural Philosopher]

unruh wrote:
> On 2011-11-29, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
>> On Tue, 29 Nov 2011 02:56:36 -0500, unruh <un...@invalid.ca> wrote:
>>
>>> Would be nice. HOw do I do that? (postfix)
>>> Remember that it is the username that is invalid.
>> http://www.dontbouncespam.org/ has a good explanation of the
>> problem. There are two choices. Either ensure the relay has
>> a complete list of valid addresses, so it can reject messages
>> to invalid addresses, or have it start the relay so the downstream
>> server either accepts or rejects the message before sending
>> the accept or reject to the originating server.
>
> Well, how do I make sure that the relay has a complee list of valid
> addesses (in particular has a list of all the valid usernames on machine
> B so it can reject those it does not understand)?
>

it tries to send dummy messages to B, if they succeed it caches te
result in a database..

[Jasen Betts]

On 2011-11-28, unruh <un...@invalid.ca> wrote:
> On 2011-11-28, Dave <noone$$@llondel.org> wrote:
>
> No, the problem is that machine A gets the email and forwards it to B.

Have machine A ask machine B before accepting the mail.
the Exim documentation calls this a "RCPT Callout", I don't know what
the Postfix docs call it.


--
⚂⚃ 100% natural

--- Posted via news://freenews.netfront.net/ - Complaints to ne...@netfront.net ---

[J.O. Aho]

On 30/11/11 12:43, Jasen Betts wrote:
> On 2011-11-28, unruh <un...@invalid.ca> wrote:
>> On 2011-11-28, Dave <noone$$@llondel.org> wrote:
>>
>> No, the problem is that machine A gets the email and forwards it to B.
>
> Have machine A ask machine B before accepting the mail.
> the Exim documentation calls this a "RCPT Callout", I don't know what
> the Postfix docs call it.

Think they call it address verification, more infromation can be found
at http://www.postfix.org/ADDRESS_VERIFICATION_README.html

[Thomas Keusch]

On 2011-11-28, unruh <un...@invalid.ca> wrote:

> On 2011-11-28, Dave <noone$$@llondel.org> wrote:
>> unruh wrote:
>>
>>> I have machine A act as a mail forwarder to machine B. I get spam sent

[...]

>> If you're doing proper rejection at the initial transaction rather than
>> accepting the message and generating a fake bounce, there is no problem

[...]

> No, the problem is that machine A gets the email and forwards it to B. B
> rejects it, generating a rejection notice which goes to A, who tries to
> deliver it to the spammer. But the spammer does not accept the message,

No. The problem is exactly as Dave stated. If you're accepting mail
which you know will bounce, you're part of the spam problem. Don't have
A accept mail it cannot deliver.

F'Up2 comp.os.linux.misc

Best regards,
Thomas

[unruh]

I am sorry, but you are not being very helpful. I would gladly have A
not accept mail it cannot deliver. The question is how to set up A so it
will not accept mail it cannot deliver to B. The number of people on B
is not very large, but I have no idea how to get A to refuse to accept
mail which it cannot deliver to B.
In particular if you could please tell me exactly what lines to put into
/etc/postfix/master.cf and main.cf on A so that it will not accept mail
which it cannot deliver to B.
Thank you.

[J G Miller]

On Thursday, December 1st, 2011 at 05:40:58h +0000, Unruh complained:

> but I have no idea how to get A to refuse to accept
> mail which it cannot deliver to B.

Why did you not read the links that were provided for the answer to this
same question you asked at the beginning of November 2011?

Why do you keep repeating the same question and expect other
people to do your work for you?

<http://groups.google.com/group/alt.os.linux/browse_thread/thread/40cb2dc8b711db16>

On Tuesday, November 1st, 2011 at 22:08:32h +0000, Unruh wrote:
> My machine running postfix will, when it gets mail for a user who does
> not exist on the machine, bounce the mail.

Do you understand the difference between rejecting mail and bouncing mail messages?

<http://www.dontbouncespam.ORG/#BVR>

Your mailer will only be able to bounce a mail message if it first accepts it,
in the simplest case you should be rejecting non-deliverable mail.

<http://www.postfix.org/BACKSCATTER_README.html>

If you do not want to reject the mail but have it discarded then you need
to know that mail delivery with a Postfix system, unlike most other mailers,
consists of two parts -- the Postfix MTA and "local" the MDA.

What the Postfix system also allows is the configuration of a filter
between the Postfix MTA and local MDA, and it is here that you need to
setup a filter to discard or quarantine for further analysis external
e-mail messages bound for undeliverable local addresses.

<http://www.postfix.org/FILTER_README.html>

It is most disconcerting that you are running a mailer connected
to the Internet and have not consulted the readily available HOWTO
information for that mailer on its web site.