Koozali.org formerly Contribs.org

Bulk bogus email addresses - solutions?

aaron

Bulk bogus email addresses - solutions?
« on: May 09, 2006, 12:08:08 AM »
What are folks doing about the growing nuisance of virus/spam mail delivered to non-existent email addresses?

I've given up sending '"invalid recipient" notifications back as 99% end up as undelivable due to spoofed sender addresses but the volume that now lands in the admin mailbox is ugly.

I have an E-Smith/SME set up as a gateway scanner and the thing is on fire from all the virus & spam processing cycles yet >80% of the traffic is crap going to invalid users - a total waste of resources that should be preventable.

Is there a solution, preferably SME-based, that others have successfully employed to only allow mail for users A, B, and C through and drop/error the rest sent to @domain.com? I've been reading/looking at the qmail config and I can drop senders but reciepient filtering seems a bit less flexible.

I should add all my servers are 601-01. If there is a new feature of 6.5/7 that I'm unaware of please let me know (but I didnt see anything when I reviewed the Features).

Offline raem

  • *
  • 3,972
Re: Bulk bogus email addresses - solutions?
« Reply #1 on: May 09, 2006, 09:38:47 AM »
aaron

See the suggestions here, especially re doublebounce & mailblocking contribs.

Note that sme7 by default rejects email sent to invalid addresses on the server.
...

aaron

Bulk bogus email addresses - solutions?
« Reply #2 on: May 09, 2006, 06:38:52 PM »
Hi Ray, yes I've pored over your great stuff posted. Perhaps I am mis-reading but I dont think they fit what I'm trying to do.

1) The phoney emails are not a doublebounce but the original bounce from crap being directed to some poor sap where the sender has a forged address of "zzbbwq@mydomain.com". It get rejected for one reason or another at that server and now lands in my mail stream.

2) My ideal situation is to have the gateway mail server, which is currently just fwding email (no user addresses within), to filter out these nuisance emails before continueing on ther path through the antivirus & spam sme servers.

The sme7 suggestion, does that work on a perimeter, forwarding server? I'm assuming if I add addresses via the panel the mail will drop into those user mailboxes on the sme7 server and not continue to be forwarded to the downstream AV/SPAM servers.

Offline raem

  • *
  • 3,972
Bulk bogus email addresses - solutions?
« Reply #3 on: May 09, 2006, 11:50:24 PM »
aaron

If you install the dungog mailblocking cotrib or modify your server as per my howto (both do the same thing), then by default your sme 6.0x server will reject messages sent to invalid addresses (which is what you seem to be complaining of).
You do not need to configure anything within the mailblocking contrib unless you need or want to, more in relation to multiple domain emails or stopping mail to specific valid addresses by using a mail rule.

Search these forums for some good tips about usage hierarchy of mail rules.

My mail tweaks howto is really a collective of things you can do to improve mail handling in different aspects.
...

Re: Bulk bogus email addresses - solutions?
« Reply #4 on: May 10, 2006, 06:11:53 PM »
Quote from: "aaron"
What are folks doing about the growing nuisance of virus/spam mail delivered to non-existent email addresses?


Upgrading to SME 7.

aaron

Bulk bogus email addresses - solutions?
« Reply #5 on: May 11, 2006, 07:11:05 PM »
OK Charlie, so if I upgrade the perimeter SME from 601 to 7 (or just replace it with an SME7 machine and redo my SMTP forwarding) how and where do I specify valid SMTP users? Is there a panel for this other than the std Users panel or is this accomplished via config files? I'm comfortable  customizing via the great templating system.

Just to confirm you are following me, this SME is acting as the primary entrance to all emails where they are then frwded to other SMEs doing anti-virus & spam processing before landing on my home SME, the only place all users are defined. The gateway/perimeter SME has no users nor do the SPAM & anti-virus. The goal is to weed out the 90% SMTP garbage at the gateway, or as early as possible in the processing stream.

So, I expect to obviously have to define valid users somehow at the gateway SME. My understanding is that if they are defined in the users panel mail will be accepted locally rather than being fwded.  Does SME7 allow qmail/control or like files to be editted to allow passthu of predefined recipients while dropping the rest better than SME6?

Offline raem

  • *
  • 3,972
Bulk bogus email addresses - solutions?
« Reply #6 on: May 12, 2006, 03:04:12 AM »
aaron

dungog.net did have a add on contrib for sme7 that allowed all email for a domain to be delegated to another server.
He removed that from his GPL downloads section though, I believe it needed more work. See devinfo list for background info.
If you can find it look for:
smeserver-vdomain-1.2-2.noarch.rpm

That may give you clues re how to do it.

As I understand your problem, you have complicated things by wanting to have a seperate gateway server without users.

The sme server that does process your mail is quite capable of achieving what you want using existing features and add on contribs, which I have mentioned already.
If you are not using RBL blocking then I would certainly enable that too.

It seems that what you are asking, is to block "some" email to valid users, that doesn't make sense to do that as it will most likely block wanted emails as well. Therefore you need to use an amalgamation of other techniques (as mentioned).
...

aaron

Bulk bogus email addresses - solutions?
« Reply #7 on: May 14, 2006, 06:54:37 PM »
Yes, I already have the SMTP forwarding working for both my domains and some client domains.  

There is a slight misunderstanding, Ray. I am not trying to block "some emails to valid users", I'm trying to only allow mail for a dozen or so predefined recipient users for a domain and drop the rest. Ideally I'd be able to also do that for each of the 5 domains (customers) I filter email for.  I acknowledge I'd had an adminstrative task to add any new users to "the list" but that is trivial.

Perhaps I'm alone in this but I must get 100's of email daily for, literally, "qmqqjm@domain.com", "vmdveo@domain.com" etc bogus emails recipients and currently I have to accept them all and process thru each anti-virus & spam servers before local delivery and then bounce as invalid. Seems like a total waste of CPU & bandwidth.

Admittedly that is one nice feature of having a domain's email hosted at an ISP and POPped off via fetchmail - you can define your 12 valid emails there and all this sort of crap mail is their problem. I am ensured the mail arriving via fetchmail is only for the 12 legit users. What I'm looking for is that sort of filtering result leaving only valid traffic with the near instant delivery of SMTP (not having to wait the 5/10/15 minute POP interval), know what I mean?

Anyway, it doesnt appear SME with the contribs can provide what I'm looking for.

Offline raem

  • *
  • 3,972
Bulk bogus email addresses - solutions?
« Reply #8 on: May 14, 2006, 08:06:25 PM »
aaron

Try this.

Install (on sme6) the dungog mailblocking contrib and configure mail rules for your users & domains that you want to be accepted, all others will be rejected.
eg
Rule: Accept,
From: *@*
To: mary@yourdomain.com

That will put a list of user@domains in
/var/qmail/control/mailrules.default

I'm assuming that although mary is not a user on your gateway, mail for mary should be forwarded to the next (delegated) mail server for delivery (where mary is a user).

Let us know if it works.
...

Offline raem

  • *
  • 3,972
Bulk bogus email addresses - solutions?
« Reply #9 on: May 14, 2006, 08:46:00 PM »
aaron

> Anyway, it doesnt appear SME with the contribs can provide what I'm looking for....

I have a sme 6.0 server & gateway with a 100 or so email users & eight domains, also acting as a file & print server for 12 LAN users.
I have RBL rejection enabled, I have pattern matching virus rejection enabled, I have the other tweaks mentioned in the how to enabled eg bad helo/ehlo.
The Mailblocking contrib rejects (at smtp level) all invalid addressed emails
The server (for these various reasons) rejects close to 1000 mesages per day at smtp level.
I also have spam filtering and clam virus scanning enabled to catch those that get past smtp rejection. Doublebounce deletion keeps the admin mailbox clean.
There's only a dozen or so html viruses getting caught per day, and perhaps 20 or 30 spam messages getting moved to the junkmail folders.
I do insist on all published email addresses on web sites being encoded, to thwart spam robots etc.
The resultant email load on the server is therefore not great.
I agree why waste all those processor cycles on antivirus scanning and spam filtering, both of which are quite intensive (esp spam filtering).

Unless you are receiving tens or hundreds of thousands of messages per day, I think you would be better off using the one server as gateway & mail server, that way you can utilise the mailblocking & other contribs effectively.
...