Jim:
The adjustment can be made in the GUI, or you can look in the QMAIL
setting file itself.
Normally, the path would be */home/vpopmail/domains/<domain>/.qmail-default*
The normal entry there would be one of:
a) | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox (BAD!)
b) | /home/vpopmail/bin/vdelivermail '' <email address> (CATCHALL)
* c) **| /home/vpopmail/bin/vdelivermail '' delete (GOOD!)*
I routinely run a script on my servers that converts any
"bounce-no-mailbox" entries to "delete" entries.
Users (domain owners) are allowed to choose a catchall address, but I do
not permit a bounce setting on my servers.
I'm admittedly a pain-in-the-a-- mail admin! :)
Dan McAllister
On 5/19/2014 11:06 AM, Jim Shupert wrote:
How might one do - have a DELETE rule for badly addressed messages. I
just drop them and forget about it?
is it as easy as: " Set catchall email deleted " from admin
in truth ... i thought you HAD to have a catch all account -- yes - i
would rather not.
thanks
also that strategy of : " giving each user a separate mailbox name and
e-mail address "
yes , that is interesting -- I can see how that would work
....unfortunately in my current situation folks already have the
"configuration " that we have.
but maybe for a new bunch of folks a new domain
thanks for the food for thought ,,, a hardy meal.
jim
On 5/19/2014 10:28 AM, Dan McAllister wrote:
Jim,
Exactly why do you want/need a catchall account at all? Albeit, while
that is far better than having a REJECT rule for badly addressed
messages, it also creates an ongoing headache of someone having to
scan through tons of messages that you KNOW are most likely SPAM.
First, some background -- you can do 3 things with badly addressed
mail messages in QMail:
- reject them
- send them to a catchall account
- delete them
Personally, all of my servers have a DELETE rule for badly addressed
messages. I just drop them and forget about it.
First, most new admins want to use a REJECT option -- tell users they
got a bad email address. This is the WORST option, however! Because
of address phishing, you will get many times more SPAM than otherwise
if you send REJECT messages. Why? Spammers will send 100,000 messages
to your server addressed to a...@domain.com, a...@domain.com
a...@domain.com... and so forth (usually, it is actually a
dictionary/name attack more than a brute-force attack, but you get
the idea). Their goal is to send you 100,000 emails and get only
99,998 bounce messages -- and voila! They have 2 "good" email
addresses they can add to their "list of proven good addresses" that
they sell to other spammers.
Just having a domain that is "searchable" that way will increase your
SPAM attacks many-fold! So accept EVERYTHING (they'll stop phishing
when they realize you NEVER reject a message due to a bad address!)
That leaves 2 options:
- keep the bad messages, or
- just silently delete them
In my book, I delete them. If you WANT to read through hundreds (or
thousands) of messages that are nearly always SPAM, that's your
business... but there are other ways to determine that a badly
addressed message was attempted -- like that the recipient never got it!
===
One last tidbit for security: A lot of us are essentially lazy when
it comes to accounts for email. Consider this: if your email address
is your login ID, then a hacker only needs to know your password to
break in! Consider instead, giving each user a separate mailbox name
and e-mail address:
a...@gunsnroses.com is just the email address... it actually is an
alias (forward in QMT) for the mailbox axyl...@gunsnroses.com. Axyl
needs to know the mailbox name when he sets up his mail clients (or
uses webmail), but other than that, everyone uses axyl@ as the email
address. When an "attacker" wants to break into the mail server for
gunsnroses.com, they can use the name a...@gunsnroses.com until the
cows come back from the moon -- but it'll never work, because that
isn't a valid account.
FWIW: for my corporate accounts, I create a mailbox name (I won't
disclose the formula), and then forwards for the actual user in the
form of: fi...@domain.com, fl...@domain.com, f.l...@domain.com,
firstl...@domain.com, & first.l...@domain.com (although first@ is
sometimes omitted)... then the user can tell their
friends/coworkers/associates any of the aliases that they prefer...
and while all work, none are the login name for the user (nor the
mailbox name).
Just food for thought.
Dan McAllister
On 5/19/2014 9:15 AM, Jim Shupert wrote:
Friends,
1st let me say that i have asked this forum for advice on my battele
with spam and I can say that I am enjoying success from the wisdom.
thank you.
a related matter.
I [ the postmaster ] personnally get a lot of spam because I am the
ctach all account.
this means I get spam for ' people who do not exist" - this is 2
catagories.
1- accounts that did exist in the past but no longer. ie billiebob
left - so no billie...@mydom.com anymore
2- accounts that have never existed . ie unic...@mydom.com
as you might suspect these are largely spam.
My q - what is a suggested means of doing this?
my thoughts are
1. a account is made named d...@mydom.com as catch all and assign it
a quota of 5 MB
2 make s...@mydom.com the catch all.
or
3. no change - meaning leave it so it goes to my mailbox as catch all.
thanks
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!