Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
Victor Duchovni a écrit : On Mon, Jan 12, 2009 at 06:13:52PM -0500, Wietse Venema wrote: David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 Interestingly, the 181.0.0.0/8 Network is IANA reserved: OrgName:Internet Assigned Numbers Authority OrgID: IANA Address:4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country:US NetRange: 181.0.0.0 - 181.255.255.255 CIDR: 181.0.0.0/8 NetName:NET181 NetHandle: NET-181-0-0-0-0 Parent: NetType:IANA Reserved Comment: RegDate:1993-05-01 Updated:2003-04-06 I wonder how hosting.mgapi.edu managed to receive connections from the 181.138.153.218 address. maybe MGAPI are using these internally... We've already seen people using the IPs found in DNS and BIND (I think these were HP ranges, right?), so confusing IANA reserved with reserved for eternity (thus safe for private use) is less surprising ;-p
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle a écrit : I found the issue. It's backscatter mail to real recipient addresses. At first I was getting non existent as well but stopped those. Something (a spam filter?) after postfix returns says: Invalid destination status You MUST not reject mail after it was accepted by postfix, exceptionally when the message is spam. I have to employ header and body checks. Okay my question is I have multiple domains not just one like in the code example 'porcupine' given. How do I code that? you are the source of backscatter, not the victim. so you can't block these bounces with a single postfix. - configure your spam filter to deliver or quarantine or discard... but not to reject spam. - reject inbound mail that helo's as localhost. use check_helo_access for that. google or read the Bok of Postfix for more infos. ... etc. Do I need to string a ton load of domain names or can you use a wildcard to match any domain? If I could trouble for a snip of code I can apply it and let you know. It's a live server and I don't want to experiment code when I am not sure how to write it. Thanks again!
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
webmas...@aus-city.com wrote: Quoting Noel Jones njo...@megan.vbhcs.org: You'll need to investigate where your bounces are coming from by examining your log - find out why postfix generated a bounce. Start by searching your logfile for the QUEUEID displayed by the mailq command. The usual source of unwanted bounces is accepting mail for undeliverable recipients rather than rejecting such mail during SMTP. The postfix method of recipient validation depends on the address class of the recipient domain. http://www.postfix.org/ADDRESS_CLASS_README.html Also note that any address matched by virtual_alias_maps or *canonical_maps is considered valid, so @domain @domain wildcard mapping effectively disables recipient validation. Please see http://www.postfix.org/DEBUG_README.html and especially http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones Hi Noel, The mailq dump as requested: -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 91B8113C0040 3168 Mon Jan 12 13:57:12 MAILER-DAEMON (host mx1.atomz.com[64.191.197.46] said: 450 4.1.1 ben...@atomz.com: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command)) ben...@atomz.com AF41E13C0042 2849 Mon Jan 12 14:58:09 MAILER-DAEMON (connect to losxpertos.com[69.64.147.19]:25: Connection timed out) whirredfih0...@losxpertos.com EC83913C0033 2710 Mon Jan 12 10:12:22 MAILER-DAEMON (connect to aimnona.com[66.79.162.22]:25: Connection timed out) r...@aimnona.com 8F54113C0028 2941 Mon Jan 12 09:20:39 MAILER-DAEMON (connect to mailno.opens.com[255.255.255.255]:25: Network is unreachable) tandcr...@opens.com B831F13C003E 3039 Mon Jan 12 10:43:42 MAILER-DAEMON (connect to mail.cfbnet.com[67.79.170.115]:25: Connection refused) donboe...@cfbnet.com -- 18 Kbytes in 5 Requests. OK, so you have some bounces in your queue. We already knew that, so this posting is rather useless. You'll need to investigate where your bounces are coming from by examining your log - find out why postfix generated a bounce. Start by searching your logfile for the QUEUEID displayed by the mailq command. You can also examine the contents of the bounce with # postcat -q QUEUEID | more The QUEUEID is displayed by the mailq command in the QUEUE ID column. You'll need to do those parts of the investigation yourself. Come back with details if you need help interpreting what you find. -- Noel Jones
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noel Jones wrote: David Cottle wrote: Hi Noel, Thanks for your help! I will firstly forward the postconf dump as requested. I will have to forward as another message - will call it postconf as I am on my iPhone. At least you can firstly look at that and perhaps find it is accepting during SMTP for undeliverable. Many thanks! David Sent from my iPhone Stop top posting - put your answers below the text you refer to. Hi Noel, The messages are all faked spam supposedly sent from mail addresses that are valid off the server domains. So therefore non valid addresses are being rejected. So how can these be dealt with they all look genuine in the headers. My domains all run strict SPF policy with reject mail when SPF does not resolve to pass, but as these are bounce emails the servers of course have no SPF records therefore don't get skimmed off. Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklrs94ACgkQi1lOcz5YUMih+ACgnUSkImCDLKRG32TcqikzPXiN kH4Ani1R+DYzGZjd4AIiemOW45fUkGCd =dqor -END PGP SIGNATURE- begin:vcard fn:David Cottle n:Cottle;David email;internet:webmas...@aus-city.com title:Webmaster version:2.1 end:vcard
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On Monday, January 12, 2009 at 22:19 CET, David Cottle webmas...@aus-city.com wrote: The messages are all faked spam supposedly sent from mail addresses that are valid off the server domains. So therefore non valid addresses are being rejected. So how can these be dealt with they all look genuine in the headers. My domains all run strict SPF policy with reject mail when SPF does not resolve to pass, but as these are bounce emails the servers of course have no SPF records therefore don't get skimmed off. Please follow the instructions and post logs showing how these messages enter your system. Had the messages been rejected they would not have ended up in your queue. They are instead bounced, and you haven't provided us with any details about why this happens. Therefore we cannot suggest any course of action without resorting to guessing. -- Magnus Bäck mag...@dsek.lth.se
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noel Jones wrote: David Cottle wrote: Hi Noel, Thanks for your help! I will firstly forward the postconf dump as requested. I will have to forward as another message - will call it postconf as I am on my iPhone. At least you can firstly look at that and perhaps find it is accepting during SMTP for undeliverable. Many thanks! David Sent from my iPhone Stop top posting - put your answers below the text you refer to. Hi Noel, The messages are all faked spam supposedly sent from mail addresses that are valid off the server domains. So therefore non valid addresses are being rejected. So how can these be dealt with they all look genuine in the headers. My domains all run strict SPF policy with reject mail when SPF does not resolve to pass, but as these are bounce emails the servers of course have no SPF records therefore don't get skimmed off. Thanks! Sorry, that description is far from clear... As detailed earlier, use postcat to view some of the messages in the queue and examine your logs to find why your postfix is generating bounces. If you're not sure how to interpret what you find or what to do about it, please post the evidence here. Posting evidence is more likely to get useful suggestions than posting a conclusion with no evidence. At this point I have no idea what you're trying to describe. Posting of evidence would be a great help. You also would probably benefit from spending a few hours reading the list archives. Very likely someone else has experienced your problem and found a solution. Possibly this may help you: http://www.postfix.org/BACKSCATTER_README.html Good luck. -- Noel Jones Sent from my two year old lAptop
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Magnus Bäck wrote: On Monday, January 12, 2009 at 22:19 CET, David Cottle webmas...@aus-city.com wrote: The messages are all faked spam supposedly sent from mail addresses that are valid off the server domains. So therefore non valid addresses are being rejected. So how can these be dealt with they all look genuine in the headers. My domains all run strict SPF policy with reject mail when SPF does not resolve to pass, but as these are bounce emails the servers of course have no SPF records therefore don't get skimmed off. Please follow the instructions and post logs showing how these messages enter your system. Had the messages been rejected they would not have ended up in your queue. They are instead bounced, and you haven't provided us with any details about why this happens. Therefore we cannot suggest any course of action without resorting to guessing. Thanks all, I just can't figure out why they get bounced, so I attach here.. I will only attach two: **ONE** *** ENVELOPE RECORDS deferred/B/B831F13C003E *** message_size:3039 213 1 03039 message_arrival_time: Mon Jan 12 10:43:42 2009 create_time: Mon Jan 12 10:43:42 2009 named_attribute: log_message_origin=local named_attribute: trace_flags=0 sender: original_recipient: donboe...@cfbnet.com recipient: donboe...@cfbnet.com *** MESSAGE CONTENTS deferred/B/B831F13C003E *** Received: by server.engineering.idb (Postfix) id B831F13C003E; Mon, 12 Jan 2009 10:43:42 +1100 (EST) Date: Mon, 12 Jan 2009 10:43:42 +1100 (EST) From: mailer-dae...@server.engineering.idb (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: donboe...@cfbnet.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=C3F5B13C002D.1231717422/server.engineering.idb Content-Transfer-Encoding: 8bit Message-Id: 20090111234342.b831f13c0...@server.engineering.idb This is a MIME-encapsulated message. - --C3F5B13C002D.1231717422/server.engineering.idb Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host server.engineering.idb. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system webmas...@aus-city.com: Invalid destination status - --C3F5B13C002D.1231717422/server.engineering.idb Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; server.engineering.idb X-Postfix-Queue-ID: C3F5B13C002D X-Postfix-Sender: rfc822; donboe...@cfbnet.com Arrival-Date: Mon, 12 Jan 2009 10:43:36 +1100 (EST) Final-Recipient: rfc822; webmas...@aus-city.com Original-Recipient: rfc822;webmas...@aus-city.com Action: failed Status: 5.1.3 Diagnostic-Code: x-unix; Invalid destination status - --C3F5B13C002D.1231717422/server.engineering.idb Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 Date: Mon, 12 Jan 2009 02:43:44 +0300 From: donboe...@cfbnet.com X-Mailer: The Bat! (v2.01) Reply-To: amar_will...@yahoo.com X-Priority: 3 (Normal) Message-ID: 017606528.20080502031...@cfbnet.com To: webmas...@aus-city.com Subject: =?iso-8859-5?B?QmUgYSB3aW5uZXIgaW4gYmVk?= MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--F63EA71C6CF12E - F63EA71C6CF12E Content-Type: text/html; charset=iso-8859-5 Content-Transfer-Encoding: 8bit Our specil offer today NEW ONLINE PHARMACY STORE a href=http://agdavletovocypic.narod.ru;HERE/a - F63EA71C6CF12E-- - --C3F5B13C002D.1231717422/server.engineering.idb-- *** HEADER EXTRACTED deferred/B/B831F13C003E *** named_attribute: encoding=8bit *** MESSAGE FILE END deferred/B/B831F13C003E *** **TWO** *** ENVELOPE RECORDS deferred/2/202B613C007B *** message_size: 17228 225 1 0 17228 message_arrival_time: Tue Jan 13 01:49:46 2009 create_time: Tue Jan 13 01:49:46 2009 named_attribute: log_message_origin=local named_attribute: trace_flags=0 sender: original_recipient: thaddeus8s...@autotown.com recipient: thaddeus8s...@autotown.com *** MESSAGE CONTENTS
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle a écrit : Magnus Bäck wrote: On Monday, January 12, 2009 at 22:19 CET, David Cottle webmas...@aus-city.com wrote: The messages are all faked spam supposedly sent from mail addresses that are valid off the server domains. So therefore non valid addresses are being rejected. So how can these be dealt with they all look genuine in the headers. My domains all run strict SPF policy with reject mail when SPF does not resolve to pass, but as these are bounce emails the servers of course have no SPF records therefore don't get skimmed off. Please follow the instructions and post logs showing how these messages enter your system. Had the messages been rejected they would not have ended up in your queue. They are instead bounced, and you haven't provided us with any details about why this happens. Therefore we cannot suggest any course of action without resorting to guessing. Thanks all, I just can't figure out why they get bounced, so I attach here.. I will only attach two: Please take the time to understand what others have tried to tell you. the answer to your problem is in postfix logs, not in the bounces, nor in the mailq. 1- find out where are postfix logs. they may be in /var/log/maillog or /var/log/mail.log or another file (the location is specified in /etc/syslog.conf if you use the standard syslog) 2- search for a message that arrived _for_ webmas...@aus-city.com (not a bounce). 3- show the logs for this message from the time it gets into postfix until it causes an error. the first log line here should contain postfix/smtpd or postfix/pickup. if webmas...@aus-city.com is not a valid user, then remove it from your address lists and from alias (and virtual_aliases). BTW, don't put $virtual_* in local_recipient_maps. [snip]
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 This is your problem. If webmas...@aus-city.com is invalid, then hosting.mgapi.edu MUST NOT ACCEPT MAIL FOR THAT RECIPIENT. To learn more about blocking invalid recipients on an inbound transit mail server, see the archives, as this is discussed here about every other week. See also: http://www.postfix.org/postconf.5.html#relay_recipient_maps http://www.postfix.org/postconf.5.html#relay_domains http://www.postfix.org/ADDRESS_VERIFICATION_README.html Wietse
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On Mon, Jan 12, 2009 at 06:13:52PM -0500, Wietse Venema wrote: David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 Interestingly, the 181.0.0.0/8 Network is IANA reserved: OrgName:Internet Assigned Numbers Authority OrgID: IANA Address:4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country:US NetRange: 181.0.0.0 - 181.255.255.255 CIDR: 181.0.0.0/8 NetName:NET181 NetHandle: NET-181-0-0-0-0 Parent: NetType:IANA Reserved Comment: RegDate:1993-05-01 Updated:2003-04-06 I wonder how hosting.mgapi.edu managed to receive connections from the 181.138.153.218 address. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle: On 13/01/2009, at 10:13, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 .. Hi Wietse, Sorry I am now totally confused as webmas...@aus-city.com is not invalid it's this address! If webmas...@aus-city.com is valid, then the problem is that your own system is returning mail for webmas...@aus-city.com as undeliverable. That problem has NOTHING to do with spam. Wietse
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On 13/01/2009, at 11:44, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: On 13/01/2009, at 10:13, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 .. Hi Wietse, Sorry I am now totally confused as webmas...@aus-city.com is not invalid it's this address! If webmas...@aus-city.com is valid, then the problem is that your own system is returning mail for webmas...@aus-city.com as undeliverable. That problem has NOTHING to do with spam. Wietse Hi Wietse, Sorry that is incorrect I am not sending out Viagra emails. I look at all these bounces and I did not send one of these single emails. My SMTP is closed and not an open relay either. Now you see my questions I am perplexed at how to stop these. Qmail somehow dealt with these I never saw them in queue. But I believe postfix is a better program! So they are indeed spam bounces. Also how many could be being sent out that do get delivered? But as I also said all these bounces i see they are stuck in queue as they are not deliverable. So can rules like you use for someone sending out an email on the server as a user be applied to postmaster of bounces? Simply test the recipients if invalid reject and it's resolved so filer bounces. Else can a postfix command be issued to delete only undeliverable bounces only from mailerdaemon at my server in the queue? I can run this by cron. It seems crazy for me to log in daily into plesk, tick all these in the mail queue and delete them manually. Thanks!
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On 13/01/2009, at 11:35, Res r...@ausics.net wrote: On Tue, 13 Jan 2009, David Cottle wrote: If I understand some spammer uses valid email addresses on my server and sends them via another server. They bounce as the addresses they spamming are invalid or fail for what ever reason. SPF -- Res All we need, is just a little patience -- William Bruce (Axl) Rose Hi Res, I already have strict SPF policy and records that strictly specify valid sender servers. Also on incoming I already run the highest level delete mail that SPF records do not resolve to pass.
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle: On 13/01/2009, at 11:44, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: On 13/01/2009, at 10:13, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + (UTC) Received-SPF: none (no valid SPF record) Received: from hosting.mgapi.edu (unknown [82.179.217.2]) by server.engineering.idb (Postfix) with SMTP for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:35 + (UTC) Received: from dpkpyv (181.138.153.218) by hosting.mgapi.edu; Mon, 12 Jan 2009 02:43:44 +0300 .. Hi Wietse, Sorry I am now totally confused as webmas...@aus-city.com is not invalid it's this address! If webmas...@aus-city.com is valid, then the problem is that your own system is returning mail for webmas...@aus-city.com as undeliverable. That problem has NOTHING to do with spam. Wietse Hi Wietse, Sorry that is incorrect I am not sending out Viagra emails. I look at THIS WAS MAIL FOR webmas...@aus-city.com. IT IS NOW BEING RETURNED AS UNDELIVERABLE. THIS MESSAGE DOES NOT HAVE YOU AS THE SENDER. Wietse
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle: Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + ... THIS WAS MAIL FOR webmas...@aus-city.com. The postmaster address on every domain exists but does not accept mail it will bounce. This was mail for WEBMASTER, now being returned to the sender. If you have a non-functional postmaster address, that is sufficient grounds for getting your entire domains blacklisted. Wietse
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On 13/01/2009, at 13:02, wie...@porcupine.org (Wietse Venema) wrote: David Cottle: Received: from server.engineering.idb (unknown [127.0.0.1]) by server.engineering.idb (Postfix) with ESMTP id C3F5B13C002D for webmas...@aus-city.com; Sun, 11 Jan 2009 23:43:36 + ... THIS WAS MAIL FOR webmas...@aus-city.com. The postmaster address on every domain exists but does not accept mail it will bounce. This was mail for WEBMASTER, now being returned to the sender. If you have a non-functional postmaster address, that is sufficient grounds for getting your entire domains blacklisted. Wietse Wietse, I do appreciate the help but feel I am stuck in a catch 22. Firstly I am no expert in configuring postfix I just know enough to get by. Is there anything in those examples that stands out as fake I can screen in someway - the header_checks of which I have no idea how to use, I don't want to experiment with rules that will trash real emails it's a production server. Are bounce emails filtered the same as all target addresses? If not how can you apply same rules? Failing that as then it looks impossible to fix so is there a command in postfix to selectively delete queued emails from bounce?I can have cron do this. Or can I force spamassassin as no doubt it will delete them as Viagra and such crap in the body is killed off immediately. It still confuses me why qmail does not do this, I never saw these so they were being filtered out / deleted. All I can think is all mail incoming is piped through spamassassin? Also I am not alone other plesk users that swapped to postfix now have the same issue 'spam bounce emails'. Postfix is a new option in plesk now. Thanks!
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David, you've sent so many messages and replies that quoting anything at this point is just wasting bandwidth. I'm going to jump in with a few notes on what I've read here: First, you are fixating on the wrong problem. If you have bounces that are queued up, this is because you are accepting mail that you cannot deliver. THAT is the problem that needs to be fixed. Bounces are bad if you are generating them AFTER you have accepted email. Reject such mails as they are being sent to your server. The postfix docs are your friend, read up on this. You implied that you have postmaster/webmaster accounts but that these are not accepting mail? This is wrong, these addresses should be reachable for legitimate email. Tackle this issue after you've fixed the above. At one point you indicated that these are being sent from users on your domain, more likely these are spoofed addresses, you need to use some method to authenticate users before they can send, accept certain IP ranges, local networks, authenticated SMTP users, etc. Everyone else should be blocked from sending. You claimed that the bounces are for mails that you never sent, and were forged. Is your system an open relay? Is it accepting mail from systems that it shouldn't be? You will want to take a look at who is using your mail server, and only authorized users/systems are able to send mail via your mail server. Tackle these issues, concentrate on one issue at a time. Review the logs of mail as it arrives at your server, test repeatedly. Out of the box, postfix is incredibly stable and secure, but with the wrong settings this can be undone. Finally, if you still need help, run the command 'postconf -n', and post the output unfiltered to the list. That will tell what non-standard settings you are using, which will likely shed clues to why you are having problems.
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
On 13/01/2009, at 15:32, Jim Wright j...@wrightthisway.com wrote: David, you've sent so many messages and replies that quoting anything at this point is just wasting bandwidth. I'm going to jump in with a few notes on what I've read here: First, you are fixating on the wrong problem. If you have bounces that are queued up, this is because you are accepting mail that you cannot deliver. THAT is the problem that needs to be fixed. Bounces are bad if you are generating them AFTER you have accepted email. Reject such mails as they are being sent to your server. The postfix docs are your friend, read up on this. You implied that you have postmaster/webmaster accounts but that these are not accepting mail? This is wrong, these addresses should be reachable for legitimate email. Tackle this issue after you've fixed the above. At one point you indicated that these are being sent from users on your domain, more likely these are spoofed addresses, you need to use some method to authenticate users before they can send, accept certain IP ranges, local networks, authenticated SMTP users, etc. Everyone else should be blocked from sending. You claimed that the bounces are for mails that you never sent, and were forged. Is your system an open relay? Is it accepting mail from systems that it shouldn't be? You will want to take a look at who is using your mail server, and only authorized users/systems are able to send mail via your mail server. Tackle these issues, concentrate on one issue at a time. Review the logs of mail as it arrives at your server, test repeatedly. Out of the box, postfix is incredibly stable and secure, but with the wrong settings this can be undone. Finally, if you still need help, run the command 'postconf -n', and post the output unfiltered to the list. That will tell what non-standard settings you are using, which will likely shed clues to why you are having problems. Hi Jim, I found the issue. It's backscatter mail to real recipient addresses. At first I was getting non existent as well but stopped those. I have to employ header and body checks. Okay my question is I have multiple domains not just one like in the code example 'porcupine' given. How do I code that? Do I need to string a ton load of domain names or can you use a wildcard to match any domain? If I could trouble for a snip of code I can apply it and let you know. It's a live server and I don't want to experiment code when I am not sure how to write it. Thanks again!
Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I cant seem to stop these spam bounce emails. smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender, reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination I have one bounce in there now, and postqueue -p tells me that connect to mailno.opens.com network is unreachable. Any ideas? Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklqdgkACgkQi1lOcz5YUMgi7QCeJe0oYpwJzsYf+E+NRBOuQIIS EjgAnj06FCeOlulPyylsuA63MQVgzOiW =Z/wX -END PGP SIGNATURE- begin:vcard fn:David Cottle n:Cottle;David email;internet:webmas...@aus-city.com title:Webmaster version:2.1 end:vcard
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle wrote: I cant seem to stop these spam bounce emails. What spam bounce emails? I have one bounce in there now, and postqueue -p tells me that connect to mailno.opens.com network is unreachable. Any ideas? You need to fully explain the problem. To get the most out of this mailing list, read http://www.postfix.org/DEBUG_README.html#mail before posting again. -- Sahil Tandon sa...@tandon.net
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I cant seem to stop these spam bounce emails. smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender, reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination I have one bounce in there now, and postqueue -p tells me that connect to mailno.opens.com network is unreachable. Any ideas? This sounds as if you have undeliverable bounces (which happen to be spam) in your queue. So why are you bouncing mail at all? Don't do that. Please give us more details http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Noel, Yes please! But can you tell me how to do this... I really don't want to bounce the spam at all. I am using postfix 2.6, I built the rpm from source. Many thanks!, David Here is my main.cf (abbreviated I show only activated options) queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost local_recipient_maps = $virtual_mailbox_maps unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 sendmail_path = /usr/sbin/sendmail.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.5.6/samples readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES inet_protocols = all virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox transport_maps = hash:/var/spool/postfix/plesk/transport smtpd_tls_cert_file = /etc/postfix/postfix_default.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_security_level = may smtp_use_tls = yes smtpd_use_tls = yes smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender, reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain smtp_send_xforward_command = yes smtpd_authorized_xforward_hosts = 127.0.0.0/8 smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unverified_recipient virtual_mailbox_base = /var/qmail/mailnames virtual_uid_maps = static:110 virtual_gid_maps = static:31 virtual_transport = plesk_virtual plesk_virtual_destination_recipient_limit = 1 smtpd_client_restrictions = reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org message_size_limit = 1024 master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - - 60 1 pickup -o content_filter=smtp:127.0.0.1:10027 cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Noel, Yes please! But can you tell me how to do this... I really don't want to bounce the spam at all. I am using postfix 2.6, I built the rpm from source. Many thanks!, David Here is my main.cf (abbreviated I show only activated options) [[Please don't top post. Please show postconf -n rather than random main.cf snips. Please show related logging.]] You'll need to investigate where your bounces are coming from by examining your log - find out why postfix generated a bounce. Start by searching your logfile for the QUEUEID displayed by the mailq command. The usual source of unwanted bounces is accepting mail for undeliverable recipients rather than rejecting such mail during SMTP. The postfix method of recipient validation depends on the address class of the recipient domain. http://www.postfix.org/ADDRESS_CLASS_README.html Also note that any address matched by virtual_alias_maps or *canonical_maps is considered valid, so @domain @domain wildcard mapping effectively disables recipient validation. Please see http://www.postfix.org/DEBUG_README.html and especially http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
Hi Noel, Thanks for your help! I will firstly forward the postconf dump as requested. I will have to forward as another message - will call it postconf as I am on my iPhone. At least you can firstly look at that and perhaps find it is accepting during SMTP for undeliverable. Many thanks! David Sent from my iPhone On 12/01/2009, at 11:19, Noel Jones njo...@megan.vbhcs.org wrote: David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Noel, Yes please! But can you tell me how to do this... I really don't want to bounce the spam at all. I am using postfix 2.6, I built the rpm from source. Many thanks!, David Here is my main.cf (abbreviated I show only activated options) [[Please don't top post. Please show postconf -n rather than random main.cf snips. Please show related logging.]] You'll need to investigate where your bounces are coming from by examining your log - find out why postfix generated a bounce. Start by searching your logfile for the QUEUEID displayed by the mailq command. The usual source of unwanted bounces is accepting mail for undeliverable recipients rather than rejecting such mail during SMTP. The postfix method of recipient validation depends on the address class of the recipient domain. http://www.postfix.org/ADDRESS_CLASS_README.html Also note that any address matched by virtual_alias_maps or *canonical_maps is considered valid, so @domain @domain wildcard mapping effectively disables recipient validation. Please see http://www.postfix.org/DEBUG_README.html and especially http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails
David Cottle wrote: Hi Noel, Thanks for your help! I will firstly forward the postconf dump as requested. I will have to forward as another message - will call it postconf as I am on my iPhone. At least you can firstly look at that and perhaps find it is accepting during SMTP for undeliverable. Many thanks! David Sent from my iPhone Stop top posting - put your answers below the text you refer to.
