I probably should have mentioned this before now, but I'm using vpopmail.
Vpopmail REQUIRES that the vdelivermail program be in the .qmail-default
file for the domain. vdelivermail MUST be there in order to put the
incomming mail into the correct Maildir.
After looking at the problem for nearly 8 hours straight, I realize that it
is a little more complex than I originally thought.
The problem that I am trying to solve is that I have a lot of mail coming
in for old deleted email accounts. Most of the traffic is from high volume
mailing lists. vpopmail has been set for months and months to send a
bounce message anytime an email address is incorrect (using
vdelivermail '' bounce-no-mailbox in the .qmail-default file). However,
it looks like a lot of the high volume mailing lists are not processing
and removing addresses based on bounced messages (at least not on bounces
generated through vpopmail). Because of this, the number of bounces that
I'm processing on a regular basis continues to grow. It has gotten high
enough to make a noticeable impact on the performance of my outgoing
mail queue.
Although simply not sending the bounce messages would eliminate some
overhead, it would, over time, only add to the problem since the offending
mail servers would assume the mail was being delivered as addressed. In
fact, if someone were to try a brute-force attack and try to send email
to every common username at my domain (e.g., [EMAIL PROTECTED],
[EMAIL PROTECTED], etc.), they would assume that every email address was
valid as NEITHER qmail-smptd nor vdelivermail would give them any other
indication (assuming I could change vdelivermail to silently delete).
I'm running qmail-smtp under tcpserver, and I guess I could add the
offending mail servers to my tcp.smtp rules, but that requires IP
addresses,
which the offenders could change all too easily. There is a patch to allow
the use of domain names in tcpserver, but the patch that I found was for an
older version of tcpserver than I'm currently using (ucspi-tcp-0.88).
In summary, it looks like I do need to send the bounce messages since some
places are probably processing them correctly. But, I need to find a way
to minimize the effect of all these ignored bounce messages. I guess there
are a couple of options for that:
1) COMPLAIN loudly to the sites that are not handling the bounces.
While this sounds good, I'm afraid I won't get very far with this.
2) Make sure my bounces are in the proper format to be easily
processed. Is there such a thing?
3) Find a way to drop smtp connections for non-valid email addresses.
Are there ramifications to this that I'm not thinking of?
Or is this just a scaling issue. Have I just now gotten big enough to
notice the load that this is causing? Is it simply time to upgrade my
server? Split the load? Do load balancing between two servers?
Any help/suggestions/ideas would be greatly appreciated.
Eric
Andrew Richards writes:
On Tue, 7 Aug 2001, eric wrote:
I am wondering if it is possible to drop SOME of the normal bounce
messages. What I would like to do is send bounce messages for all normal
bounce situations EXCEPT for unknown user. If the user does not exist on
the system, I'd like to just silently discard the message.
Is this possible?
one method would be to use .qmail-default files that contain nothing but a
comment line.
Well just to expand that answer slightly: With qmail, when
a *specific* user can't be found for a mail address (by
checking users/cdb and/or /etc/passwd, qmail will see if
there are any delivery instructions it can use in alias's
home directory (/var/qmail/alias). Specifically it will
look for .qmail-username, then .qmail-default. In a standard
qmail setup, you would expect to see files for special users
like .qmail-postmaster (and probably a matching Maildir).
In your case, create a .qmail-default file, to catch all
unknown users. With this file you can throw away all
mail received,
#
(that's just a single comment line: Having read a comment,
qmail-local will consider it has achieved a successful
delivery. Note that a null file is different, and will
use the default delivery. Just see man dot-qmail for
more info).
cheers,
Andrew.
