RE: [qmailtoaster] catch all account and the spam

2016-07-11 Thread CarlC Internet Services Service Desk 
>From: Dan McAllister

>Now I can't just reply to HOW without adding my 2-cents worth as to why I
think "bounce-no-mailbox" is the WORST of the options:

>-  It allows spammers to "mine" your domain for "good" email
addresses (which then get sold!). how? Send a note to a...@yourdomain.com,
b...@yourdomain.com, etc. For each one that does NOT get a bounceback, you have
a good address! SPAM IT!

>-  Once your domain is "mature" (been around a few years), your
"catchall" account will get thousands of emails a day - from spammers trying
to mine your domain!

 

My question is, would this not lead spammer to try to use your domain name
as a FROM? What I mean by that is, if you're not bouncing the bad addresses,
then a spammer can use your domain [I know, many don't check SPF or where
the domain is allowed to send email from records], to send email outbound.
Most email servers will check to see if the return email address is valid,
and qmail would say anth...@yourdomain.com is valid. While it would get
dumped into /dev/null since  you have "delete" as the final destination, I'm
not entirely sure allowing all email address for your domain to work is a
good idea.

 

I know a few years ago, I did have a few customers this happened to. We had
to disable the catch-all and instead, set it to bounce-no-mailbox. When we
did that, the spammers stopped trying to use the domain as a "from" address
[and yes, SPF records made no difference. it was the open catch-all that led
the spammers to use the domain as a "from" address].

 

Again, YMMV.

Carl

Re: [qmailtoaster] catch all account and the spam

2016-07-11 Thread Eric 
You can do this in Qmailadmin. There was some question as to whether 
Qmailadmin worked. I found that it does and makes the setting changes 
described below by Dan. I also think that 'bounce-no-mailbox' is a bad 
option.




On 7/11/2016 10:29 AM, Dan McAllister - QMT DNS Admin wrote:

The CORRECT way to do this is to create the .qmail-default file with an
entry that says:

|   /home/vpopmail/bin/vdelivermail   ‘’   *delete*



NOTE: Extra spaces added for readability on “variable width font” readers J

You will find the DEFAULT entry says “bounce-no-mailbox” where I have
delete above.



I haven’t been following this thread, but I assume you were using an
email address instead of “bounce-no-mailbox” to create your catchall
account?

If not, that would be the appropriate way to do so.



Now I can’t just reply to HOW without adding my 2-cents worth as to why
I think “bounce-no-mailbox” is the WORST of the options:

-  It allows spammers to “mine” your domain for “good” email
addresses (which then get sold!)… how? Send a note to a...@yourdomain.com
, b...@yourdomain.com ,
etc. For each one that does NOT get a bounceback, you have a good
address! SPAM IT!

-  Once your domain is “mature” (been around a few years), your
“catchall” account will get thousands of emails a day – from spammers
trying to mine your domain!



That means (to me, anyway) that you should DEFAULT to a “delete” policy…
if they send to a bad email address… oh well, I guess they won’t get a
reply! When they CHECK with the recipient, they’ll be able to figure it
out. But in the few, rare instances where there needs to be SOMETHING
done with badly addressed messages, a catchall account is superior to a
“bounce-no-mailbox” option.



Those opinions are MINE. Feel free to share in them or oppose them – but
their only value is the time you have invested in reading them, so treat
accordingly.



Have a great day all!



Dan McAllister

IT4SOHO



QMT DNS Admin (or at least I WAS!)







*From:*Angus McIntyre [mailto:an...@pobox.com]
*Sent:* Friday, July 8, 2016 9:49 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] catch all account and the spam



On Jul 7, 2016, at 1:10 PM, Jim Shupert mailto:jshup...@pps-inc.com>> wrote:

I am wondering what a "wise" method of doing the catch all account
regarding spam might be

To limit the amount of spam that a standard user who is catch all
(me for example )

I have created a usr named d...@mydom.com 
this "usr" has a quota of 40 MB … so it goes over quota in a day or
so...
It is ,for the sake of argument , ALL spam.
what are you wise folk doing?



Because spammers will spam anything and everything — I have seen spam
targeting ‘email addresses’ that were obviously created by some scraper
program so dumb that it thought a message ID (something like
“122324313109.1231...@somedomain.com
”) was an email account — I
would question whether there’s any value in having a catch-all. Better
to set up .qmail files for the addresses you actually want, and then
just send everything else to /dev/null.



To do that, create a ‘.qmail-default’ file for your domain, enter a ‘#’
character on the first line, and then add one blank line after it.



If you think that you might some day get useful mail sent to a catch-all
address, then you’ll probably want to do two things.



One is to set up a cron job that just throws away everything in the
catch-all account at regular intervals, so that you don’t go over quota
and start bouncing mail.



The other is to use something like procmail to filter the mail coming
into the catch-all. You can write two kinds of filters. One filter will
throw away stuff that’s known to be spam (to prevent the mailbox
overflowing, and to reduce the amount of mail you need to review
manually). The other should look for particular keywords that indicate
something that might be interesting to you, and divert that to one of
your active mailboxes.



Also consider making use of Spamdyke features — for example, rejecting
messages from domains without valid RDNS — to reduce the amount of spam
you need to process.



Angus



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] catch all account and the spam

2016-07-11 Thread Dan McAllister - QMT DNS Admin 
The CORRECT way to do this is to create the .qmail-default file with an entry 
that says:

|   /home/vpopmail/bin/vdelivermail   ‘’   delete

 

NOTE: Extra spaces added for readability on “variable width font” readers :)

You will find the DEFAULT entry says “bounce-no-mailbox” where I have delete 
above.

 

I haven’t been following this thread, but I assume you were using an email 
address instead of “bounce-no-mailbox” to create your catchall account? 

If not, that would be the appropriate way to do so.

 

Now I can’t just reply to HOW without adding my 2-cents worth as to why I think 
“bounce-no-mailbox” is the WORST of the options:

-  It allows spammers to “mine” your domain for “good” email addresses 
(which then get sold!)… how? Send a note to a...@yourdomain.com 
 , b...@yourdomain.com  
, etc. For each one that does NOT get a bounceback, you have a good address! 
SPAM IT!

-  Once your domain is “mature” (been around a few years), your 
“catchall” account will get thousands of emails a day – from spammers trying to 
mine your domain!

 

That means (to me, anyway) that you should DEFAULT to a “delete” policy… if 
they send to a bad email address… oh well, I guess they won’t get a reply! When 
they CHECK with the recipient, they’ll be able to figure it out. But in the 
few, rare instances where there needs to be SOMETHING done with badly addressed 
messages, a catchall account is superior to a “bounce-no-mailbox” option.

 

Those opinions are MINE. Feel free to share in them or oppose them – but their 
only value is the time you have invested in reading them, so treat accordingly.

 

Have a great day all!

 

Dan McAllister

IT4SOHO

 

QMT DNS Admin (or at least I WAS!)

 

 

 

From: Angus McIntyre [mailto:an...@pobox.com] 
Sent: Friday, July 8, 2016 9:49 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] catch all account and the spam

 

On Jul 7, 2016, at 1:10 PM, Jim Shupert mailto:jshup...@pps-inc.com> > wrote:

I am wondering what a "wise" method of doing the catch all account regarding 
spam might be

To limit the amount of spam that a standard user who is catch all (me for 
example )

I have created a usr named d...@mydom.com  
this "usr" has a quota of 40 MB … so it goes over quota in a day or so...
It is ,for the sake of argument , ALL spam.
what are you wise folk doing?

 

Because spammers will spam anything and everything — I have seen spam targeting 
‘email addresses’ that were obviously created by some scraper program so dumb 
that it thought a message ID (something like 
“122324313109.1231...@somedomain.com 
 ”) was an email account — I would 
question whether there’s any value in having a catch-all. Better to set up 
.qmail files for the addresses you actually want, and then just send everything 
else to /dev/null.

 

To do that, create a ‘.qmail-default’ file for your domain, enter a ‘#’ 
character on the first line, and then add one blank line after it.

 

If you think that you might some day get useful mail sent to a catch-all 
address, then you’ll probably want to do two things. 

 

One is to set up a cron job that just throws away everything in the catch-all 
account at regular intervals, so that you don’t go over quota and start 
bouncing mail.

 

The other is to use something like procmail to filter the mail coming into the 
catch-all. You can write two kinds of filters. One filter will throw away stuff 
that’s known to be spam (to prevent the mailbox overflowing, and to reduce the 
amount of mail you need to review manually). The other should look for 
particular keywords that indicate something that might be interesting to you, 
and divert that to one of your active mailboxes.

 

Also consider making use of Spamdyke features — for example, rejecting messages 
from domains without valid RDNS — to reduce the amount of spam you need to 
process.

 

Angus