Hello,
We are using MailEnable in a hosting environment for a large number of customers. We would like to know what the suggested policy is within MailEnable to avoid massive non deliverables to be send to invalid or spam originating mailboxes.
Currently we have disabled NDR on the postoffice connector, but this is not in line with the SMTP standards.
The scenario is that an external spammer sends email to a non existing mailbox for a domain name we host. MailEnable responds with a NDR to that invalid or spammer's address. The mail comes back with a NDR and stays in queue for several days, retrying to deliver the NDR. It is especially what we want to stop. While, preferably, keep the ability to send NDR to valid users.
Many thanks,
NDR Bouncing
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
The server should not be receiving mail for invalid addresses. ie: The smtp connector should refuse to accept the mail and not even queue it.
The only way it could recieve the mail is if the address in question is either defined as an address map/defined for a mailbox - or if you are using a catch all mailbox. (In hosted enironments catch-alls are obviously discouraged).
Is there anything special in your configuration that would have the mail server accept mail to an underfined local address?
The only way it could recieve the mail is if the address in question is either defined as an address map/defined for a mailbox - or if you are using a catch all mailbox. (In hosted enironments catch-alls are obviously discouraged).
Is there anything special in your configuration that would have the mail server accept mail to an underfined local address?
Regards, Andrew
I noticed already a few times that badly implemented forums on our customer servers caused a huge load of fake registration emails to be queued.
Still, if I configure my mailserver with no catch all. Like mymailbox@mydomain.com and a spammer sends email to nonexisting@mydomain.com, then the mailenable system will respond with an NDR to the spammer as the mailbox is not existing. It is exactly that what I think we are having as issue.
Still, if I configure my mailserver with no catch all. Like mymailbox@mydomain.com and a spammer sends email to nonexisting@mydomain.com, then the mailenable system will respond with an NDR to the spammer as the mailbox is not existing. It is exactly that what I think we are having as issue.
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
The scenario is that an external spammer sends email to a non existing mailbox for a domain name we host. MailEnable responds with a NDR to that invalid or spammer's address.
Above, you indicate that MailEnable will accept mail for mailboxes that are not defined. That can only happen if you have configured MailEnable to accept mail for non-existent addresses. ie: a catch-all has been created for the domain.
Without a catch-all, MailEnable will not generate NDRs, because the SMTP Connector will refuse the inbound message at the RCPT command. ie: MailEnable's SMTP service does not even take delivery of invalid addressed e-mail let alone send an NDR.
Again, the only acception is if you have configured MailEnable to do otherwise (either by catch-all/blind smarhosting the domain) - both of which should not be done in a hosted environment.
I suggest you first attempt to emulate the misbehaviour of the spammer and then inspect the smtp logs and detemine why the message is being accepted to an invalid/undefined e-mail address.
Another thing is that if you do have a catch-all defined, you should set it to have unlimited quota - since you will find that if they become full, they can (and will) generate backscatter spam - whereby the postoffice connector will refuse to deliver the message and generate a bounce.
Again, the solution is to stop the messages coming in - so they dont generate ndrs in the first place - the smtp logs will tell you how they are getting in. If you have queries reviewing the logs, perhaps block out the ips and post extracts of the smtp activity and debug logs at the time the spammer is attempting to generate an inbound message.
Regards, Andrew
Milter Ahead
I looked into it and this is our problem:
We are a victim of a "reflected spam attack". Spammers intentionally send a message to an non-existent account. This message has a forged return address which is the the real target of the spam.
Our anti-spam system uses milter-ahead:
"Milter-ahead implements a "call-forward" technique, for use by mail gateways that desire a method of verifying that the recipient of a message exists on an authoritative mail store before the gateway accepts the message. Think of it as a poor man's LDAP. Many mail systems split the functions of mail transfer and that of storage & retrieval over two or more systems. Historically a mail gateway would always blindly accept and forward mail to their mail store, but spammers will often send mail to a domain using a dictionary of user names, resulting in many error message returns that can sometimes saturate the mail gateway. Often this situation is compounded by the mail gateway queuing those useless error messages for days as they attempt to send them back to the spammers that used throw away domains or mail servers that are now "off", eventually resulting in hundreds of "double-bounce" errors being sent to the mail gateway's postmaster mailbox."
How do I configure MailEnable to reject invalid recipients at the SMTP transaction level?
thanks
We are a victim of a "reflected spam attack". Spammers intentionally send a message to an non-existent account. This message has a forged return address which is the the real target of the spam.
Our anti-spam system uses milter-ahead:
"Milter-ahead implements a "call-forward" technique, for use by mail gateways that desire a method of verifying that the recipient of a message exists on an authoritative mail store before the gateway accepts the message. Think of it as a poor man's LDAP. Many mail systems split the functions of mail transfer and that of storage & retrieval over two or more systems. Historically a mail gateway would always blindly accept and forward mail to their mail store, but spammers will often send mail to a domain using a dictionary of user names, resulting in many error message returns that can sometimes saturate the mail gateway. Often this situation is compounded by the mail gateway queuing those useless error messages for days as they attempt to send them back to the spammers that used throw away domains or mail servers that are now "off", eventually resulting in hundreds of "double-bounce" errors being sent to the mail gateway's postmaster mailbox."
How do I configure MailEnable to reject invalid recipients at the SMTP transaction level?
thanks
Re: NDR Bouncing
MailEnable,
We are using a second ME server as a backup MX and to offload some of the RDNSBL duties from our main server. That sever smarthosts our domains to our main server, which is (I believe) a legitimate and necessary instance of the server accepting invalid e-mail addresses that does not involve catch-all.
Is there a method I'm not aware of to have our front-end server check with the back-end server during the SMTP process to prevent accepting and processing invalid recipient messages?
Thanks,
-Tom R.
We are using a second ME server as a backup MX and to offload some of the RDNSBL duties from our main server. That sever smarthosts our domains to our main server, which is (I believe) a legitimate and necessary instance of the server accepting invalid e-mail addresses that does not involve catch-all.
Is there a method I'm not aware of to have our front-end server check with the back-end server during the SMTP process to prevent accepting and processing invalid recipient messages?
Thanks,
-Tom R.