From: Bobby (dragonalimex.biz)
Date: Tue Mar 01 2005 - 13:22:27 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Noel,

yep, sorry for that, it seems i missed some info.
I fought this problem about two years ago, but I did not dig in to it then. It appears I am digging with wrong examples now :)

rob0:

Basically, I don't like using html in emails at all.
Could you please be more specific about the broken MUA, because it
seems fine to me and I think this would validate as HTML 4.01.

About the DNS, please comment on this:

;; QUESTION SECTION:
;cyberinbox.com. IN MX

;; ANSWER SECTION:
cyberinbox.com. 3600 IN MX 0 dev.null.

;; Query time: 171 msec
;; SERVER: 67.18.235.194#53(ns1.adrress.com)
;; WHEN: Tue Mar 1 21:20:25 2005
;; MSG SIZE rcvd: 56

Best regards,
Bobby
Alimex
dragonalimex.biz

Tuesday, March 1, 2005, 8:50:05 PM, you wrote:

NJ> At 12:31 PM 3/1/2005, Bobby wrote:

>>Dear All,
>>
>>
>>thanks to all of you for your answers. Well, the problem is serious, and
>>it is a problem. I say that, because it is spam again, using the RFC.
>>
>>
>>So, let's say we do not want to stop mail from <> to our own users. That
>>will cause a large amount of viruses and other spam reaching them.

NJ> You can always reject or discard viruses and spam according to local
NJ> policy, no matter what the sender address. But don't reject mail just
NJ> because it uses the null sender address, that would be very wrong. The
NJ> null sender address is not a fool-proof indicator of spam.

>>But, there is also another problem - relaying. I am sure there is a way to
>>stop it. And I am also sure you can help about that. Maybe this could be
>>the first step of making just a little better configuration :)
>>
>>
>>Here is an example of a relay-abusing mail from <>:
>>

NJ> more comments below...

>>postfix/qmgr[777]: 1BA0874C2BB: from=<>, size=6707, nrcpt=1 (queue active)
>>
>>postfix/smtp[16307]: warning: no MX host for cyberinbox.com has a valid A
>>record
>>
>>postfix/smtp[16307]: 1BA0874C2BB: to=<fvlbeezvyllcyberinbox.com>,
>>relay=none, delay=0, status=bounced ([dev.null]: Name or service not known)
>>
>>postfix/qmgr[777]: 1BA0874C2BB: removed
>>
>>
>>Well:
>>
>>;; QUESTION SECTION:
>>
>>;cyberinbox.com. IN MX
>>
>>
>>;; ANSWER SECTION:
>>
>>cyberinbox.com. 928 IN MX 0 dev.null.
>>
>>
>>;; AUTHORITY SECTION:
>>
>>cyberinbox.com. 170117 IN NS ns2.adrress.com.
>>
>>cyberinbox.com. 170117 IN NS ns1.adrress.com.

NJ> You have accepted mail and then later bounced it. YOU are generating the
NJ> <> sender address. Either you accepted mail for an invalid user or you
NJ> have a content filter (or downstream mail server) that is rejecting the mail.
NJ> Don't do that. Once you accept a spam mail, you must either tag+deliver
NJ> or discard. Sending a bounce is not an acceptable option any more.

>>postfix/qmgr[777]: 6DF1674C2BE: from=<>, size=4048, nrcpt=1 (queue active)
>>
>>postfix/smtp[16322]: connect to mail.cgocable.com[24.226.1.11]: Connection
>>timed out (port 25)
>>
>>postfix/smtp[16322]: 6DF1674C2BE: to=<evnmlhslmsicjucgocable.com>,
>>relay=none, delay=220013, status=deferred (connect to
>>mail.cgocable.com[24.226.1.11]: Connection timed out)
>>

NJ> Same thing with this one. YOU are sending a bounce.

>>And just for today I have 148 mails with from=<>. I am sure these are not
>>bounces :)
>>
>>So, how about that?! Well, it does produce a lot of garbage and relays
>>spam to some MTA on the net.
>>
>>I am quite sure my server won't get listed as an open relay for that. But
>>at least I don't want to fill up my bandwidth with this garbage.
>>
>>All mail to unknown recepients in my domain gets rejected. Let us reject
>>mail from <> to other users also.

NJ> Are you sure you're rejecting mail to unknown users? are you sure you
NJ> don't have a content filter or downstream mail server rejecting mail you
NJ> have already accepted? I think you should check again.
NJ> Check your logs for where these bounces are originating.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]