From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 08:16:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6FA2016A403 for ; Wed, 20 Dec 2006 08:16:49 +0000 (UTC) (envelope-from beastie@mra.co.id) Received: from mx3.mra.co.id (fw.mra.co.id [202.57.14.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B91A43CA0 for ; Wed, 20 Dec 2006 08:16:46 +0000 (GMT) (envelope-from beastie@mra.co.id) Received: from localhost (localhost.mra.co.id [127.0.0.1]) by mx3.mra.co.id (Postfix) with ESMTP id E133D31058; Wed, 20 Dec 2006 15:02:22 +0700 (WIT) Received: from mx3.mra.co.id ([127.0.0.1]) by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93322-28; Wed, 20 Dec 2006 15:02:22 +0700 (WIT) Received: from mail.mra.co.id (unknown [172.16.0.224]) by mx3.mra.co.id (Postfix) with ESMTP id 636B731055; Wed, 20 Dec 2006 15:02:22 +0700 (WIT) Received: from intranet.mra.co.id (unknown [172.16.0.223]) by mail.mra.co.id (Postfix) with ESMTP id 8C7DD660474A; Wed, 20 Dec 2006 15:22:49 +0700 (WIT) Message-ID: <13738411.2021166603880825.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> Date: Wed, 20 Dec 2006 15:38:00 +0700 (WIT) From: Beastie MRA To: Matthew Seaman In-Reply-To: <4588DF80.2090008@infracaninophile.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (normal) X-Mailer: OPEN-XCHANGE 0.8.0-6 - WebMail X-Operating-System: FreeBSD 6.0-RELEASE i386 (JVM 1.4.2-p8) Organization: MRAGroup References: <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <20061220033159.GA70898@wjv.com> <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <4588DF80.2090008@infracaninophile.co.uk> X-Virus-Scanned: by amavisd-new at mra.co.id Cc: bv@wjv.com, freebsd-questions@freebsd.org Subject: Re: undeliverable mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 08:16:49 -0000 On Dec 20, 2006 02:00 PM, Matthew Seaman wrote: >Beastie MRA wrote: >>On Dec 20, 2006 10:31 AM, Bill Vermillion wrote: >> >>>It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with >>>doors labeled "Dungeon" and "Forbidden". There is noise, the door >>>marked Dungeon flies open and Beastie MRA SHOUTS: >>> >>>>Dear All. >>>> >>>>For past few days, my MX receive thousand of undeliverable message >>>>destinated for my non existent user at my domain. >>>>This message source come from valid and well configured (almost) >>>>smtp >>>>server on internet. >>>>I'ts waste my internet b/w, cause my MX will reject with non >>>>existent >>>>user message. >>>>I'll try spamd on my firewall and greylist on my MX (postfix), but >>>>still >>>>no effective, and i cannot block undeliverable >>>>message as RFC rules >>>> >>>>Is there any way i can fix this ? >>>>Please help >>>I use the virtusertable in sendmail, and I have my valid addresses, >>>such as bv@wjv.com bv and then for after that is >>>a line of @wjv.com nouser. >>> >>>And nouser is defined in aliases as nouser: /dev/null >>> >>>On one of the mail servers I maintain I just checked and I >>>had 260,000+ messages routed to "*file*" in the maillog - which >>>shows up as mailer=*file* in the logs. That maillog rotates >>>every night at midnight. >>> >>>Is not really a freebsd-net problem so I removed that from the >>>reply to line. >>> >>>Bill >>> >>>-- >>>Bill Vermillion - bv @ wjv . com >> >>Thanks for response... >> >>but this virtusertable will not stop SMTP server in internet to keep >>send you undeliverable message. >>I assume someone doing nasty with forged and use my domain email to >>send >>his spam message to non existing user. >>and i got undeliverable message. >>Is there any clue ?? >>Oh.. i forget to mention i use 4.11-STABLE for my MX > >Hmmm... SPF records are a good tool against this sort of thing. >Perhaps if you change from: > >mra.co.id. "v=spf1 mx " > >to > >mra.co.id. "v=spf1 mx -all" > >That means that SPF compliant mail servers should refuse to accept >messages (ie. a hard fail) from any machine other than the MXes for >mra.co.id See http://www.openspf.org/SPF_Record_Syntax for the full >story on SPF records. > >It's not a 100% solution and it will take the spammers some time to >realise that forging your address in their e-mails is much less >effective. On the positive side, it will mean that many mailservers >reject the incoming spam during the SMTP dialog so you'll get fewer >bounce messages. > >This problem exposes an architectural flaw in many e-mail server >setups. Either all of the MXes for a domain have to be able to verify >addresses on incoming e-mails and reject any non-existent destinations >during the SMTP dialog, or (like Bill does above) once a message has >been accepted by any of the mail servers for your domain, it should >never be bounced back to the (probably forged) mail address in the >headers because the recipient doesn't exist. Bouncing for other >reasons, >(like eg. mailbox over quota) does not generally add to the overall >spam >load. Normally a very simple site with just one server will get that >right, >but a more complex site with several MXes and various SMTP routers etc. >internally will frequently not. > >Cheers, > >Matthew > >-- >Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >Flat 3 >PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >Kent, CT11 9PW Thanks... i have problem with SPF record in dns , because i have serveral mobile users and off site users that use SMTP provide by internet provider. and i cant list it one by one in spf record. :( regards Reza