invalid users silent drop

If spam is sent to an invalid user, my very simple and near
default postfix install sends an error message back to the
"sender" giving them an "unknown user" error message.

I understand that in the case of spam those messages are probably
sent to forged addresses of innocents, and I don't want to do
that.

So what is the best way to treat this? Silently drop them? Is
there a way to not even accept the connection/email?

I can post my main.cf settings if you like, but as I said it's
pretty much default except the obvious myorigin and hostname
stuff.

--
Troy Piggins
,-o
o ) Ubuntu linux 6.06 http://ubuntu.com RLU#415538 http://counter.li.org
`-o uptime: 19:59:05 up 16 days,1:27,2 users,load average:0.00,0.01,0.00

I have the opposite problem!! I've been asked to look into a "problem" of
ours, even though I have no postfix experience whatsoever. Our environment
looks like this:

Internet->Postfixbox->Internal exchange server

Basically we can send and receive emails just fine, EXCEPT...

When a spammer uses a fake email address, and the foreign email server
bounces back the offending email to the sender (who has used a valid
reply-to email adddress belonging to us), we don't receive the email at all.

Any ideas?

* cpu wrote:
> I have the opposite problem!! I've been asked to look into a "problem" of
> ours, even though I have no postfix experience whatsoever. Our environment
> looks like this:
>
> Internet->Postfixbox->Internal exchange server
>
> Basically we can send and receive emails just fine, EXCEPT...
>
> When a spammer uses a fake email address, and the foreign email server
> bounces back the offending email to the sender (who has used a valid
> reply-to email adddress belonging to us), we don't receive the email at all.

That's not the opposite problem - that's a completely different
problem on a completely different network arrangement, isn't it?

What is your definition of the "foreign" email server? The
recipient of the spam? So spam is getting bounced back to you.
How do you know you aren't getting the email? Getting it where?
On the postfix box or the exchange box?

> Any ideas?

Yep. Post a new thread with a subject heading and content more
relevant to your own specific problem?

--
Troy Piggins
,-o
o ) Ubuntu linux 6.06 http://ubuntu.com RLU#415538 http://counter.li.org
`-o uptime: 21:24:32 up 16 days,2:53,2 users,load average:0.05,0.03,0.00

Troy Piggins wrote:
> If spam is sent to an invalid user, my very simple and near
> default postfix install sends an error message back to the
> "sender" giving them an "unknown user" error message.
>
> I understand that in the case of spam those messages are probably
> sent to forged addresses of innocents, and I don't want to do
> that.
>
> So what is the best way to treat this? Silently drop them? Is
> there a way to not even accept the connection/email?

Erm, that's how SMTP works (RFC2821 and RFC2822). A server should never
silently accept mail it has no intention of ever delivering. This
"violates" the RFC. If you intend managing the e-mail server, I'd
strongly suggest you familiarise yourself with those two (very dull)
documents :)

> I can post my main.cf settings if you like, but as I said it's
> pretty much default except the obvious myorigin and hostname
> stuff.

Use grey-listing (google "postgrey"). Grey-listing will bounce most of
your spam before Postfix ever has to worry about whether or not a
recipient is valid. For the few that get through (from forged
addresses) there's very little you can do about them without ending up
on the RFC-ignorant black lists.

I know I sure as hell would report a mail server that silently drops
messages or does other equally inept things ;)

Cheers,

James

* Centurion wrote:
> Troy Piggins wrote:
>> If spam is sent to an invalid user, my very simple and near
>> default postfix install sends an error message back to the
>> "sender" giving them an "unknown user" error message.
>>
>> I understand that in the case of spam those messages are probably
>> sent to forged addresses of innocents, and I don't want to do
>> that.
>>
>> So what is the best way to treat this? Silently drop them? Is
>> there a way to not even accept the connection/email?
>
> Erm, that's how SMTP works (RFC2821 and RFC2822). A server should never
> silently accept mail it has no intention of ever delivering. This
> "violates" the RFC. If you intend managing the e-mail server, I'd
> strongly suggest you familiarise yourself with those two (very dull)
> documents :)

Thanks for you input. I'll read those (very dull) documents.
I should point out that the server is only for a very small
family network who like their own domain name for emails and very
simple home page. Nevertheless I would still like to comply with
the relevant RFCs of course.

>> I can post my main.cf settings if you like, but as I said it's
>> pretty much default except the obvious myorigin and hostname
>> stuff.
>
> Use grey-listing (google "postgrey"). Grey-listing will bounce most of
> your spam before Postfix ever has to worry about whether or not a
> recipient is valid. For the few that get through (from forged
> addresses) there's very little you can do about them without ending up
> on the RFC-ignorant black lists.

I've heard of greylisting but never implemented it. I'll look
further.

> I know I sure as hell would report a mail server that silently drops
> messages or does other equally inept things ;)

Well I wouldn't want that! :)

Thanks for your input.

--
Troy Piggins
,-o
o ) Ubuntu linux 6.06 http://ubuntu.com RLU#415538 http://counter.li.org
`-o uptime: 09:38:41 up 17 days,15:07,2 users,load average:0.00,0.00,0.00

On 28.09.2006 01:42 Troy Piggins wrote

> * Centurion wrote:
>> Use grey-listing (google "postgrey"). Grey-listing will bounce most of
>> your spam before Postfix ever has to worry about whether or not a
>> recipient is valid. For the few that get through (from forged
>> addresses) there's very little you can do about them without ending up
>> on the RFC-ignorant black lists.
>
> I've heard of greylisting but never implemented it. I'll look
> further.
>

While grey-listing (http://isg.ee.ethz.ch/tools/postgrey/) is powerfull,
hostname based selective grey-listing is even more powerfull
(http://lists.ee.ethz.ch/postgrey/msg01214.html). With hbs grey-listing
you don't even have to maintain white lists ...




Best regards,
Arnold

* Arnold Nipper wrote:
> On 28.09.2006 01:42 Troy Piggins wrote
>
>> * Centurion wrote:
>>> Use grey-listing (google "postgrey"). Grey-listing will
>>> bounce most of your spam before Postfix ever has to worry
>>> about whether or not a recipient is valid. For the few that
>>> get through (from forged addresses) there's very little you
>>> can do about them without ending up on the RFC-ignorant black
>>> lists.
>>
>> I've heard of greylisting but never implemented it. I'll look
>> further.
>>
>
> While grey-listing (http://isg.ee.ethz.ch/tools/postgrey/) is
> powerfull, hostname based selective grey-listing is even more
> powerfull (http://lists.ee.ethz.ch/postgrey/msg01214.html).
> With hbs grey-listing you don't even have to maintain white
> lists ...

Thankyou, I'll look into that also.

--
Troy Piggins
,-o
o ) Ubuntu linux 6.06 http://ubuntu.com RLU#415538 http://counter.li.org
`-o uptime: 21:30:27 up 18 days,2:59,2 users,load average:0.00,0.00,0.00