Excepting mail ONLY for valid users

Hello,

I've been experiencing a problem lately with spammers forging their
Reply-To and From headers and inserting '<random_username>@mydomain.com'
in these fields.

Obviously, most of their email fails to be delivered and the recepient's
mail server replies to this non-existent user notifying him of the
failure. This in turn bounces to postmaster (me) reporting that
<random_username>@mydomain.com doesn't exist, which is of course true
since the bloody spammer just made it up.

Is there a patch for qmail to check for the validity of the destination
email address before accepting the message? I realise this may give the
server a performance hit, but I'm more than willing to pay that price in
exchange of the 60 failure notices I've received today.

Thanks,

Mark

Mark Kaufer wrote:
>
> Hello,
>
> I've been experiencing a problem lately with spammers forging their
> Reply-To and From headers and inserting '<random_username>@mydomain.com'
> in these fields.
>
> Obviously, most of their email fails to be delivered and the recepient's
> mail server replies to this non-existent user notifying him of the
> failure. This in turn bounces to postmaster (me) reporting that
> <random_username>@mydomain.com doesn't exist, which is of course true
> since the bloody spammer just made it up.
>
> Is there a patch for qmail to check for the validity of the destination
> email address before accepting the message? I realise this may give the
> server a performance hit, but I'm more than willing to pay that price in
> exchange of the 60 failure notices I've received today.

There is an interesting read on this subject here:
http://groups.google.com/groups?thre...5.ctd.ornl.gov

On Wed, 21 Jan 2004 07:30:25 -0500, Peter Kleiner <kleinerp@NOSPAM.smbmicro.com> wrote to alt.comp.mail.qmail:
> Mark Kaufer wrote:
>>
>> Hello,
>>
>> I've been experiencing a problem lately with spammers forging their
>> Reply-To and From headers and inserting '<random_username>@mydomain.com'
>> in these fields.
>>
>> Obviously, most of their email fails to be delivered and the recepient's
>> mail server replies to this non-existent user notifying him of the
>> failure. This in turn bounces to postmaster (me) reporting that
>> <random_username>@mydomain.com doesn't exist, which is of course true
>> since the bloody spammer just made it up.
>>
>> Is there a patch for qmail to check for the validity of the destination
>> email address before accepting the message? I realise this may give the
>> server a performance hit, but I'm more than willing to pay that price in
>> exchange of the 60 failure notices I've received today.
>
> There is an interesting read on this subject here:
> http://groups.google.com/groups?thre...5.ctd.ornl.gov

Thanks for the reply, Peter.

I've implemented Dave Sill's control/doublebounceto, but unfortunately,
it doeesn't look like it worked. Is there a patch that needs to be
applied for that to function properly?

I actually have already patched my qmail w/ qmail-1.03-mfcheck.3.patch
and that works great. http://www.interazioni.it/qmail/ looks very
interesting; I'll have to try that out.

Cheers,

Mark

Mark Kaufer <mark.kaufer@NO.SPAM.bloodyhell.us> writes:

> I've implemented Dave Sill's control/doublebounceto, but unfortunately,
> it doeesn't look like it worked. Is there a patch that needs to be
> applied for that to function properly?

No. What did you do, exactly? How is it working?

--
Dave Sill Oak Ridge National Lab, Workstation Support
Author, The qmail Handbook <http://web.infoave.net/~dsill>
<http://lifewithqmail.org/>: Almost everything you always wanted to know.

On Thu, 22 Jan 2004 09:38:12 -0500, Dave Sill <MaxFreedom@sws5.ornl.gov> wrote to alt.comp.mail.qmail:
> Mark Kaufer <mark.kaufer@NO.SPAM.bloodyhell.us> writes:
>
>> I've implemented Dave Sill's control/doublebounceto, but unfortunately,
>> it doeesn't look like it worked. Is there a patch that needs to be
>> applied for that to function properly?
>
> No. What did you do, exactly? How is it working?

I created /var/qmail/control/doublebounceto which is owned by root.root
and chmod 644:

-rw-r--r-- 1 root root 13 Jan 21 10:13 doublebounceto

In it is 'doublebounce':

# cat doublebounceto
doublebounce

Then in ~alias, I created .qmail-doublebounce which is owned by
root.qmail and is also 644:

-rw-r--r-- 1 root qmail 2 Jan 21 10:13 .qmail-doublebounce

In ~alias/.qmail-doublebounce, is a single hash:

# cat ~alias/.qmail-doublebounce
#

From what I read, it looked like that was pretty much it. Am I missing
something?

Cheers,

Mark

Mark Kaufer <mark.kaufer@NO.SPAM.bloodyhell.us> writes:

> I created /var/qmail/control/doublebounceto which is owned by root.root
> and chmod 644:
>
> -rw-r--r-- 1 root root 13 Jan 21 10:13 doublebounceto
>
> In it is 'doublebounce':
>
> # cat doublebounceto
> doublebounce
>
> Then in ~alias, I created .qmail-doublebounce which is owned by
> root.qmail and is also 644:
>
> -rw-r--r-- 1 root qmail 2 Jan 21 10:13 .qmail-doublebounce
>
> In ~alias/.qmail-doublebounce, is a single hash:
>
> # cat ~alias/.qmail-doublebounce
> #
>
> From what I read, it looked like that was pretty much it. Am I missing
> something?

Nope, that's it. Now show me the logs for a double bounce. You can
create one by injecting a message via telnet to port 25 with a bogus
sender and recipient. See step 7 in TEST.deliver.

--
Dave Sill Oak Ridge National Lab, Workstation Support
Author, The qmail Handbook <http://web.infoave.net/~dsill>
<http://lifewithqmail.org/>: Almost everything you always wanted to know.