LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-19-2004, 10:40 PM   #1
lsimon4180
Member
 
Registered: Oct 2004
Location: Chicago, IL
Distribution: Fedora Core 2
Posts: 101

Rep: Reputation: 15
Set catchall email deleted option in qmail


Hey,

I am currently running qmail on fedora 2 and i have a quick question. I have several domains with users on for each domain i have the following option set:

Set catchall email deleted

So if an email is sent to a email address on a domain for example blah@example.com that doesnt exisist qmail will delete the email.

In your opinion is this a good idea? for qmail? will it cause any loops or bog down qmail?

The other options are:

Set catchall bounced - which will bounce the email back to the send. This might not be a good idea because it will cause double/triple bounces.

or

Select a user as the catch all - that email account will fill up with email fast.

So I guess my question is, is the Set catchall email deleted the best solution for deleting emails that are sent to the domains that do not exisit? Will this option have any negative effect on qmail? Loops? load? etc...

thanks

lenny
 
Old 10-20-2004, 01:15 AM   #2
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
In my experience I think it's best to catch-all to a sortof /dev/null account. And in this devnull account or in other words mail name put only a "#" in the .qmail file. This should delete all emails to this user and the box won't fill up. Then there is not a remote connection attemping to say, "Sorry this user does not exist".

But generally qmail can handle the double/triple bounces you speak of. But sometimes with large amounts of traffic and high load and when the numbers grow of whatever@yourhostname.com this above method is a relief. But sometimes in a business sense it's good not to miss the errors as people need to know if messages are being delivered!
 
Old 10-20-2004, 08:01 AM   #3
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
If I were you, I would set it for "Catchall bounced" because it's very upsetting for messages to fall into a black hole. Consider this...

Your grandmother decides to write you an email. Your mom tells her the email address over the phone and she writes it down on a napkin. Later on, she sends a message to the address and it never comes back. Did it arrive? Who knows! If she has paulsy or something, then she may have mistyped the email address. If she did, then your set catchall deleted will delete her message completely rather than bouncing it back to sender so she can realize her mistake and try again.

To me, set catchall bounced is the best because it prevents you from losing legitimate mail. I would only use Set catchall deleted if you're really brave and don't mind losing any stray messages that are sent to that account.
 
Old 10-20-2004, 12:14 PM   #4
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Consider this:

Spammer A, send ten thousand mesages to randomemail@yourhostname.com. With return paths to spam target A-Z's. Who's bouncing all that spam, you. How can you solve this?
 
Old 10-20-2004, 03:05 PM   #5
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Well, one thing to consider is the bounces he's generating are not very effective in terms of spam. The recipient of that bounce is going to get a confused look on his face and delete it pretty quick without really looking. Spammers know this, so I have to assume that's the reason I haven't had this kind of attack on my servers in over a year (touch wood!)

Second, if you're running rblsmtpd, and this joker is listed in the database, none of this would ever happen. His IP address would be unable to send you mail regardless of who the recipient happens to be.

Third, if this happens, there are going to be a good many addresses that fail. When this happens, those messages are going to bounce back to your postmaster account. You'll be able to see this problem and block this IP from ever sending mail to you again.

Really I feel this sort of thing isn't a very common problem. The attacker gains nothing by sending the message through your servers. If they were to send the message directly to the target their message would be formatted in the way that looks the best and really is the most effective kind of spam. By sending it through your servers and letting the bounces BECOME the spam, this formats their message improperly and it becomes less effective. And I don't think the receiving mail server is going to blacklist you for sending out bounces.
 
Old 10-20-2004, 03:17 PM   #6
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Agreed. This is not as much a spam issue as a attack problem.

It's very unlikely these types of attacks I mentioned happen often. But they can have a type of DOS feel to them.

Also when your postmaster account gets to be 2000+ bounces a day. it's hard to weed out all the "bad" IP's.
 
Old 10-20-2004, 03:29 PM   #7
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
>> But they can have a type of DOS feel to them.

*nods* I can see that. But I'd expect spammers not to be the ones perptrating this attack, as it would defeat their purpose.

If you've got somebody trying to DOS your machine, it probably means you've got somebody who wants to specifically do harm to your machine. If he's trying to DOS you from a hacked machine, the admin of that machine should probably be very helpful in determining of their systems have been r00ted. Otherwise you may discover that this fellow is the attacker himself. If that's the case, you can simply block his IP and presto! No more problems. Meanwhile you can stay on the phone with their staff until the problem is resolved.

>> your postmaster account gets to be 2000+ bounces a day

Does your server really get that much traffic, or are these bounces? What kind of spam control are you using? Maybe try installing the mfcheck patch which will cut down on your bounces quite a bit. If they are double bounces, I would just discard them, which is what I'm doing.
 
Old 10-20-2004, 03:45 PM   #8
lsimon4180
Member
 
Registered: Oct 2004
Location: Chicago, IL
Distribution: Fedora Core 2
Posts: 101

Original Poster
Rep: Reputation: 15
Thanks a bunch for the advice...I receive like 5-20 emails to blah@mydomains.com a day not too worried about it i just wanted some advice on the catach all delete/bounce option. I might set the bouce option up a little later or maybe sooner....but if i get attacked with like 10,000 emails to bogus domains id rather have it set to delete so it wont cause double/triple bounces...but im not sure when/if that type of attack will happen again or not....if i wasnt worried about not recieving email to my addresses from legit senders (like the grandma example above) is the delete option that bad???

thanks

lenny
 
Old 10-20-2004, 04:17 PM   #9
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
>> if i get attacked with like 10,000 emails to bogus domains id

This should never happen if you have the mfcheck patch installed. mfcheck wont receive mail to your system if the domain is bogus. mfcheck does reverse dns check against the sender domain to be sure bounces are possible.

>> if i wasnt worried about not recieving email to my addresses from legit senders (like the grandma example above) is the delete option that bad???

Well, the idea is... if people misspell your email address, they won't get a bounce to let them know what happened. Their message will just disappear into the ether and they'll assume you received it. If you're not worried about this, then yeah, I'd say go for it.

However, If you're thinking of doing this for your primary domain that the server operates as (/var/qmail/control/me), I would advise against it unless you're just really brave. For example, some people assume that certain email addresses will always exist. Like help@yourdomain.com or abuse@yourdomain.com. If you allow these to fall into /dev/null then you may be missing important client potentials or important info that's vital to your system operations. For this domain, I always suggest setting catchall to the postmaster account and just resign yourself to wading through some excess crap occasionally. If your system is running right, you this should never be that much trouble.
 
Old 10-21-2004, 09:14 PM   #10
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
I've enjoyed this thread thanks' Donboy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Qmail blacklist option k41184 Linux - Software 5 10-20-2005 02:26 AM
email catchall simonhobson Linux - Newbie 1 03-10-2004 07:52 AM
Deleted qmail queue /var/qmail/queue tris Linux - Software 0 10-24-2003 11:52 PM
Deleted boot option for LILO in Mandrake... how do i get it back?! CrossfireCurt Linux - Newbie 9 06-17-2002 03:50 PM
Help! - Deleted boot option for Windows from LILO! - HOW DO I GET IT BACK?! CrossfireCurt Linux - General 2 06-16-2002 10:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration