Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-19-2004, 10:40 PM
|
#1
|
Member
Registered: Oct 2004
Location: Chicago, IL
Distribution: Fedora Core 2
Posts: 101
Rep:
|
Set catchall email deleted option in qmail
Hey,
I am currently running qmail on fedora 2 and i have a quick question. I have several domains with users on for each domain i have the following option set:
Set catchall email deleted
So if an email is sent to a email address on a domain for example blah@example.com that doesnt exisist qmail will delete the email.
In your opinion is this a good idea? for qmail? will it cause any loops or bog down qmail?
The other options are:
Set catchall bounced - which will bounce the email back to the send. This might not be a good idea because it will cause double/triple bounces.
or
Select a user as the catch all - that email account will fill up with email fast.
So I guess my question is, is the Set catchall email deleted the best solution for deleting emails that are sent to the domains that do not exisit? Will this option have any negative effect on qmail? Loops? load? etc...
thanks
lenny
|
|
|
10-20-2004, 01:15 AM
|
#2
|
Senior Member
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131
Rep:
|
In my experience I think it's best to catch-all to a sortof /dev/null account. And in this devnull account or in other words mail name put only a "#" in the .qmail file. This should delete all emails to this user and the box won't fill up. Then there is not a remote connection attemping to say, "Sorry this user does not exist".
But generally qmail can handle the double/triple bounces you speak of. But sometimes with large amounts of traffic and high load and when the numbers grow of whatever@yourhostname.com this above method is a relief. But sometimes in a business sense it's good not to miss the errors as people need to know if messages are being delivered!
|
|
|
10-20-2004, 08:01 AM
|
#3
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
If I were you, I would set it for "Catchall bounced" because it's very upsetting for messages to fall into a black hole. Consider this...
Your grandmother decides to write you an email. Your mom tells her the email address over the phone and she writes it down on a napkin. Later on, she sends a message to the address and it never comes back. Did it arrive? Who knows! If she has paulsy or something, then she may have mistyped the email address. If she did, then your set catchall deleted will delete her message completely rather than bouncing it back to sender so she can realize her mistake and try again.
To me, set catchall bounced is the best because it prevents you from losing legitimate mail. I would only use Set catchall deleted if you're really brave and don't mind losing any stray messages that are sent to that account.
|
|
|
10-20-2004, 12:14 PM
|
#4
|
Senior Member
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131
Rep:
|
Consider this:
Spammer A, send ten thousand mesages to randomemail@yourhostname.com. With return paths to spam target A-Z's. Who's bouncing all that spam, you. How can you solve this?
|
|
|
10-20-2004, 03:05 PM
|
#5
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
Well, one thing to consider is the bounces he's generating are not very effective in terms of spam. The recipient of that bounce is going to get a confused look on his face and delete it pretty quick without really looking. Spammers know this, so I have to assume that's the reason I haven't had this kind of attack on my servers in over a year (touch wood!)
Second, if you're running rblsmtpd, and this joker is listed in the database, none of this would ever happen. His IP address would be unable to send you mail regardless of who the recipient happens to be.
Third, if this happens, there are going to be a good many addresses that fail. When this happens, those messages are going to bounce back to your postmaster account. You'll be able to see this problem and block this IP from ever sending mail to you again.
Really I feel this sort of thing isn't a very common problem. The attacker gains nothing by sending the message through your servers. If they were to send the message directly to the target their message would be formatted in the way that looks the best and really is the most effective kind of spam. By sending it through your servers and letting the bounces BECOME the spam, this formats their message improperly and it becomes less effective. And I don't think the receiving mail server is going to blacklist you for sending out bounces.
|
|
|
10-20-2004, 03:17 PM
|
#6
|
Senior Member
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131
Rep:
|
Agreed. This is not as much a spam issue as a attack problem.
It's very unlikely these types of attacks I mentioned happen often. But they can have a type of DOS feel to them.
Also when your postmaster account gets to be 2000+ bounces a day. it's hard to weed out all the "bad" IP's.
|
|
|
10-20-2004, 03:29 PM
|
#7
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
>> But they can have a type of DOS feel to them.
*nods* I can see that. But I'd expect spammers not to be the ones perptrating this attack, as it would defeat their purpose.
If you've got somebody trying to DOS your machine, it probably means you've got somebody who wants to specifically do harm to your machine. If he's trying to DOS you from a hacked machine, the admin of that machine should probably be very helpful in determining of their systems have been r00ted. Otherwise you may discover that this fellow is the attacker himself. If that's the case, you can simply block his IP and presto! No more problems. Meanwhile you can stay on the phone with their staff until the problem is resolved.
>> your postmaster account gets to be 2000+ bounces a day
Does your server really get that much traffic, or are these bounces? What kind of spam control are you using? Maybe try installing the mfcheck patch which will cut down on your bounces quite a bit. If they are double bounces, I would just discard them, which is what I'm doing.
|
|
|
10-20-2004, 03:45 PM
|
#8
|
Member
Registered: Oct 2004
Location: Chicago, IL
Distribution: Fedora Core 2
Posts: 101
Original Poster
Rep:
|
Thanks a bunch for the advice...I receive like 5-20 emails to blah@mydomains.com a day not too worried about it i just wanted some advice on the catach all delete/bounce option. I might set the bouce option up a little later or maybe sooner....but if i get attacked with like 10,000 emails to bogus domains id rather have it set to delete so it wont cause double/triple bounces...but im not sure when/if that type of attack will happen again or not....if i wasnt worried about not recieving email to my addresses from legit senders (like the grandma example above) is the delete option that bad???
thanks
lenny
|
|
|
10-20-2004, 04:17 PM
|
#9
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
>> if i get attacked with like 10,000 emails to bogus domains id
This should never happen if you have the mfcheck patch installed. mfcheck wont receive mail to your system if the domain is bogus. mfcheck does reverse dns check against the sender domain to be sure bounces are possible.
>> if i wasnt worried about not recieving email to my addresses from legit senders (like the grandma example above) is the delete option that bad???
Well, the idea is... if people misspell your email address, they won't get a bounce to let them know what happened. Their message will just disappear into the ether and they'll assume you received it. If you're not worried about this, then yeah, I'd say go for it.
However, If you're thinking of doing this for your primary domain that the server operates as (/var/qmail/control/me), I would advise against it unless you're just really brave. For example, some people assume that certain email addresses will always exist. Like help@yourdomain.com or abuse@yourdomain.com. If you allow these to fall into /dev/null then you may be missing important client potentials or important info that's vital to your system operations. For this domain, I always suggest setting catchall to the postmaster account and just resign yourself to wading through some excess crap occasionally. If your system is running right, you this should never be that much trouble.
|
|
|
10-21-2004, 09:14 PM
|
#10
|
Senior Member
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131
Rep:
|
I've enjoyed this thread thanks' Donboy
|
|
|
All times are GMT -5. The time now is 11:54 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|