On 05/19/2014 08:06 AM, Jim Shupert wrote:
How might one do - have a DELETE rule for badly addressed messages. I
just drop them and forget about it?
is it as easy as: " Set catchall email deleted " from admin
in truth ... i thought you HAD to have a catch all account -- yes - i
would rather not.
thanks
Personally, I use a catchall account for my domain, and I don't get very
much spam there at all. I do a few use a few tools for mitigating this.
1) the badmailto file can specify addresses with a regex. So for
example, if your domain accounts don't contain numbers or whatever
special characters, or your accounts always follow a certain pattern,
you can write badmailto rules to reject these attempts. I used to get a
lot of spam with numbers in the account name, and eliminated them witha
few badmailto rules. This file can also be used to reject messages to
defunct accounts.
2) use spamdyke to blacklist local domains. This seems counter
intuitive, but so long as legit users always authenticate and only send
email via your server, this works nicely.
That being said, I can see where some domains would want to simply
delete these messages. While deleting messages goes against the RFCs,
doing so certainly appears to be a best practice. Some rules, while well
intended, have unintended consequences. I think this is one such rule.
also that strategy of : " giving each user a separate mailbox name and
e-mail address "
yes , that is interesting -- I can see how that would work
....unfortunately in my current situation folks already have the
"configuration " that we have.
but maybe for a new bunch of folks a new domain
This is a most excellent method of managing user accounts. I've
considered doing this, but haven't actually implemented it yet. Along
these lines, I've also considered modifying the header record qmail adds
so that the authentication account isn't listed in its entirety. This
would help to protect the actual account name.
thanks for the food for thought ,,, a hardy meal.
jim
Thanks as well.
--
-Eric 'shubes'
On 5/19/2014 10:28 AM, Dan McAllister wrote:
Jim,
Exactly why do you want/need a catchall account at all? Albeit, while
that is far better than having a REJECT rule for badly addressed
messages, it also creates an ongoing headache of someone having to
scan through tons of messages that you KNOW are most likely SPAM.
First, some background -- you can do 3 things with badly addressed
mail messages in QMail:
- reject them
- send them to a catchall account
- delete them
Personally, all of my servers have a DELETE rule for badly addressed
messages. I just drop them and forget about it.
First, most new admins want to use a REJECT option -- tell users they
got a bad email address. This is the WORST option, however! Because of
address phishing, you will get many times more SPAM than otherwise if
you send REJECT messages. Why? Spammers will send 100,000 messages to
your server addressed to [email protected], [email protected] [email protected]...
and so forth (usually, it is actually a dictionary/name attack more
than a brute-force attack, but you get the idea). Their goal is to
send you 100,000 emails and get only 99,998 bounce messages -- and
voila! They have 2 "good" email addresses they can add to their "list
of proven good addresses" that they sell to other spammers.
Just having a domain that is "searchable" that way will increase your
SPAM attacks many-fold! So accept EVERYTHING (they'll stop phishing
when they realize you NEVER reject a message due to a bad address!)
That leaves 2 options:
- keep the bad messages, or
- just silently delete them
In my book, I delete them. If you WANT to read through hundreds (or
thousands) of messages that are nearly always SPAM, that's your
business... but there are other ways to determine that a badly
addressed message was attempted -- like that the recipient never got it!
===
One last tidbit for security: A lot of us are essentially lazy when it
comes to accounts for email. Consider this: if your email address is
your login ID, then a hacker only needs to know your password to break
in! Consider instead, giving each user a separate mailbox name and
e-mail address:
[email protected] is just the email address... it actually is an
alias (forward in QMT) for the mailbox [email protected]. Axyl
needs to know the mailbox name when he sets up his mail clients (or
uses webmail), but other than that, everyone uses axyl@ as the email
address. When an "attacker" wants to break into the mail server for
gunsnroses.com, they can use the name [email protected] until the
cows come back from the moon -- but it'll never work, because that
isn't a valid account.
FWIW: for my corporate accounts, I create a mailbox name (I won't
disclose the formula), and then forwards for the actual user in the
form of: [email protected], [email protected], [email protected],
[email protected], & [email protected] (although first@ is
sometimes omitted)... then the user can tell their
friends/coworkers/associates any of the aliases that they prefer...
and while all work, none are the login name for the user (nor the
mailbox name).
Just food for thought.
Dan McAllister
On 5/19/2014 9:15 AM, Jim Shupert wrote:
Friends,
1st let me say that i have asked this forum for advice on my battele
with spam and I can say that I am enjoying success from the wisdom.
thank you.
a related matter.
I [ the postmaster ] personnally get a lot of spam because I am the
ctach all account.
this means I get spam for ' people who do not exist" - this is 2
catagories.
1- accounts that did exist in the past but no longer. ie billiebob
left - so no [email protected] anymore
2- accounts that have never existed . ie [email protected]
as you might suspect these are largely spam.
My q - what is a suggested means of doing this?
my thoughts are
1. a account is made named [email protected] as catch all and assign it
a quota of 5 MB
2 make [email protected] the catch all.
or
3. no change - meaning leave it so it goes to my mailbox as catch all.
thanks
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
