[qmailtoaster] How to discard spamassasin bounces
Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to discard spamassasin bounces
set up account to catchall deleted It is under qmailadmin. Alex wrote: Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] How to discard spamassasin bounces
Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:35 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces set up account to catchall deleted It is under qmailadmin. Alex wrote: Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] How to discard spamassasin bounces
Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de noviembre de 2006 18:47 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] How to discard spamassasin bounces Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:35 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces set up account to catchall deleted It is under qmailadmin. Alex wrote: Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] BEGIN:VCARD VERSION:2.1 N:Sánchez Martín;David FN:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ORG:E2000 Financial Investments, S.A.;Centro de Nuevas Tecnologías TITLE:Administrador de Sistemas TEL;WORK;VOICE:902196177 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA;Asturias;;;Espa=F1a LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA=0D=0AAsturias=0D=0AEspa=F1a URL;WORK:http://www.e2000.es EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060705T152542Z END:VCARD - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] How to discard spamassasin bounces
Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de noviembre de 2006 18:47 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] How to discard spamassasin bounces Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:35 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces set up account to catchall deleted It is under qmailadmin. Alex wrote: Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to discard spamassasin bounces
hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de noviembre de 2006 18:47 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] How to discard spamassasin bounces Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:35 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces set up account to catchall deleted It is under qmailadmin. Alex wrote: Can someone help me figure out how to not send the bounce messages back to the sender which are being returned by spamassasin? I am having issues with my server bombarding unsuspecting people whose email was hijacked with spam bounces. Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] How to discard spamassasin bounces
Following up on this. Can this be enabled by Drop Message option (http://qmailwiki.inter7.com/Simscan/Guide#Drop_Message_option) Some sites have security policies in place which require them to accept every email. For these sites there is an option to do all the normal simscan processing, but if a virus or spam is detected the message is not handed to qmail-queue for local delivery. Instead it is silently dropped. Use this option when configuring simscan --enable-dropmsg I was looking at the spec file for simscan and it is not enabled. There is also a settings: drop message = OFF Would this be what I need to drop messages with spam hits over 12??? On 11/7/06, slamp slamp [EMAIL PROTECTED] wrote: hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de noviembre de 2006 18:47 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] How to discard spamassasin bounces Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07
Re: [qmailtoaster] How to discard spamassasin bounces
--enable-dropmsg accepts the e-mail and silently drops the message. We generate error 500's which sends a message to spammers to hit someone else. It also makes legitimate senders generate bounces to their sender. This would be a bad thing, and is not necessary for the QmailToaster operation. On 11/7/06, slamp slamp [EMAIL PROTECTED] wrote: Following up on this. Can this be enabled by Drop Message option (http://qmailwiki.inter7.com/Simscan/Guide#Drop_Message_option) Some sites have security policies in place which require them to accept every email. For these sites there is an option to do all the normal simscan processing, but if a virus or spam is detected the message is not handed to qmail-queue for local delivery. Instead it is silently dropped. Use this option when configuring simscan --enable-dropmsg I was looking at the spec file for simscan and it is not enabled. There is also a settings: drop message = OFF Would this be what I need to drop messages with spam hits over 12??? On 11/7/06, slamp slamp [EMAIL PROTECTED] wrote: hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain
Re: [qmailtoaster] How to discard spamassasin bounces
hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) You are generating a REJECT NOT A BOUNCE IMHO the bounce is generated on the sending server. Is not your toasters fault. You just told the sender you don't accept his spam message. Is up to the sending mail server (are you mail.rollernet.us ???) what it does with this information, and you can't control it. (is mail.rollernet.us sysadmin dutty, tell him not to spam you, simple as that). You are not offending anyone, is mail.rollernet.us who is spamming you. If your PHB tells you to avoid this by all the means necessary you can allways disable simscan spam_hits variable in simscan and eat, eat, eat! a lot of spam. Obviously this is not recommended. smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED] Enviado el: martes, 07 de noviembre de 2006 18:47 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] How to discard spamassasin bounces Thank you. I already have that set and that only deletes the incoming wrong user mail, not the email sent out as bounces. -Original Message- From: abdul khan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:35 AM
Re: [qmailtoaster] How to discard spamassasin bounces
mail.rollernet.us is my secondary mx (its for free). unfortunately they don't like receiving bounce or reject messages coming from my primary mx so they disable my account automatically (they call this backscatter). this is something i dont want because i dont have a backup if my network goes down for some reason and i dont want to miss any mail. On 11/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) You are generating a REJECT NOT A BOUNCE IMHO the bounce is generated on the sending server. Is not your toasters fault. You just told the sender you don't accept his spam message. Is up to the sending mail server (are you mail.rollernet.us ???) what it does with this information, and you can't control it. (is mail.rollernet.us sysadmin dutty, tell him not to spam you, simple as that). You are not offending anyone, is mail.rollernet.us who is spamming you. If your PHB tells you to avoid this by all the means necessary you can allways disable simscan spam_hits variable in simscan and eat, eat, eat! a lot of spam. Obviously this is not recommended. smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls? *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Alex [mailto:[EMAIL PROTECTED
Re: [qmailtoaster] How to discard spamassasin bounces
Ok, understood. You are using a backup MX that doesn't filter any spam. You can enabl RELAY for that host 208.11.75.2 in /etc/tcprules.d/tcp.smtp Something like adding a line like this: 208.11.75.2:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,QMAILQUEUE=/var/qmail/bin/simscan and doing a qmailctl cdb This hopefully disable spamassassin checking for that domain. Maybe this isn't the best solution, anyway. Could you afford a paid secondary MX (with spam filtering, if possible)? :-S mail.rollernet.us is my secondary mx (its for free). unfortunately they don't like receiving bounce or reject messages coming from my primary mx so they disable my account automatically (they call this backscatter). this is something i dont want because i dont have a backup if my network goes down for some reason and i dont want to miss any mail. On 11/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: hmm actually if spam hits is over 12 points it generates a bounce. bounce message: rejected by: bounced (host domain.com[69.115.xx.xxx] said: 554 Your email is considered spam (17.50 spam-hits) (in reply to end of DATA command)) You are generating a REJECT NOT A BOUNCE IMHO the bounce is generated on the sending server. Is not your toasters fault. You just told the sender you don't accept his spam message. Is up to the sending mail server (are you mail.rollernet.us ???) what it does with this information, and you can't control it. (is mail.rollernet.us sysadmin dutty, tell him not to spam you, simple as that). You are not offending anyone, is mail.rollernet.us who is spamming you. If your PHB tells you to avoid this by all the means necessary you can allways disable simscan spam_hits variable in simscan and eat, eat, eat! a lot of spam. Obviously this is not recommended. smtp log: 2006-10-24 16:56:47.566033500 tcpserver: status: 0/100 2006-10-24 17:12:53.798053500 tcpserver: status: 1/100 2006-10-24 17:12:53.798058500 tcpserver: pid 1871 from 208.11.75.2 2006-10-24 17:12:53.798061500 tcpserver: ok 1871 mail.domain.com:192.168.2.50:25 :208.11.75.2::35258 2006-10-24 17:12:56.898361500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mail.r ollernet.us:unknown:208.11.75.2 rcpt : sender accepted 2006-10-24 17:12:57.194445500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.rol lernet.us:unknown:208.11.75.2 rcpt [EMAIL PROTECTED] : found existing recipient 2006-10-24 17:12:57.696231500 simscan:[1871]:SPAM REJECT (17.50/12.00):0.4995s:***SPAM*** Faith Matt ers - Meet Catholic singles:208.11.75.2:[EMAIL PROTECTED]:[EMAIL PROTECTED] 2006-10-24 17:12:57.702238500 tcpserver: end 1871 status 0 spamd log: 2006-10-24 16:56:47.535371500 [25696] info: prefork: child states: II 2006-10-24 17:12:57.351048500 [1378] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 35386 2006-10-24 17:12:57.356215500 [1378] info: spamd: processing message [EMAIL PROTECTED] .rollernet.us for clamav:89 2006-10-24 17:12:57.692273500 [1378] info: spamd: identified spam (17.5/5.0) for clamav:89 in 0.3 se conds, 1860 bytes. 2006-10-24 17:12:57.692647500 [1378] info: spamd: result: Y 17 - HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTM L_SHORT_LINK_IMG_1,MEET_SINGLES,MIME_HTML_ONLY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC _SURBL,URIBL_WS_SURBL scantime=0.3,size=1860,user=clamav,uid=89,required_score=5.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=35386,mid=[EMAIL PROTECTED],autolearn=no i actually want to prevent this also but i don't know where to go. On 11/7/06, Alex [EMAIL PROTECTED] wrote: Thank you. You cleared it up for me. -Original Message- From: David Sánchez Martín [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] How to discard spamassasin bounces Returned by spamassassin??? Ok, let's figure it out the problem: The problem is one spammer sends you a forged From mail. 1.- If the mail From is not valid, is rejected by chkuser, no bounces 2.- If the mail Recipient is not a valid user on your mailserver is rejected by chkuser, so no bounces 3.- If spamassassin says has 12 (by default) hit points your smtp rejects it, so it doesn't generate bounces. 4.- If spamassassin says is below 12 is delivered to the mailbox. If it's correctly delivered no bounces are generated. AFAIK Only if is the case 4 could generate bounces just for 4 causes: 1.- Incorrect configured account (for example, alias to non existent accounts) 2.- Mailbox full or something like this 3.- Redirects to another server that bounces the mail. 4.- You have a relay user that is a spammer In which category your problem falls
Re: [qmailtoaster] How to discard spamassasin bounces
I've heard that it's not uncommon for spammers to use a secondary (or lowest priority) MX server listed on DNS because the backup servers often don't scan for spam. Sneaky little devils. ;) It appears that what you need to able to do is to tailor the way spam is handled according to the IP address it came from. Can maildrop possibly do this? [EMAIL PROTECTED] wrote: Ok, understood. You are using a backup MX that doesn't filter any spam. You can enabl RELAY for that host 208.11.75.2 in /etc/tcprules.d/tcp.smtp Something like adding a line like this: 208.11.75.2:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,QMAILQUEUE=/var/qmail/bin/simscan and doing a qmailctl cdb This hopefully disable spamassassin checking for that domain. Maybe this isn't the best solution, anyway. Could you afford a paid secondary MX (with spam filtering, if possible)? :-S mail.rollernet.us is my secondary mx (its for free). unfortunately they don't like receiving bounce or reject messages coming from my primary mx so they disable my account automatically (they call this backscatter). this is something i dont want because i dont have a backup if my network goes down for some reason and i dont want to miss any mail. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] How to discard spamassasin bounces
So is it better to recompile simscan with -drop-message option to not have bounces sent to the sender and silently discard them? -Original Message- From: Eric Shubes [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 1:12 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces I've heard that it's not uncommon for spammers to use a secondary (or lowest priority) MX server listed on DNS because the backup servers often don't scan for spam. Sneaky little devils. ;) It appears that what you need to able to do is to tailor the way spam is handled according to the IP address it came from. Can maildrop possibly do this? [EMAIL PROTECTED] wrote: Ok, understood. You are using a backup MX that doesn't filter any spam. You can enabl RELAY for that host 208.11.75.2 in /etc/tcprules.d/tcp.smtp Something like adding a line like this: 208.11.75.2:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/% /private,QMAILQUEUE=/var/qmail/bin/simscan and doing a qmailctl cdb This hopefully disable spamassassin checking for that domain. Maybe this isn't the best solution, anyway. Could you afford a paid secondary MX (with spam filtering, if possible)? :-S mail.rollernet.us is my secondary mx (its for free). unfortunately they don't like receiving bounce or reject messages coming from my primary mx so they disable my account automatically (they call this backscatter). this is something i dont want because i dont have a backup if my network goes down for some reason and i dont want to miss any mail. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to discard spamassasin bounces
Bounces aren't being sent. The rollernet servers are the ones generating the bounces, based on your error 500 rejection. Sounds like in your case the best thing to do would be to enable drop-message, or just exempt them by putting their servers in tcp.smtp. Erik On 11/7/06, Alex [EMAIL PROTECTED] wrote: So is it better to recompile simscan with -drop-message option to not have bounces sent to the sender and silently discard them? -Original Message- From: Eric Shubes [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 1:12 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to discard spamassasin bounces I've heard that it's not uncommon for spammers to use a secondary (or lowest priority) MX server listed on DNS because the backup servers often don't scan for spam. Sneaky little devils. ;) It appears that what you need to able to do is to tailor the way spam is handled according to the IP address it came from. Can maildrop possibly do this? [EMAIL PROTECTED] wrote: Ok, understood. You are using a backup MX that doesn't filter any spam. You can enabl RELAY for that host 208.11.75.2 in /etc/tcprules.d/tcp.smtp Something like adding a line like this: 208.11.75.2:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/% /private,QMAILQUEUE=/var/qmail/bin/simscan and doing a qmailctl cdb This hopefully disable spamassassin checking for that domain. Maybe this isn't the best solution, anyway. Could you afford a paid secondary MX (with spam filtering, if possible)? :-S mail.rollernet.us is my secondary mx (its for free). unfortunately they don't like receiving bounce or reject messages coming from my primary mx so they disable my account automatically (they call this backscatter). this is something i dont want because i dont have a backup if my network goes down for some reason and i dont want to miss any mail. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
