Announcement

Collapse
No announcement yet.

qmail patch to reject invalid email at the smtp layer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • qmail patch to reject invalid email at the smtp layer

    Hi,

    I was wondering what it would take to get a patch into the interworx qmail rpm so qmail will reject mail to invalid addresses at the smtp layer.

    This would be great for spammers that use a dictionary of words to bombard a mailserver with spam. By rejecting it at the smtp layer, it never clogs up the mail queue, and those that are running spam/virus checks are not wasting cpu time on mail that is never going to get delivered.

    One such patch that seems to do this is located at:

    http://code.dogmap.org/qmail/

    named qmail-realrcptto patch

  • #2
    Yes, this one would be really great.

    Another day a spammer sent to my server 20.000 (yes, 2 + four zeros) e-mails, using my domain with a dictionary.
    Last edited by Carlos; 01-31-2005, 07:15 PM.

    Comment


    • #3
      The only problem with this is spammer s can validate e-mail addresses. If htey forge From (which they almost allways do), they don't know what happens to the span when they send it.

      If you reject at the SMTP server, they know as they are sending what addresses are good and what are bad. They can validate e-mail addresses and know if they keep sending to certian ones someone will get it.

      Comment


      • #4
        Yes, I'm aware of this possibility. But as things are today, they keep sending to all addresses. And as they use fake return paths, you waste resourses bouncing the e-mail back and reciving the bounce back to you some time later ("This is the qmail-send program at XXXXX. I tried to deliver a bounce message to this address, but the bounce bounced!").

        Comment


        • #5
          I agree, this is a valid concern. The patch you mentioned won't work with InterWorx since it doesn't understand vpopmail, but there is a patch we're looking into called chkuser.

          There is something you can do about the double bounce messages immediately though.

          run the following commands as root:

          Code:
          echo '#' > /var/qmail/alias/.qmail-dev-null
          chown alias.nofiles /var/qmail/alias/.qmail-dev-null
          echo 'dev-null' > /var/qmail/control/doublebounceto
          Paul Oehler
          InterWorx-CP | http://interworx.com
          InterWorx Control Panel

          Comment


          • #6
            Originally posted by IWorx-Paul
            I agree, this is a valid concern. The patch you mentioned won't work with InterWorx since it doesn't understand vpopmail, but there is a patch we're looking into called chkuser.
            it seems to be great

            There is something you can do about the double bounce messages immediately though.

            run the following commands as root:

            Code:
            echo '#' > /var/qmail/alias/.qmail-dev-null
            chown alias.nofiles /var/qmail/alias/.qmail-dev-null
            echo 'dev-null' > /var/qmail/control/doublebounceto
            Paul, isn't it the same think to only let a blank field or only # char in /var/qmail/control/doublebounceto ?

            For my personnal concern, do you absolutly need to have an existing alias to pipe all double bounce messages to a null email ?

            Thanks

            Pascal
            Last edited by pascal; 01-31-2005, 07:08 PM.

            Comment


            • #7
              Knowing qmail it could work with just the # in there Pascal, but every example I've seen uses the alias.

              Chris
              Chris Wells
              InterWorx L.L.C. | http://interworx.com
              InterWorx Control Panel

              Comment


              • #8
                Originally posted by IWorx-Chris
                Knowing qmail it could work with just the # in there Pascal, but every example I've seen uses the alias.

                Chris
                Ok, so it should have a reason why :)

                If every example uses the alias, I'll use the alias :)

                Thanks Chris and Paul

                Comment


                • #9
                  So what's our final solution to filter out the double bounces?

                  Comment


                  • #10
                    http://www.interworx.com/support/doc...bounce-options

                    There's an option in there to disable double bounces.

                    Comment


                    • #11
                      chkuser implemented??

                      Just checking this discussion for the first time. Wondering if this patch was ever implemented in interworx (latest update). We have been hit by two smtpd attacks where they are doing dictionary attacks. Of course the qmail we all know and love accepts every darn message before it denies it! So, valuable server resources are taken up dealing with it.
                      We have been looking at adding a Barracuda Spam Filter to help offload the huge loads we get on SPAM (having almost 5000 email accounts) but they will not work to deny smtpd attacks if this patch is not in place because qmail will accept all the messages before bouncing them.
                      Sorry to be so verbose on a simple question... was this patch implemented yet? Thanks.

                      Comment


                      • #12
                        Hello,

                        I would also appreciate some info on this, as we want to enable Dynamic Recipient verification for our SPAM checking, and without it rejecting at the outset of the SMTP transaction, it cant work.

                        Cheers,

                        William
                        Ledger Technologies Group Ltd - UK based dynamic group of companies that utilises existing and emerging technologies to provide data solutions for clients globally.
                        EverythingWeb.Net Ltd - UK Based Website Hosting, Design & Maintenance.

                        The views expressed in the above messsage are purely my own and are in no way official or representative of the companies I represent.

                        Comment


                        • #13
                          Yes, the chkuser patch has been added. You enable it on a per-domain basis in SiteWorx, by turning "bounce on". Site Services->E-mail->Overview on the menu.

                          Paul
                          Paul Oehler
                          InterWorx-CP | http://interworx.com
                          InterWorx Control Panel

                          Comment


                          • #14
                            nothing cooler

                            There is nothing cooler than asking something and finding out that you already have it! Thanks guys for the amazing product! Greatly appreciated.

                            Comment


                            • #15
                              Ahh.. perfect thank you Paul :)
                              Ledger Technologies Group Ltd - UK based dynamic group of companies that utilises existing and emerging technologies to provide data solutions for clients globally.
                              EverythingWeb.Net Ltd - UK Based Website Hosting, Design & Maintenance.

                              The views expressed in the above messsage are purely my own and are in no way official or representative of the companies I represent.

                              Comment

                              Working...
                              X