|M Core||Oct 18, 2007 11:13 pm|
|Gordan Bobic||Oct 19, 2007 12:56 am|
|Leigh S. Jones, KR6X||Oct 19, 2007 6:01 am|
|Alessandro Vesely||Oct 19, 2007 7:28 am|
|M Core||Oct 19, 2007 8:07 am|
|Gordan Bobic||Oct 19, 2007 8:24 am|
|Marcin 'Rambo' Roguski||Oct 19, 2007 8:29 am|
|Gordan Bobic||Oct 19, 2007 8:36 am|
|Johnny C. Lam||Oct 19, 2007 9:26 am|
|Alessandro Vesely||Oct 19, 2007 10:28 am|
|Alessandro Vesely||Oct 19, 2007 11:14 am|
|M Core||Oct 19, 2007 1:11 pm|
|Johnny C. Lam||Oct 19, 2007 1:34 pm|
|Gordon Messmer||Oct 19, 2007 4:18 pm|
|Gordon Messmer||Oct 19, 2007 4:21 pm|
|Subject:||Re: [courier-users] Weird messages received|
|From:||Leigh S. Jones, KR6X (kr...@kr6x.com)|
|Date:||Oct 19, 2007 6:01:43 am|
I've been receiving these kinds of messages myself. And, in fairly large numbers. In my case, when I trace it back to the source, I discover that someone is using an invalid user name from my domain as the envelope sender address when sending spam. A non-delivery message then bounces back to the invalid user name from the server of the intended spam recipient. This non-delivery message is attached to the "weird" message, and clearly identifies the IP address of the bot net system that sent the original spam.
There really is some mechanism here that I would like to have the power to change. These "weird" messages clearly occur as reports of non-delivery being sent to "postmaster". For me, the postmaster, the quantity of non-delivery messages overwhelms me to the point that I ignore real non-delivery messages that I would like to be alert to.
Just as clear is the fact that these messages are originating inside of Courier. My own Courier software is the current "stable" Debian binary version of Courier 0.53.3 retrieved by apt-get, and non-delivery messages to postmaster are enabled. Just why Courier believes that these particular kinds of non-delivery messages should be originated remains a mystery to me...
On Fri, 19 Oct 2007, M Core wrote:
Sometimes I receive an email to my admin account stating that the email I sent to an inva...@mydomain.com was not sent. The message has an attachment and when you open them down eventually you find a spam email that is FROM the invalid_user@mydomain to a vali...@mydomain.com
How is this happening? What do I look at?
From an external account I teleneted in and sent a message from the
inva...@mydomain.com to vali...@mydomain.com. And it worked... so I thought it is an open relay. But when I try any of the websites etc. to check for this none of them can find an open relay on my mail server.
It's not an open relay. It accepts email for vali...@mydomain.com. That's where the bounce went to, because somebody forged the envelope from header to your valid account.
But now that you mentioned it - is there a way to make Courier make an additional check?
Normally, this is not too plausible to check if from is for a non-locally hosted domain, but if from is from a locally hosted domain, can we make Courier check if from is deliverable, and if not, reject with "unknown sender" or some such?
On a separate note, is it possible to get Courier to do return path verification? i.e. for the from address, look up mx, connect, and do: HELO, MAIL FROM, RCPT TO, QUIT, just to see if the FROM address is deliverable?
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users