Jump to content

How To Bounce Invalid E-mail Addresses?

voilsb

By voilsb
in CPanel and Site Maintenance

 Share

Recommended Posts

voilsb Contributor

voilsb

Posted
Posted

I've noticed that all mail sent to my domain, even if it's sent to an invalid e-mail account, gets processed and delivered. Invalid addresses get delivered to my site account.

 

Is there a setting somewhere to have it bounce with a "user unknown" error if a mail is sent to a user who doesn't exist, or should I open a help desk ticket to get this fixed?

MikeJ Veteran

MikeJ

Posted
Posted

Go into your default emails option in the control panel and set the default email address (catch all) to :fail: to have emails to invalid addresses bounce.

 

If you get a ton of email (spam) to invalid addresses, consider :blackhole: as a possible alternative. While it won't bounce back a response, it's much easier on the servers (it just deletes mail delivered to invalid addresses).

silica Enthusiast

silica

Posted
Posted

I am by far no authority on this issue, but in the cpanel email options under the "default address", it states that you can put the default to " :fail: no such address here" in order to have email addressed to unknowns bounced.

 

I hope someone will confirm that this is the correct answer to your question, or submit the correct one.

voilsb Contributor

voilsb

Posted
  • Author
Posted

Thank you. That's exactly what I was looking for, but somehow wasn't able to find it on my own. Sometimes it just takes a second pair of eyes ;)

dlevens Collaborator

dlevens

Posted
Posted

Does using either blackhole or fail use our bandwidth?

 

I assume since the email was not delivered either way that email sent to any address at our domain that forwards to either blackhole or fail do not count towards our bandwidth usage?

 

Or if we use fail because it sends a reply that is uses double the bandwidth on our account?

 

Just curious as one of my domains gets a lot of spam.

 

Dennis

MikeJ Veteran

MikeJ

Posted
Posted

:blackhole: uses your bandwidth because it receives the email before deleting it (can't really avoid that).

 

:fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake).

 

The majority of spam messages are pretty small though, so as far as your overall bandwidth usage, it should still be relatively negligable.

 

I get in excess of 2,000 spams a week and I barely even notice the bandwidth usage from it.

webmedic Contributor

webmedic

Posted
Posted

well let me restate that. I build my own email servers with spamassassin and clamav. I pipe it all through maildrop for filtering and then I use imap or pop to access it all. I use maildir instead of mailbox and for webmail i use squirellmail. It all works extreemly well. I dont drop any email but it's all nicely filtered into spam and virus folders. Then I just login through webmail or imap and look st the bad stuff and either delete it if need be or use it to train the bayes db. the only thing really left is the normal inbox which is what I get if I download using pop.

 

This is nice as it allows me to make rpm's and ship completely functional setups with preprimed bays db for customers.

TCH-Dick Grand Master

TCH-Dick

Posted
Posted

I have my default mail set to blackhole, spamassasin set to rewrite headers and a filter set up to delete all mail with the spam assasin header

annie Proficient

annie

Posted
Posted
:fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake).

 

While that was once true, it's no longer the case.

 

There's been a relatively recent update of cpanel. In the past, the server would accept the e-mail and then spit back a 550 message to the sender.

 

Because of all the spam sent from invalid accounts (I believe), cpanel has now been configured to refuse mail to failed addresses at SMTP level. The bounce message a sender receives is from his sending SMTP server.

 

Of course, many of the moderators are using their webserver as their SMTP server, so they wouldn't necessarily see this change that easily.

webmedic Contributor

webmedic

Posted
Posted

If I understand from above correctly then yes that is the case. Since the bad email originates from an invalid address then the smtp server will reject it and therefore there would not be much bandwidth usage although there will still be a small amount not enough to matter though.

  • 10 months later...
tvspec Apprentice

tvspec

Posted
Posted
Stealth change is right! I almost popped a cork when I realized my custom fail messages were no longer delivered!

 

So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message?

 

The way it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address. Is there an easy way to fix this?

MikeJ Veteran

MikeJ

Posted
Posted
So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message?

 

The way  it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address.  Is there an easy way to fix this?

 

If you have your email set to :fail: for non-existant addresses, they'll get a bounce back that should state the user doesn't exist. The exact message they get will be dependent on their provider's mail system, but it should include the message from the receiving host (your TCH server) that reports:

Remote host said: 550-"The recipient cannot be verified.  Please check all recipients of this

550 message to verify they are valid."

  • 2 weeks later...
Pocketman Apprentice

Pocketman

Posted
Posted (edited)

:dance: Some enterprising individual has "hijhacked" my domain name and sent out, who knows how many, emails infected with the W32.Sober.O2mm virus. The culprit has even gone so far as to add a "virus free" statement at the bottom of the message. Many of these infected emails get bounced back to mostly invalid addresses at my domain. Therefore I get "my" infected emails sent back to me.

 

Using cPanel, I have set the default to :blackhole all unrouted email, yet they still keep showing up in my mailbox. Is there something else I need to do to dump these messages?

 

The second, and probably more important, issue is how did this happen? Is my email address just being used or are they actually going through my domain and TCH's server? I can only imagine how many people think I zapped their systems with these infected emails.

Edited by Pocketman
TCH-Bruce Grand Master

TCH-Bruce

Posted
Posted (edited)

You need to set your default account to :fail: to off those messages not :blackhole:

 

This was changed sometime back. And you are not alone receiving these. I have been getting 20-30 a day for the past week.

 

If these emails are bouncing back to a valid email account there is nothing you can do to stop them from coming back to you. Unless you try to filter them on the subject or something.

Edited by TCH-Bruce
Deverill Grand Master

Deverill

Posted
Posted

If you have any software on your site that can be hacked, such as blogs or guestbooks, then check to be sure they are all the latest version. Also make sure you have strong passwords on everything. Someone may have just "dictionary attacked" your account if it's not a good password.

 

Finally, you may be able to get the tech guys to check the logs for you by submitting a Help Desk ticket and asking them if they can find anything. Although it is our responsibility to secure our own sites they may be able to help you out.

Pocketman Apprentice

Pocketman

Posted
Posted

I just changed the default unrouted email to :fail

 

I disabled my guestbook yesterday. I'm not sure I have the latest version but will make sure I upgrade and change the password when I bring it back on line.

 

I submitted a trouble ticket a few days ago and the help desk didn't note any unusual activity. I may ask them again if this doesn't subside in a few days.

 

I am not surprised to learn others are experiencing this. Some people just need to get lives and quit messing with ours.

 

Thanks for the help.

TCH-Don Grand Master

TCH-Don

Posted
Posted

There is not much you can do when a spammer or others send e-mail using a false addy like one from our own domain.

 

I have been getting a bunch of failed deliveries with my domain as the sender :dance:

 

Fortunately the headers will prove it did not come form our domains.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...