Jump to content

How To Bounce Invalid E-mail Addresses?


Recommended Posts

I've noticed that all mail sent to my domain, even if it's sent to an invalid e-mail account, gets processed and delivered. Invalid addresses get delivered to my site account.

 

Is there a setting somewhere to have it bounce with a "user unknown" error if a mail is sent to a user who doesn't exist, or should I open a help desk ticket to get this fixed?

Link to comment
Share on other sites

Go into your default emails option in the control panel and set the default email address (catch all) to :fail: to have emails to invalid addresses bounce.

 

If you get a ton of email (spam) to invalid addresses, consider :blackhole: as a possible alternative. While it won't bounce back a response, it's much easier on the servers (it just deletes mail delivered to invalid addresses).

Link to comment
Share on other sites

I am by far no authority on this issue, but in the cpanel email options under the "default address", it states that you can put the default to " :fail: no such address here" in order to have email addressed to unknowns bounced.

 

I hope someone will confirm that this is the correct answer to your question, or submit the correct one.

Link to comment
Share on other sites

Does using either blackhole or fail use our bandwidth?

 

I assume since the email was not delivered either way that email sent to any address at our domain that forwards to either blackhole or fail do not count towards our bandwidth usage?

 

Or if we use fail because it sends a reply that is uses double the bandwidth on our account?

 

Just curious as one of my domains gets a lot of spam.

 

Dennis

Link to comment
Share on other sites

:blackhole: uses your bandwidth because it receives the email before deleting it (can't really avoid that).

 

:fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake).

 

The majority of spam messages are pretty small though, so as far as your overall bandwidth usage, it should still be relatively negligable.

 

I get in excess of 2,000 spams a week and I barely even notice the bandwidth usage from it.

Link to comment
Share on other sites

well let me restate that. I build my own email servers with spamassassin and clamav. I pipe it all through maildrop for filtering and then I use imap or pop to access it all. I use maildir instead of mailbox and for webmail i use squirellmail. It all works extreemly well. I dont drop any email but it's all nicely filtered into spam and virus folders. Then I just login through webmail or imap and look st the bad stuff and either delete it if need be or use it to train the bayes db. the only thing really left is the normal inbox which is what I get if I download using pop.

 

This is nice as it allows me to make rpm's and ship completely functional setups with preprimed bays db for customers.

Link to comment
Share on other sites

:fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake).

 

While that was once true, it's no longer the case.

 

There's been a relatively recent update of cpanel. In the past, the server would accept the e-mail and then spit back a 550 message to the sender.

 

Because of all the spam sent from invalid accounts (I believe), cpanel has now been configured to refuse mail to failed addresses at SMTP level. The bounce message a sender receives is from his sending SMTP server.

 

Of course, many of the moderators are using their webserver as their SMTP server, so they wouldn't necessarily see this change that easily.

Link to comment
Share on other sites

If I understand from above correctly then yes that is the case. Since the bad email originates from an invalid address then the smtp server will reject it and therefore there would not be much bandwidth usage although there will still be a small amount not enough to matter though.

Link to comment
Share on other sites

  • 10 months later...
Stealth change is right! I almost popped a cork when I realized my custom fail messages were no longer delivered!

 

So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message?

 

The way it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address. Is there an easy way to fix this?

Link to comment
Share on other sites

So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message?

 

The way  it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address.  Is there an easy way to fix this?

 

If you have your email set to :fail: for non-existant addresses, they'll get a bounce back that should state the user doesn't exist. The exact message they get will be dependent on their provider's mail system, but it should include the message from the receiving host (your TCH server) that reports:

Remote host said: 550-"The recipient cannot be verified.  Please check all recipients of this

550 message to verify they are valid."

Link to comment
Share on other sites

  • 2 weeks later...

:dance: Some enterprising individual has "hijhacked" my domain name and sent out, who knows how many, emails infected with the W32.Sober.O2mm virus. The culprit has even gone so far as to add a "virus free" statement at the bottom of the message. Many of these infected emails get bounced back to mostly invalid addresses at my domain. Therefore I get "my" infected emails sent back to me.

 

Using cPanel, I have set the default to :blackhole all unrouted email, yet they still keep showing up in my mailbox. Is there something else I need to do to dump these messages?

 

The second, and probably more important, issue is how did this happen? Is my email address just being used or are they actually going through my domain and TCH's server? I can only imagine how many people think I zapped their systems with these infected emails.

Edited by Pocketman
Link to comment
Share on other sites

You need to set your default account to :fail: to off those messages not :blackhole:

 

This was changed sometime back. And you are not alone receiving these. I have been getting 20-30 a day for the past week.

 

If these emails are bouncing back to a valid email account there is nothing you can do to stop them from coming back to you. Unless you try to filter them on the subject or something.

Edited by TCH-Bruce
Link to comment
Share on other sites

If you have any software on your site that can be hacked, such as blogs or guestbooks, then check to be sure they are all the latest version. Also make sure you have strong passwords on everything. Someone may have just "dictionary attacked" your account if it's not a good password.

 

Finally, you may be able to get the tech guys to check the logs for you by submitting a Help Desk ticket and asking them if they can find anything. Although it is our responsibility to secure our own sites they may be able to help you out.

Link to comment
Share on other sites

I just changed the default unrouted email to :fail

 

I disabled my guestbook yesterday. I'm not sure I have the latest version but will make sure I upgrade and change the password when I bring it back on line.

 

I submitted a trouble ticket a few days ago and the help desk didn't note any unusual activity. I may ask them again if this doesn't subside in a few days.

 

I am not surprised to learn others are experiencing this. Some people just need to get lives and quit messing with ours.

 

Thanks for the help.

Link to comment
Share on other sites

There is not much you can do when a spammer or others send e-mail using a false addy like one from our own domain.

 

I have been getting a bunch of failed deliveries with my domain as the sender :dance:

 

Fortunately the headers will prove it did not come form our domains.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...