voilsb Posted June 11, 2004 Share Posted June 11, 2004 I've noticed that all mail sent to my domain, even if it's sent to an invalid e-mail account, gets processed and delivered. Invalid addresses get delivered to my site account. Is there a setting somewhere to have it bounce with a "user unknown" error if a mail is sent to a user who doesn't exist, or should I open a help desk ticket to get this fixed? Quote Link to comment Share on other sites More sharing options...
MikeJ Posted June 11, 2004 Share Posted June 11, 2004 Go into your default emails option in the control panel and set the default email address (catch all) to :fail: to have emails to invalid addresses bounce. If you get a ton of email (spam) to invalid addresses, consider :blackhole: as a possible alternative. While it won't bounce back a response, it's much easier on the servers (it just deletes mail delivered to invalid addresses). Quote Link to comment Share on other sites More sharing options...
silica Posted June 11, 2004 Share Posted June 11, 2004 I am by far no authority on this issue, but in the cpanel email options under the "default address", it states that you can put the default to " :fail: no such address here" in order to have email addressed to unknowns bounced. I hope someone will confirm that this is the correct answer to your question, or submit the correct one. Quote Link to comment Share on other sites More sharing options...
voilsb Posted June 12, 2004 Author Share Posted June 12, 2004 Thank you. That's exactly what I was looking for, but somehow wasn't able to find it on my own. Sometimes it just takes a second pair of eyes Quote Link to comment Share on other sites More sharing options...
dlevens Posted June 15, 2004 Share Posted June 15, 2004 Does using either blackhole or fail use our bandwidth? I assume since the email was not delivered either way that email sent to any address at our domain that forwards to either blackhole or fail do not count towards our bandwidth usage? Or if we use fail because it sends a reply that is uses double the bandwidth on our account? Just curious as one of my domains gets a lot of spam. Dennis Quote Link to comment Share on other sites More sharing options...
MikeJ Posted June 15, 2004 Share Posted June 15, 2004 :blackhole: uses your bandwidth because it receives the email before deleting it (can't really avoid that). :fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake). The majority of spam messages are pretty small though, so as far as your overall bandwidth usage, it should still be relatively negligable. I get in excess of 2,000 spams a week and I barely even notice the bandwidth usage from it. Quote Link to comment Share on other sites More sharing options...
webmedic Posted June 23, 2004 Share Posted June 23, 2004 I wish my email was so easy on me. I get about 1000 a day on the average. with a low of maybe 500 and a high of about 1500. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted June 23, 2004 Share Posted June 23, 2004 I used to get the amount of spam you are getting until I started using Spam Assassin and now only get about 20 a day. Quote Link to comment Share on other sites More sharing options...
webmedic Posted June 23, 2004 Share Posted June 23, 2004 well let me restate that. I build my own email servers with spamassassin and clamav. I pipe it all through maildrop for filtering and then I use imap or pop to access it all. I use maildir instead of mailbox and for webmail i use squirellmail. It all works extreemly well. I dont drop any email but it's all nicely filtered into spam and virus folders. Then I just login through webmail or imap and look st the bad stuff and either delete it if need be or use it to train the bayes db. the only thing really left is the normal inbox which is what I get if I download using pop. This is nice as it allows me to make rpm's and ship completely functional setups with preprimed bays db for customers. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted June 23, 2004 Share Posted June 23, 2004 I have my default mail set to blackhole, spamassasin set to rewrite headers and a filter set up to delete all mail with the spam assasin header Quote Link to comment Share on other sites More sharing options...
annie Posted June 23, 2004 Share Posted June 23, 2004 :fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake). While that was once true, it's no longer the case. There's been a relatively recent update of cpanel. In the past, the server would accept the e-mail and then spit back a 550 message to the sender. Because of all the spam sent from invalid accounts (I believe), cpanel has now been configured to refuse mail to failed addresses at SMTP level. The bounce message a sender receives is from his sending SMTP server. Of course, many of the moderators are using their webserver as their SMTP server, so they wouldn't necessarily see this change that easily. Quote Link to comment Share on other sites More sharing options...
jandafields Posted June 24, 2004 Share Posted June 24, 2004 If that's the case, then :fail: should use zero counted-bandwidth... is that right? Quote Link to comment Share on other sites More sharing options...
webmedic Posted June 24, 2004 Share Posted June 24, 2004 If I understand from above correctly then yes that is the case. Since the bad email originates from an invalid address then the smtp server will reject it and therefore there would not be much bandwidth usage although there will still be a small amount not enough to matter though. Quote Link to comment Share on other sites More sharing options...
MikeJ Posted June 24, 2004 Share Posted June 24, 2004 Yes, that is correct. And annie is also correct about cPanel's stealth change recently to :fail:. Quote Link to comment Share on other sites More sharing options...
annie Posted June 24, 2004 Share Posted June 24, 2004 Stealth change is right! I almost popped a cork when I realized my custom fail messages were no longer delivered! Quote Link to comment Share on other sites More sharing options...
tvspec Posted April 25, 2005 Share Posted April 25, 2005 Stealth change is right! I almost popped a cork when I realized my custom fail messages were no longer delivered! <{POST_SNAPBACK}> So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message? The way it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address. Is there an easy way to fix this? Quote Link to comment Share on other sites More sharing options...
MikeJ Posted April 25, 2005 Share Posted April 25, 2005 So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message? The way it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address. Is there an easy way to fix this? <{POST_SNAPBACK}> If you have your email set to :fail: for non-existant addresses, they'll get a bounce back that should state the user doesn't exist. The exact message they get will be dependent on their provider's mail system, but it should include the message from the receiving host (your TCH server) that reports: Remote host said: 550-"The recipient cannot be verified. Please check all recipients of this550 message to verify they are valid." Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 25, 2005 Share Posted April 25, 2005 Welcome to the forums tvspec Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted April 25, 2005 Share Posted April 25, 2005 Welcome to the forums tvspec Quote Link to comment Share on other sites More sharing options...
Pocketman Posted May 5, 2005 Share Posted May 5, 2005 (edited) Some enterprising individual has "hijhacked" my domain name and sent out, who knows how many, emails infected with the W32.Sober.O2mm virus. The culprit has even gone so far as to add a "virus free" statement at the bottom of the message. Many of these infected emails get bounced back to mostly invalid addresses at my domain. Therefore I get "my" infected emails sent back to me. Using cPanel, I have set the default to :blackhole all unrouted email, yet they still keep showing up in my mailbox. Is there something else I need to do to dump these messages? The second, and probably more important, issue is how did this happen? Is my email address just being used or are they actually going through my domain and TCH's server? I can only imagine how many people think I zapped their systems with these infected emails. Edited May 5, 2005 by Pocketman Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted May 5, 2005 Share Posted May 5, 2005 (edited) You need to set your default account to :fail: to off those messages not :blackhole: This was changed sometime back. And you are not alone receiving these. I have been getting 20-30 a day for the past week. If these emails are bouncing back to a valid email account there is nothing you can do to stop them from coming back to you. Unless you try to filter them on the subject or something. Edited May 5, 2005 by TCH-Bruce Quote Link to comment Share on other sites More sharing options...
Deverill Posted May 5, 2005 Share Posted May 5, 2005 If you have any software on your site that can be hacked, such as blogs or guestbooks, then check to be sure they are all the latest version. Also make sure you have strong passwords on everything. Someone may have just "dictionary attacked" your account if it's not a good password. Finally, you may be able to get the tech guys to check the logs for you by submitting a Help Desk ticket and asking them if they can find anything. Although it is our responsibility to secure our own sites they may be able to help you out. Quote Link to comment Share on other sites More sharing options...
Pocketman Posted May 5, 2005 Share Posted May 5, 2005 I just changed the default unrouted email to :fail I disabled my guestbook yesterday. I'm not sure I have the latest version but will make sure I upgrade and change the password when I bring it back on line. I submitted a trouble ticket a few days ago and the help desk didn't note any unusual activity. I may ask them again if this doesn't subside in a few days. I am not surprised to learn others are experiencing this. Some people just need to get lives and quit messing with ours. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted May 5, 2005 Share Posted May 5, 2005 I just changed the default unrouted email to :fail That should be :fail: Note the trailing colon Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted May 5, 2005 Share Posted May 5, 2005 There is not much you can do when a spammer or others send e-mail using a false addy like one from our own domain. I have been getting a bunch of failed deliveries with my domain as the sender Fortunately the headers will prove it did not come form our domains. Quote Link to comment Share on other sites More sharing options...
Pocketman Posted May 5, 2005 Share Posted May 5, 2005 That should be :fail:Note the trailing colon <{POST_SNAPBACK}> OH! - That would explain why I am still receiving the junk. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.