Loading ...
Sorry, an error occurred while loading the content.

Re: MAILER-DAEMON bounces - Can parse them to a specific user.

Expand Messages
  • Wietse Venema
    ... With the notify_classes parameter you can specify that Postfix sends an extra copy when it creates a bounce message. Wietse
    Message 1 of 9 , Mar 1 9:35 AM
    • 0 Attachment
      Chuck Amadi:
      > Hi List
      >
      > I have a issue with MAILER-DAEMON bounces I need to investigate further
      > is there a parameter in the main.cf
      > that I can use to parse bounces to spefic user i.e bouncedmail that I
      > have created.

      With the notify_classes parameter you can specify that
      Postfix sends an extra copy when it creates a bounce message.

      Wietse

      http://www.postfix.org/postonf.5.html#notify_classes
      http://www.postfix.org/postonf.5.html#bounce_notice_recipient
    • Chuck Amadi
      Hi Wietse Venema Cheers for clearing that issue up. Cheers Chuck ... -- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road,
      Message 2 of 9 , Mar 1 9:40 AM
      • 0 Attachment
        Hi Wietse Venema

        Cheers for clearing that issue up.

        Cheers

        Chuck

        wrote:
        > Chuck Amadi:
        >
        >> Hi List
        >>
        >> I have a issue with MAILER-DAEMON bounces I need to investigate further
        >> is there a parameter in the main.cf
        >> that I can use to parse bounces to spefic user i.e bouncedmail that I
        >> have created.
        >>
        >
        > With the notify_classes parameter you can specify that
        > Postfix sends an extra copy when it creates a bounce message.
        >
        > Wietse
        >
        > http://www.postfix.org/postonf.5.html#notify_classes
        > http://www.postfix.org/postonf.5.html#bounce_notice_recipient
        >
        >


        --
        Chuck Amadi
        ROK Corporation Limited
        Ty ROK,
        Dyffryn Business Park,
        Llantwit Major Road,
        Llandow,
        Vale Of Glamorgan.
        CF71 7PY

        Tel: 01446 795 839
        Fax: 01446 794 994
        International Tel: +44 1446 795 839

        email: chuck.amadi@...

        This email is confidential to the addressee only. If you do not believe
        that you are the intended recipient, do not pass it on or copy it in any
        way. Please delete it immediately.
      • Juan Pablo Calomino
        Hi people, I have one question for you. How do you do to avoid this kind of thing? 220 -Empresa de Servicios - XXXXXXX helo mundo 250 SERVER02.xxxxxxxx.com.ar
        Message 3 of 9 , Mar 1 9:56 AM
        • 0 Attachment
          Hi people,

          I have one question for you.

          How do you do to avoid this kind of thing?

          220 -Empresa de Servicios - XXXXXXX
          helo mundo
          250 SERVER02.xxxxxxxx.com.ar
          mail from: <nobody@...>
          250 Ok
          rcpt to: <john.user@...>
          250 Ok
          data
          354 End data with <CR><LF>.<CR><LF>
          FROM: John User <john.user@...>
          TO: <john.user@...>
          SUBJECT: Nada

          Muerte!
          .
          250 Ok: queued as 972C55865D

          I think that it's too difficult to get rid of this
          type of mails, filtering may reject valid emails...

          I hear any suggestions!

          Thanks!
          Juan Pablo.






          __________________________________________________
          Preguntá. Respondé. Descubrí.
          Todo lo que querías saber, y lo que ni imaginabas,
          está en Yahoo! Respuestas (Beta).
          ¡Probalo ya!
          http://www.yahoo.com.ar/respuestas
        • MrC
          ... What specifically is this kind of thing ? The mundo HELO parameter? The nobody@hotmail.com MAIL FROM envelope? Please be more specific about what
          Message 4 of 9 , Mar 1 10:11 AM
          • 0 Attachment
            > I have one question for you.
            >
            > How do you do to avoid this kind of thing?
            >
            > 220 -Empresa de Servicios - XXXXXXX
            > helo mundo
            > 250 SERVER02.xxxxxxxx.com.ar
            > mail from: <nobody@...>
            > 250 Ok
            > rcpt to: <john.user@...>
            > 250 Ok
            > data
            > 354 End data with <CR><LF>.<CR><LF>
            > FROM: John User <john.user@...>
            > TO: <john.user@...>
            > SUBJECT: Nada
            >
            > Muerte!
            > .
            > 250 Ok: queued as 972C55865D
            >
            > I think that it's too difficult to get rid of this type of
            > mails, filtering may reject valid emails...
            >
            > I hear any suggestions!

            What specifically is "this kind of thing" ? The "mundo" HELO parameter?
            The "nobody@..." MAIL FROM envelope?

            Please be more specific about what you are trying to reject.

            MrC
          • Juan Pablo Calomino
            ... Sorry, I m talking about the DATA part: data FROM: John User TO: SUBJECT: Nada. John User may think
            Message 5 of 9 , Mar 1 10:30 AM
            • 0 Attachment
              --- MrC <lists-postfix@...> escribió:

              >
              > > I have one question for you.
              > >
              > > How do you do to avoid this kind of thing?
              > >
              > > 220 -Empresa de Servicios - XXXXXXX
              > > helo mundo
              > > 250 SERVER02.xxxxxxxx.com.ar
              > > mail from: <nobody@...>
              > > 250 Ok
              > > rcpt to: <john.user@...>
              > > 250 Ok
              > > data
              > > 354 End data with <CR><LF>.<CR><LF>
              > > FROM: John User <john.user@...>
              > > TO: <john.user@...>
              > > SUBJECT: Nada
              > >
              > > Muerte!
              > > .
              > > 250 Ok: queued as 972C55865D
              > >
              > > I think that it's too difficult to get rid of this
              > type of
              > > mails, filtering may reject valid emails...
              > >
              > > I hear any suggestions!
              >
              > What specifically is "this kind of thing" ? The
              > "mundo" HELO parameter?
              > The "nobody@..." MAIL FROM envelope?
              >
              > Please be more specific about what you are trying to
              > reject.
              >
              > MrC
              >
              >

              Sorry, I'm talking about the DATA part:

              data
              FROM: John User <john.user@...>
              TO: <john.user@...>
              SUBJECT: Nada.

              John User may think that his mailbox is being used,
              because in the mail he sees that the sender is
              himself, and he doesn't know about MIME.
              I explain that it is fake, so he asks me to try to
              stop this "spoofed" emails.
              And here I am, trying to find ways to stop these
              mails, without stopping valid mails.

              Thanks!
              Juan Pablo.







              __________________________________________________
              Preguntá. Respondé. Descubrí.
              Todo lo que querías saber, y lo que ni imaginabas,
              está en Yahoo! Respuestas (Beta).
              ¡Probalo ya!
              http://www.yahoo.com.ar/respuestas
            • Chris St. Pierre
              ... You really _can t_ stop these. Rejecting messages where envelope sender != from header is a Very Bad Idea that will get you mostly FPs. SPF is an effort
              Message 6 of 9 , Mar 1 12:19 PM
              • 0 Attachment
                On Thu, 1 Mar 2007, Juan Pablo Calomino wrote:

                > John User may think that his mailbox is being used,
                > because in the mail he sees that the sender is
                > himself, and he doesn't know about MIME.
                > I explain that it is fake, so he asks me to try to
                > stop this "spoofed" emails.
                > And here I am, trying to find ways to stop these
                > mails, without stopping valid mails.

                You really _can't_ stop these. Rejecting messages where envelope
                sender != from header is a Very Bad Idea that will get you mostly
                FPs. SPF is an effort to limit sender spoofing, but its effectiveness
                is limited by its adoption rate. (It's still worth publishing and
                checking SPF records, IMHO.)

                This generally only becomes an issue when clueless admins are
                producing backscatter, so helping eliminate backscatter will help.
                You can also read http://www.postfix.org/BACKSCATTER_README.html for
                tips on reducing bounce messages to forged senders.

                (Aside: I dearly hope that Dr. Ken Olum gets joe-jobbed:
                http://www.cio.com/technology/infrastructure/security/spam/five_things_about_fighting_spam.html?CID=28830)

                When you've implemented SPF records and eliminated any backscatter you
                might be sending, you're left with user training and that's about it.

                Chris St. Pierre
                Unix Systems Administrator
                Nebraska Wesleyan University
                -------------------
                Never send mail to thobrux@...
              • MrC
                ... Don t bother going this route. Consider instead beefing up your other UCE controls; you will find the majority of these just disappear. MrC
                Message 7 of 9 , Mar 1 12:40 PM
                • 0 Attachment
                  > Sorry, I'm talking about the DATA part:
                  >
                  > data
                  > FROM: John User <john.user@...>
                  > TO: <john.user@...>
                  > SUBJECT: Nada.
                  >
                  > John User may think that his mailbox is being used, because
                  > in the mail he sees that the sender is himself, and he
                  > doesn't know about MIME.
                  > I explain that it is fake, so he asks me to try to stop this
                  > "spoofed" emails.
                  > And here I am, trying to find ways to stop these mails,
                  > without stopping valid mails.
                  >
                  > Thanks!
                  > Juan Pablo.

                  Don't bother going this route. Consider instead beefing up your other UCE
                  controls; you will find the majority of these just disappear.

                  MrC
                • mouss
                  ... to make him happy, use maildrop to replace the From header... ... to stop (reduce the number of) spam, use a spam filter together with (safe) smtpd checks.
                  Message 8 of 9 , Mar 1 2:01 PM
                  • 0 Attachment
                    Juan Pablo Calomino wrote:
                    > --- MrC <lists-postfix@...> escribió:
                    >
                    >
                    >>> I have one question for you.
                    >>>
                    >>> How do you do to avoid this kind of thing?
                    >>>
                    >>> 220 -Empresa de Servicios - XXXXXXX
                    >>> helo mundo
                    >>> 250 SERVER02.xxxxxxxx.com.ar
                    >>> mail from: <nobody@...>
                    >>> 250 Ok
                    >>> rcpt to: <john.user@...>
                    >>> 250 Ok
                    >>> data
                    >>> 354 End data with <CR><LF>.<CR><LF>
                    >>> FROM: John User <john.user@...>
                    >>> TO: <john.user@...>
                    >>> SUBJECT: Nada
                    >>>
                    >>> Muerte!
                    >>> .
                    >>> 250 Ok: queued as 972C55865D
                    >>>
                    >>> I think that it's too difficult to get rid of this
                    >>>
                    >> type of
                    >>
                    >>> mails, filtering may reject valid emails...
                    >>>
                    >>> I hear any suggestions!
                    >>>
                    >> What specifically is "this kind of thing" ? The
                    >> "mundo" HELO parameter?
                    >> The "nobody@..." MAIL FROM envelope?
                    >>
                    >> Please be more specific about what you are trying to
                    >> reject.
                    >>
                    >> MrC
                    >>
                    >>
                    >>
                    >
                    > Sorry, I'm talking about the DATA part:
                    >
                    > data
                    > FROM: John User <john.user@...>
                    > TO: <john.user@...>
                    > SUBJECT: Nada.
                    >
                    > John User may think that his mailbox is being used,
                    > because in the mail he sees that the sender is
                    > himself, and he doesn't know about MIME.
                    > I explain that it is fake, so he asks me to try to
                    > stop this "spoofed" emails.
                    >

                    to make him happy, use maildrop to replace the From header...


                    > And here I am, trying to find ways to stop these
                    > mails, without stopping valid mails.
                    >

                    to stop (reduce the number of) spam, use a spam filter together with
                    (safe) smtpd checks. only when you get a satisfactory level of spam
                    filtering should you look for improvement or for "hard" (unsafe) checks.
                  Your message has been successfully submitted and would be delivered to recipients shortly.