Loading ...
Sorry, an error occurred while loading the content.

Re: MAILER-DAEMON bounces - Can parse them to a specific user.

Expand Messages
  • Chuck Amadi
    Hi Wietse Venema Cheers for clearing that issue up. Cheers Chuck ... -- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road,
    Message 1 of 9 , Mar 1, 2007
    • 0 Attachment
      Hi Wietse Venema

      Cheers for clearing that issue up.

      Cheers

      Chuck

      wrote:
      > Chuck Amadi:
      >
      >> Hi List
      >>
      >> I have a issue with MAILER-DAEMON bounces I need to investigate further
      >> is there a parameter in the main.cf
      >> that I can use to parse bounces to spefic user i.e bouncedmail that I
      >> have created.
      >>
      >
      > With the notify_classes parameter you can specify that
      > Postfix sends an extra copy when it creates a bounce message.
      >
      > Wietse
      >
      > http://www.postfix.org/postonf.5.html#notify_classes
      > http://www.postfix.org/postonf.5.html#bounce_notice_recipient
      >
      >


      --
      Chuck Amadi
      ROK Corporation Limited
      Ty ROK,
      Dyffryn Business Park,
      Llantwit Major Road,
      Llandow,
      Vale Of Glamorgan.
      CF71 7PY

      Tel: 01446 795 839
      Fax: 01446 794 994
      International Tel: +44 1446 795 839

      email: chuck.amadi@...

      This email is confidential to the addressee only. If you do not believe
      that you are the intended recipient, do not pass it on or copy it in any
      way. Please delete it immediately.
    • Juan Pablo Calomino
      Hi people, I have one question for you. How do you do to avoid this kind of thing? 220 -Empresa de Servicios - XXXXXXX helo mundo 250 SERVER02.xxxxxxxx.com.ar
      Message 2 of 9 , Mar 1, 2007
      • 0 Attachment
        Hi people,

        I have one question for you.

        How do you do to avoid this kind of thing?

        220 -Empresa de Servicios - XXXXXXX
        helo mundo
        250 SERVER02.xxxxxxxx.com.ar
        mail from: <nobody@...>
        250 Ok
        rcpt to: <john.user@...>
        250 Ok
        data
        354 End data with <CR><LF>.<CR><LF>
        FROM: John User <john.user@...>
        TO: <john.user@...>
        SUBJECT: Nada

        Muerte!
        .
        250 Ok: queued as 972C55865D

        I think that it's too difficult to get rid of this
        type of mails, filtering may reject valid emails...

        I hear any suggestions!

        Thanks!
        Juan Pablo.






        __________________________________________________
        Preguntá. Respondé. Descubrí.
        Todo lo que querías saber, y lo que ni imaginabas,
        está en Yahoo! Respuestas (Beta).
        ¡Probalo ya!
        http://www.yahoo.com.ar/respuestas
      • MrC
        ... What specifically is this kind of thing ? The mundo HELO parameter? The nobody@hotmail.com MAIL FROM envelope? Please be more specific about what
        Message 3 of 9 , Mar 1, 2007
        • 0 Attachment
          > I have one question for you.
          >
          > How do you do to avoid this kind of thing?
          >
          > 220 -Empresa de Servicios - XXXXXXX
          > helo mundo
          > 250 SERVER02.xxxxxxxx.com.ar
          > mail from: <nobody@...>
          > 250 Ok
          > rcpt to: <john.user@...>
          > 250 Ok
          > data
          > 354 End data with <CR><LF>.<CR><LF>
          > FROM: John User <john.user@...>
          > TO: <john.user@...>
          > SUBJECT: Nada
          >
          > Muerte!
          > .
          > 250 Ok: queued as 972C55865D
          >
          > I think that it's too difficult to get rid of this type of
          > mails, filtering may reject valid emails...
          >
          > I hear any suggestions!

          What specifically is "this kind of thing" ? The "mundo" HELO parameter?
          The "nobody@..." MAIL FROM envelope?

          Please be more specific about what you are trying to reject.

          MrC
        • Juan Pablo Calomino
          ... Sorry, I m talking about the DATA part: data FROM: John User TO: SUBJECT: Nada. John User may think
          Message 4 of 9 , Mar 1, 2007
          • 0 Attachment
            --- MrC <lists-postfix@...> escribió:

            >
            > > I have one question for you.
            > >
            > > How do you do to avoid this kind of thing?
            > >
            > > 220 -Empresa de Servicios - XXXXXXX
            > > helo mundo
            > > 250 SERVER02.xxxxxxxx.com.ar
            > > mail from: <nobody@...>
            > > 250 Ok
            > > rcpt to: <john.user@...>
            > > 250 Ok
            > > data
            > > 354 End data with <CR><LF>.<CR><LF>
            > > FROM: John User <john.user@...>
            > > TO: <john.user@...>
            > > SUBJECT: Nada
            > >
            > > Muerte!
            > > .
            > > 250 Ok: queued as 972C55865D
            > >
            > > I think that it's too difficult to get rid of this
            > type of
            > > mails, filtering may reject valid emails...
            > >
            > > I hear any suggestions!
            >
            > What specifically is "this kind of thing" ? The
            > "mundo" HELO parameter?
            > The "nobody@..." MAIL FROM envelope?
            >
            > Please be more specific about what you are trying to
            > reject.
            >
            > MrC
            >
            >

            Sorry, I'm talking about the DATA part:

            data
            FROM: John User <john.user@...>
            TO: <john.user@...>
            SUBJECT: Nada.

            John User may think that his mailbox is being used,
            because in the mail he sees that the sender is
            himself, and he doesn't know about MIME.
            I explain that it is fake, so he asks me to try to
            stop this "spoofed" emails.
            And here I am, trying to find ways to stop these
            mails, without stopping valid mails.

            Thanks!
            Juan Pablo.







            __________________________________________________
            Preguntá. Respondé. Descubrí.
            Todo lo que querías saber, y lo que ni imaginabas,
            está en Yahoo! Respuestas (Beta).
            ¡Probalo ya!
            http://www.yahoo.com.ar/respuestas
          • Chris St. Pierre
            ... You really _can t_ stop these. Rejecting messages where envelope sender != from header is a Very Bad Idea that will get you mostly FPs. SPF is an effort
            Message 5 of 9 , Mar 1, 2007
            • 0 Attachment
              On Thu, 1 Mar 2007, Juan Pablo Calomino wrote:

              > John User may think that his mailbox is being used,
              > because in the mail he sees that the sender is
              > himself, and he doesn't know about MIME.
              > I explain that it is fake, so he asks me to try to
              > stop this "spoofed" emails.
              > And here I am, trying to find ways to stop these
              > mails, without stopping valid mails.

              You really _can't_ stop these. Rejecting messages where envelope
              sender != from header is a Very Bad Idea that will get you mostly
              FPs. SPF is an effort to limit sender spoofing, but its effectiveness
              is limited by its adoption rate. (It's still worth publishing and
              checking SPF records, IMHO.)

              This generally only becomes an issue when clueless admins are
              producing backscatter, so helping eliminate backscatter will help.
              You can also read http://www.postfix.org/BACKSCATTER_README.html for
              tips on reducing bounce messages to forged senders.

              (Aside: I dearly hope that Dr. Ken Olum gets joe-jobbed:
              http://www.cio.com/technology/infrastructure/security/spam/five_things_about_fighting_spam.html?CID=28830)

              When you've implemented SPF records and eliminated any backscatter you
              might be sending, you're left with user training and that's about it.

              Chris St. Pierre
              Unix Systems Administrator
              Nebraska Wesleyan University
              -------------------
              Never send mail to thobrux@...
            • MrC
              ... Don t bother going this route. Consider instead beefing up your other UCE controls; you will find the majority of these just disappear. MrC
              Message 6 of 9 , Mar 1, 2007
              • 0 Attachment
                > Sorry, I'm talking about the DATA part:
                >
                > data
                > FROM: John User <john.user@...>
                > TO: <john.user@...>
                > SUBJECT: Nada.
                >
                > John User may think that his mailbox is being used, because
                > in the mail he sees that the sender is himself, and he
                > doesn't know about MIME.
                > I explain that it is fake, so he asks me to try to stop this
                > "spoofed" emails.
                > And here I am, trying to find ways to stop these mails,
                > without stopping valid mails.
                >
                > Thanks!
                > Juan Pablo.

                Don't bother going this route. Consider instead beefing up your other UCE
                controls; you will find the majority of these just disappear.

                MrC
              • mouss
                ... to make him happy, use maildrop to replace the From header... ... to stop (reduce the number of) spam, use a spam filter together with (safe) smtpd checks.
                Message 7 of 9 , Mar 1, 2007
                • 0 Attachment
                  Juan Pablo Calomino wrote:
                  > --- MrC <lists-postfix@...> escribió:
                  >
                  >
                  >>> I have one question for you.
                  >>>
                  >>> How do you do to avoid this kind of thing?
                  >>>
                  >>> 220 -Empresa de Servicios - XXXXXXX
                  >>> helo mundo
                  >>> 250 SERVER02.xxxxxxxx.com.ar
                  >>> mail from: <nobody@...>
                  >>> 250 Ok
                  >>> rcpt to: <john.user@...>
                  >>> 250 Ok
                  >>> data
                  >>> 354 End data with <CR><LF>.<CR><LF>
                  >>> FROM: John User <john.user@...>
                  >>> TO: <john.user@...>
                  >>> SUBJECT: Nada
                  >>>
                  >>> Muerte!
                  >>> .
                  >>> 250 Ok: queued as 972C55865D
                  >>>
                  >>> I think that it's too difficult to get rid of this
                  >>>
                  >> type of
                  >>
                  >>> mails, filtering may reject valid emails...
                  >>>
                  >>> I hear any suggestions!
                  >>>
                  >> What specifically is "this kind of thing" ? The
                  >> "mundo" HELO parameter?
                  >> The "nobody@..." MAIL FROM envelope?
                  >>
                  >> Please be more specific about what you are trying to
                  >> reject.
                  >>
                  >> MrC
                  >>
                  >>
                  >>
                  >
                  > Sorry, I'm talking about the DATA part:
                  >
                  > data
                  > FROM: John User <john.user@...>
                  > TO: <john.user@...>
                  > SUBJECT: Nada.
                  >
                  > John User may think that his mailbox is being used,
                  > because in the mail he sees that the sender is
                  > himself, and he doesn't know about MIME.
                  > I explain that it is fake, so he asks me to try to
                  > stop this "spoofed" emails.
                  >

                  to make him happy, use maildrop to replace the From header...


                  > And here I am, trying to find ways to stop these
                  > mails, without stopping valid mails.
                  >

                  to stop (reduce the number of) spam, use a spam filter together with
                  (safe) smtpd checks. only when you get a satisfactory level of spam
                  filtering should you look for improvement or for "hard" (unsafe) checks.
                Your message has been successfully submitted and would be delivered to recipients shortly.