Loading ...
Sorry, an error occurred while loading the content.

Re: Rejecting mail to unknown users

Expand Messages
  • Vishal Agarwal
    Is there any way to control the malware infected computer, not to send more then counted or limited messages.
    Message 1 of 13 , Sep 11, 2013
    • 0 Attachment
      Is there any way to control the malware infected  computer, not to send more then counted or limited messages.


      On Wed, Sep 11, 2013 at 6:57 PM, Wietse Venema <wietse@...> wrote:
      Zel Uneec:
      > On 11.09.2013 14:43, Wietse Venema wrote:
      > > /etc/postfix/main.cf:
      > >      smtpd_reject_unlisted_recipient = no
      > >      smtpd_recipient_restrictions =
      > >          permit_mynetworks
      > >          permit_sasl_authenticated
      > >          reject_unlisted_recipient
      > >          ...
      > >          reject_unauth_destination
      > >          ...
      > >
      > > It's is very easy to screw this up and become a backscatter source.
      > > That is why "smtpd_reject_unlisted_recipient = no" is not the default
      > > setting.
      > >
      >
      > Thank you Wietse, that is what I was looking for! So, for now, my
      > problem is solved.
      >
      > Just one more thing: Will this setting have some kind of (big) negative
      > impact? I guess not, but just to be sure...

      Yes. When a client becomes malware infected, it will send spam with
      a false sender address, and Postfix will return some of that spam
      to innocent people.

              Wietse

    • Kris Deugau
      ... Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don t actually display the SMTP error response to the user, they just pop up a generic Wahh!
      Message 2 of 13 , Sep 11, 2013
      • 0 Attachment
        Mark Goodge wrote:
        > It might help if you explained why you want to do this. What particular
        > problem is being caused by your internal users getting an error message
        > instead of a bounce?

        Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don't
        actually display the SMTP error response to the user, they just pop up a
        generic "Wahh! Can't do that!" error message.

        Some users are also quite resistant to actually *reading* the text of
        the error (although these users will also have trouble with reading the
        bounce message).

        -kgd
      • lists@rhsoft.net
        ... iPhones do not show the errors at all as well as ignoring the 5xx repsonse a try over months and weeks to send the same message every 5 minutes by
        Message 3 of 13 , Sep 11, 2013
        • 0 Attachment
          Am 11.09.2013 16:52, schrieb Kris Deugau:
          > Mark Goodge wrote:
          >> It might help if you explained why you want to do this. What particular
          >> problem is being caused by your internal users getting an error message
          >> instead of a bounce?
          >
          > Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don't
          > actually display the SMTP error response to the user, they just pop up a
          > generic "Wahh! Can't do that!" error message

          iPhones do not show the errors at all as well as ignoring the 5xx
          repsonse a try over months and weeks to send the same message
          every 5 minutes by stupidity

          but that is no reason to generate bounces
        • Noel Jones
          ... There are several policy services that implement rate limits. postfwd is one that is commonly used. http://www.postfix.org/SMTPD_POLICY_README.html
          Message 4 of 13 , Sep 11, 2013
          • 0 Attachment
            On 9/11/2013 9:18 AM, Vishal Agarwal wrote:
            > Is there any way to control the malware infected computer, not to
            > send more then counted or limited messages.

            There are several policy services that implement rate limits.
            postfwd is one that is commonly used.

            http://www.postfix.org/SMTPD_POLICY_README.html
            http://www.postfix.org/addon.html#policy



            -- Noel Jones
          • Zel Uneec
            ... Exactly! ... Can you please explain how is this connected? If client is infected, it can send spam with false sender address no matter if sending to uknown
            Message 5 of 13 , Sep 12, 2013
            • 0 Attachment
              On 11.09.2013 16:52, Kris Deugau wrote:
              > Mark Goodge wrote:
              >> It might help if you explained why you want to do this. What particular
              >> problem is being caused by your internal users getting an error message
              >> instead of a bounce?
              >
              > Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don't
              > actually display the SMTP error response to the user, they just pop up a
              > generic "Wahh! Can't do that!" error message.
              >
              > Some users are also quite resistant to actually *reading* the text of
              > the error (although these users will also have trouble with reading the
              > bounce message).


              Exactly!


              On 11.09.2013 15:27, Wietse Venema wrote:
              >> Thank you Wietse, that is what I was looking for! So, for now, my
              >> problem is solved.
              >>
              >> Just one more thing: Will this setting have some kind of (big) negative
              >> impact? I guess not, but just to be sure...
              >
              > Yes. When a client becomes malware infected, it will send spam with
              > a false sender address, and Postfix will return some of that spam
              > to innocent people.

              Can you please explain how is this connected? If client is infected, it
              can send spam with false sender address no matter if sending to uknown
              recipients is enabled or disabled, if it has access to smtp
              (sasl_authenticated, etc.)?
            • Wietse Venema
              Zel Uneec: [ Charset ISO-8859-2 unsupported, converting... ] ... With the proposed modification, Postfix will not reject spam for an unknown recipient from a
              Message 6 of 13 , Sep 12, 2013
              • 0 Attachment
                Zel Uneec:
                [ Charset ISO-8859-2 unsupported, converting... ]
                > On 11.09.2013 16:52, Kris Deugau wrote:
                > > Mark Goodge wrote:
                > >> It might help if you explained why you want to do this. What particular
                > >> problem is being caused by your internal users getting an error message
                > >> instead of a bounce?
                > >
                > > Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don't
                > > actually display the SMTP error response to the user, they just pop up a
                > > generic "Wahh! Can't do that!" error message.
                > >
                > > Some users are also quite resistant to actually *reading* the text of
                > > the error (although these users will also have trouble with reading the
                > > bounce message).
                >
                >
                > Exactly!
                >
                >
                > On 11.09.2013 15:27, Wietse Venema wrote:
                > >> Thank you Wietse, that is what I was looking for! So, for now, my
                > >> problem is solved.
                > >>
                > >> Just one more thing: Will this setting have some kind of (big) negative
                > >> impact? I guess not, but just to be sure...
                > >
                > > Yes. When a client becomes malware infected, it will send spam with
                > > a false sender address, and Postfix will return some of that spam
                > > to innocent people.
                >
                > Can you please explain how is this connected? If client is infected, it
                > can send spam with false sender address no matter if sending to uknown
                > recipients is enabled or disabled, if it has access to smtp
                > (sasl_authenticated, etc.)?

                With the proposed modification, Postfix will not reject spam for
                an unknown recipient from a local or authenticated client, and will
                instead send a bounce message to the forged sender address.

                Wietse
              Your message has been successfully submitted and would be delivered to recipients shortly.