Loading ...
Sorry, an error occurred while loading the content.

Do not send mails to addresses with more than 3 dots in username part

Expand Messages
  • Alexander Farber
    Hello, I run a Drupal 7 website on a CentOS 6.4 server with postfix-2.6.6-2.2.el6_1.x86_64. In the last few months the amount of fake users trying to register
    Message 1 of 38 , Nov 22, 2013
    • 0 Attachment
      Hello,

      I run a Drupal 7 website on a CentOS 6.4 server with postfix-2.6.6-2.2.el6_1.x86_64.

      In the last few months the amount of fake users trying to register at my website has increased dramatically - I get 2 or 3 of such registrations per minute.

      Mostly they have fake mail adresses with many dots and at gmail.com:

          c.ar.eer.torb@...
          all.ego.ry.nl.u.c@...
          b.is.on.bk.h.l@...

      At the end those users can't register, because a mail confirmation is required.

      But my mailbox is filled with mail bounces and in the /var/log/maillog I see my site contacting Gmail servers again and again:

          Nov 17 07:05:07 www postfix/smtp[14348]: 182A6803FD2: to=<p.os.t.h.um.o.u.szd.y.o@...>, relay=alt1.gmail-smtp-in.l.google.com[74.125.143.27]:25, conn_use=6, delay=21589, delays=21586/2.6/0.11/0.5, dsn=4.2.1, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.143.27] said: 450-4.2.1 The user you are trying to contact is receiving mail too quickly. 450-4.2.1 Please resend your message at a later time. If the user is able to 450-4.2.1 receive mail at that time, your message will be delivered. For more 450-4.2.1 information, please visit 450 4.2.1 http://support.google.com/mail/bin/answer.py?answer=6592 pw9si3558657lbb.147 - gsmtp (in reply to RCPT TO command))

      The latter makes me very worried (that my website will be put on a black list).

      I haven't found a good Drupal solution for my problem yet.

      My question is if there is a way (as a temporary workaround until I find a Drupal side solution) to stop my postfix information from sending mail to any users at gmail.com domain - when they have more than 3 dots in the username part of the mail address?

      I'm okay if I miss few false positives, since my website is just a small card game site and also I have yet to see legit users with three or more dots.

      Please point me to a right direction as I am a Postfix newbie and don't know where to start looking.

      My "postconf -n" output is below (I use virtual_alias_domains to accept mail for several Drupal sites hosted as Apache vhosts at my dedicated server).

      Thank you
      Alex

      postconf -n:

      alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      debug_peer_level = 2
      html_directory = no
      inet_interfaces = all
      inet_protocols = ipv4
      mail_owner = postfix
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      mydestination = $myhostname, localhost.$mydomain, localhost
      newaliases_path = /usr/bin/newaliases.postfix
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
      sample_directory = /usr/share/doc/postfix-2.6.6/samples
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      smtp_generic_maps = hash:/etc/postfix/generic
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = hash:/etc/postfix/virtual




    • lists@rhsoft.net
      ... and that is why i said in lastest releases to point out that configure a MTA is not a game and dangerous until you don t know exactly what you are doing
      Message 38 of 38 , Nov 23, 2013
      • 0 Attachment
        Am 23.11.2013 22:48, schrieb Peter:
        > On 11/24/2013 08:25 AM, lists@... wrote:
        >>
        >> have fun with "reject_unauth_destination" too late and
        >> "check_recipient_access" says "PERMIT" instead "DUNNO"
        >>
        >> a major mistake and becuase it is made too often smtpd_relay_restrictions
        >> was included in the lastest releases
        >>
        >> http://www.postfix.org/SMTPD_ACCESS_README.html#danger
        >
        > From the original post:
        >> I run a Drupal 7 website on a CentOS 6.4 server with postfix-2.6.6-2.2.el6_1.x86_64.
        >
        > smtpd_relay_restrictions was not introduced until postfix 2.10. At any
        > rate, he should be safe as long as there are no PERMIT actions in his
        > pcre_recipients file.

        and that is why i said "in lastest releases" to point out that
        configure a MTA is not a game and dangerous until you don't
        know exactly what you are doing *because* smtpd_relay_restrictions
        did *not* exist as safety net for major mistakes in the past
      Your message has been successfully submitted and would be delivered to recipients shortly.