D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] sendmail rejects

On 2004.07.09 12:53 Julian Hall wrote:

Wouldn't that depend on the wording of the bounce?

e.g. Unknown user would mean the domain exists but the user doesn't,
whereas
Unknown Host/Domain would mean the entire network was non-existent.

For example if I were a spammer and sent a mail to
anybody@xxxxxxxxxxxx and
got a bounce back saying (and I forget the exact wording) something to
the
effect that there is no mail server active on that domain I would give
up
and move on.  If I got a bounce saying "Unknown user" then I may be
inclined
to be more persistent.


Unfortunately, as most of the spam is automated, and virus driven, they (the spammers) don't care if the mail gets delivered or not. Enough do, to make it worth their while. Here's an excerpt from my sendmail error logs :
i67IrGj10730: ruleset=check_mail, arg1=<oxcmbjnlv@xxxxxxxxxxx>,
relay=root@xxxxxxxxx, reject=550 5.7.1 <oxcmbjnlv@xxxxxxxxxxx>... Access denied
i67IrDi10721: i67IrGX10726: DSN: Service unavailable
i67IrGX10726: i67IrGY10726: return to sender: User unknown
NOQUEUE: [211.161.131.166] did not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA
i67JlKi12338: ruleset=check_mail, arg1=<ricci@xxxxxx>, relay=[61.109.44.10],
reject=553 5.1.8 <ricci@xxxxxx>... Domain of sender address ricci@xxxxxx does
not exist
i67L7Zi14576: ruleset=check_mail, arg1=<Almaox@xxxxxxxxxxxx>,
relay=[219.252.106.23], reject=553 5.1.8 <Almaox@xxxxxxxxxxxx>... Domain of
sender address Almaox@xxxxxxxxxxxx does not exist
i67L8vi14591: ruleset=check_mail, arg1=<Jefferykut@xxxxxxxxxxxx>,
relay=CPE-144-136-196-190.sa.bigpond.net.au [144.136.196.190], reject=553 5.1.8
<Jefferykut@xxxxxxxxxxxx>... Domain of sender address Jefferykut@xxxxxxxxxxxx
does not exist
i67LUdi15228: ruleset=check_mail, arg1=<billiebragg_sl@xxxxxxxxxxx>,
relay=113-46-237-24.gci.net [24.237.46.113], reject=553 5.1.8
<billiebragg_sl@xxxxxxxxxxx>... Domain of sender address
billiebragg_sl@xxxxxxxxxxx does not exist
i67MCOi17552: ruleset=check_mail, arg1=<pallas@xxxxxxxxxxxxxxxxx>,
relay=178.Red-80-33-173.pooles.rima-tde.net [80.33.173.178], reject=553 5.1.8
<pallas@xxxxxxxxxxxxxxxxx>... Domain of sender address pallas@xxxxxxxxxxxxxxxxx
does not exist
i67MCPi17554: ruleset=check_mail, arg1=<doc5@xxxxxxxxxxxxxxx>,
relay=c-24-17-104-138.client.comcast.net [24.17.104.138], reject=553 5.1.8
<doc5@xxxxxxxxxxxxxxx>... Domain of sender address doc5@xxxxxxxxxxxxxxx does not
exist
i67MTLi17993: i67MUFP18010: DSN: Service unavailable
i67MUJj18014: ruleset=check_mail, arg1=<yfotdraeclmssi@xxxxxxxxxxx>,
relay=root@xxxxxxxxx, reject=550 5.7.1 <yfotdraeclmssi@xxxxxxxxxxx>... Access
denied
i67MUFP18010: i67MUFQ18010: return to sender: User unknown
i67LUhi15229: timeout waiting for input from
210.Red-217-125-48.pooles.rima-tde.net during server cmd read
NOQUEUE: 210.Red-217-125-48.pooles.rima-tde.net [217.125.48.210] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
i67N31j19187: ruleset=check_mail, arg1=<phssptibwxfqz@xxxxxxxxxxx>,
relay=root@xxxxxxxxx, reject=550 5.7.1 <phssptibwxfqz@xxxxxxxxxxx>... Access
denied

As you can see, most of the addresses, both sender and receiver are complete rubbish.

As I previously said, I send any mail not addressed exactly to one of my users, straight to /dev/null
I do that by having the catch-all for the domain point to /ev/null because the spammers will try anything@xxxxxxxxxxxxx just because the domain is registered. Simple to set up a script to query whois and then mail bomb any domains found.
I did consider trying to filter the spam at first, but lets face it, whats wrong with having a real email address (alias is fine) ?
In the last 5 days my main server has binned 2562 messages that were caught by the catch-all. Thats out of 7000 in total. I don't get any complaints from my users either, so it must be better than it was before.

Now, if only I could work out how to avoid the postmaster notify messages from fake domain bounces ....
I get maybe 80 a day at present.

Anyway,

regards
alan

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly