Topic: Processing Unwanted Emails

[Mike]

Am using SME 5.6 and in the server manager the options for handling unknown recipients are to bounce them back to the sender or send them to the administrator. The latter is undesireable as one ends up with a heap of junk mail and the first option usually results in the bounce bouncing back into the administrators mail box for whatever reason and I end up with the junk mail in any case!  I would like a third option added to the server manager menu for processing email for unknown recipients and that is simply "Delete It!"

[Klaus Eckert]

in my opinion it is not a good idea to #delete# those emails.

for examlple:
there is a company xyz.com.
an empolyee stops working for that company.
because of that, his mail-account is deleted.
if someone sends an email to this deleted account, he will get an error "user unknown" and he knows that something is wrong.
if the sender does not get the error-message (because his mail was #deleted#), he assumes that the receipt got the message.

any questions?

cheers klaus

[Mike]

I don't see an employee leaving a company as a problem. If somebody leaves normal procedure is firstly for that employee to advise their contacts of the change as a professional courtesy. If this does not happen and in any case their email address is held open and all email redirected to another account for as long as it is necessary.

The issue really is to be able to automatically delete mail to unknown recipients instead of wasting much time everyday physically selecting and deleting what is 100% of the time just rubbish. As delete mail would be an option administrators would still have the choice of sending it to another account or bouncing it and wasting bandwidth but the option would be there to be freely taken.

[Jon Thiele]

Mike wrote:
>
> Am using SME 5.6 and in the server manager the options for
> handling unknown recipients are to bounce them back to the
> sender or send them to the administrator. The latter is
> undesireable as one ends up with a heap of junk mail and the
> first option usually results in the bounce bouncing back into
> the administrators mail box for whatever reason and I end up
> with the junk mail in any case!  I would like a third option
> added to the server manager menu for processing email for
> unknown recipients and that is simply "Delete It!"

charlie brady has a work-around in the thread here:

http://e-smith.org/bboard/read.php?f=1&i=14360&t=14360

[Mike]

Thanks but there appears to be a problem with that patch judging by last entry and with so many clients on this server I cannot afford to have the mail go pear shape. I guess I will have to wait till somebody comes up with a change to the server panel with that option in it to delete all mail to unknown recipeints instead of bouncing it? I am averaging 40-50 unwanted bounces daily at the moment and steadily climbing!!

[Michael Soulier]

Mike wrote:
>
> Thanks but there appears to be a problem with that patch
> judging by last entry and with so many clients on this server
> I cannot afford to have the mail go pear shape. I guess I
> will have to wait till somebody comes up with a change to the
> server panel with that option in it to delete all mail to
> unknown recipeints instead of bouncing it? I am averaging
> 40-50 unwanted bounces daily at the moment and steadily
> climbing!!

Is there a reason why, if these emails are so unwanted, you don't simply filter them? I realize that solution is not as ideal as them not being sent at all, but it should require no effort on your part after it is set up.

Regards,
Mike

[Jon Thiele]

Michael  Soulier wrote:
>
> Mike wrote:
> >
> > Thanks but there appears to be a problem with that patch
> > judging by last entry and with so many clients on this server
> > I cannot afford to have the mail go pear shape. I guess I
> > will have to wait till somebody comes up with a change to the
> > server panel with that option in it to delete all mail to
> > unknown recipeints instead of bouncing it? I am averaging
> > 40-50 unwanted bounces daily at the moment and steadily
> > climbing!!
>
> Is there a reason why, if these emails are so unwanted, you
> don't simply filter them? I realize that solution is not as
> ideal as them not being sent at all, but it should require no
> effort on your part after it is set up.

huh???  how do i filter these messages???  

i'm in the same boat as the original poster of this thread.  i have a list of 15 nonexistant users that get close to a hundred spam messages a day.  when i configure the "unknown e-mail" option as "Return to Sender", they eventually doublebounce.
 
(the only thing i can see is to setup the user and then forward their e-mail to...  where???)

is there a better and easier way to do this???

thanx.

[Ray Mitchell]

Try Message Rules filtering in your admin email client
Send them all to the Deleted folder
Ray

[Mike]

Good idea but unfortunately this does not stop the bounce traffic and many still slip through the filter rules and end up in the inbox. It seems to me that if SME can readily bounce unknown recipients then it should be possible to code the option to delete them?

[Ray Mitchell]

Surely setting up a mail rule that detected this text in the message body will catch ALL double bounces and send them to the deleted folder ?
"I tried to deliver a bounce message to this address, but the bounce bounced!"

Works for me !

Ray

[Mike]

I have no problems with this however it still does not stop the bounce traffic?

[Jason]

Yes, setting up a mail rule will clean up your inbox AFTER you've downloaded the message.  But it does still mean that your client has to download each one.

In my case, I get several hundred junk emails to the admin account per day.  Each time I check my admin email (2 or 3 times per day), it takes in excess of 15 minutes.  Granted, my client virus scanner slows it down a bit, but that is still 45 minutes of wasted time for emails that are going right to the trash.

I agree that there should be a way to stop that many useless messages from having to be downloaded.

[GoatTosser]

I suggest that you look at ASSP.sourceforge.net - Bayesian filter, *lists, written in Perl, platform independant, mail proxy that clobbers spam server side. I have gone from 80-100 spam per day to 1 spam in 9 days, zero false positives. I have been running this on a Mitel SME for about 6 months.

I have tried a number of solutions but this would have to be, in my opinion, the most effective solution yet. It is a mail proxy that sits in front of whatever MTA you use and sits quite nicely on Mitel SME. It is quite easy to set up and there is a HOW-TO for it.

Hope that helps.

[stevo]

By default double bounced messages are sent to postmaster.
This little modification should take care of that.

1) /bin/echo "oblivion" > /var/qmail/control/doublebounceto
2) /bin/echo "#" > /var/qmail/alias/.qmail-oblivion

[Ray Mitchell]

Thanks for that suggestion Stevo, but it did not work. I have tried a couple of other similar suggestions from these forums but they did not work either.

I do have the user manager procmail filtering enabled, would that affect (ie stop or interfere with)  these workarounds from working.

Below is part of a message sent from a fake external address to a non existent address on the sme 5.6 server which was delivered to the admin account.
Any other suggestions ?

Thanks
Ray

Hi. This is the qmail-send program at XXXXXX.org.au.
I tried to deliver a bounce message to this address, but the bounce bounced!

:
Sorry. Although I'm listed as a best-preference MX or A for that host,
it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 30391 invoked for bounce); 31 Oct 2003 06:53:28 -0000
Date: 31 Oct 2003 06:53:28 -0000
From: MAILER-DAEMON@XXXXXX.org.au
To: unknown@domain.com
Subject: failure notice

Hi. This is the qmail-send program at XXXXXX.org.au.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path:
Received: (qmail 30388 invoked by alias); 31 Oct 2003 06:53:28 -0000
Delivered-To: alias-localdelivery-freddie@XXXXXX.org.au
Received: (qmail 30385 invoked from network); 31 Oct 2003 06:53:27 -0000
X-Virus-Scanned: by amavis-ng-0.1.6.4-01dc on XXXX.XXXXXX.org.au
..............

[stevo]

It didn't do anything for me at first either. But since a reboot, (restarting qmail would probably do the same thing) I haven't had a single doublebounce message to admin.

[Ray Mitchell]

>........But since a reboot, (restarting qmail would probably do the same thing)

I did
service qmail restart
and then sent a few test messages

I do not receive any doublebounce messages now.

Thanks Stevo
Regs
Ray

[Brent]

I had a similar problem.  Some infected spam was coming to our machine, to an account which does not exist (ie john@mycompany.com.)  To make matters worse, the address was spoofed as if it was coming from that same account (ie john@mycompany.com.)

When the antivirus found the mail, it sent a warning to the sender, to the recipient and to the admin!!  Two of the three warnings were redirected to admin as unknown accounts are, and the third was already destined for the admin account.  I was receiving 3 identical emails every 2 minutes!!

(I happened to be at home at the time, so luckily our VPN and PuTTY allowed me access to make changes.  This was a godsend since if I'd left it till morning, I'd have had thousands of bounced bounces in my inbox.)

This is what I did:

1.  Under the RAV configuration page, for warning messags, I set all three options (warn_admin, warn_receivers, warn_sender) to "never."  This prevented the message from bouncing around internally as it was the warnings that were double-bouncing.

2.  Under the RAV RBL/WBL lists page, I created a WBL entry for john@mycompany.com as a wbl_discard.  This will prevent any further emails sent from the spoofed john@mycompany.com from getting into our system, thus preventing significant bouncing.

3.  I rebooted the server.

Messages stopped immediately.  It was interesting to note that the messages continued despite restarting qmail - only the reboot was adequate to stop the bouncing.

Hope maybe this helps anybody else!

[raem]

For the benefit of other readers the double bounce message deletion issue was resolved this way.

mkdir -p /etc/e-smith/templates-custom/var/qmail/alias/

touch /etc/e-smith/templates-custom/var/qmail/alias/.qmail-oblivion

/bin/echo "#" > /etc/e-smith/templates-custom/var/qmail/alias/.qmail-oblivion


mkdir -p /etc/e-smith/templates-custom/var/qmail/control/

touch /etc/e-smith/templates-custom/var/qmail/control/doublebounceto

/bin/echo "oblivion" > /etc/e-smith/templates-custom/var/qmail/control/doublebounceto


/sbin/e-smith/expand-template /var/qmail/alias/.qmail-oblivion

/sbin/e-smith/expand-template /var/qmail/control/doublebounceto

service qmail restart

[robwellesley]

sme6 has a devnull=alias entry in the accounts database. and a "pre-set" .qmail-devnull in /var/qmail/alias containing our friendly # character

So all that is need is...
# mkdir -p /etc/e-smith/templates-custom/var/qmail/control
# echo devnull > /etc/e-smith/templates-custom/var/qmail/control/doublebounceto
# /sbin/e-smith/signal-event email-update

[Lada]

Saw that this morning. I've said it before....for all you want to talk about United and their international profile http://download-audio.b0x.com, they really seem to do business the right way. I'm interested to see just how much Kenyon had to do with these results, so next year will be interesting.