Topic: sending email to unknown users to dev/null?

[chris burnat]

We are at the moment bombarded by hundred of email to fictitious users.  Is there a way to kill these emails, in lieu of sending back to sender or forwarding to admin?  Any assistance would be very appreciated - done a search, no results.  Thanks. chris

[raem]

burnat

> done a search, no results

What did you search on ?

Look here for dungog-mailblocking and double bounce control
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Mail%20system%20tweaks%20HOWTO%20for%20sme%20server.htm

[chris burnat]

Thank you Ray.  Searched for mail blocking etc, and I have dungog mail blocking contrib installed.  However, and I could be wrong, when blocking an email addressed to an unknown user, the server still reply to the sender, correct?  

2005-05-25 12:20:15.866166500 smtpfront-qmail[10179]: MAIL FROM:<chris@domain1.com>
2005-05-25 12:20:15.866531500 smtpfront-qmail[10179]: RCPT TO:<joe@domain2.com>
2005-05-25 12:20:15.866774500 smtpfront-qmail[10179]: Sorry, that is an invalid e-mail address
2005-05-25 12:20:15.867195500 smtpfront-qmail[10179]: bytes in: 85 bytes out: 141

results in the following return to sender:

Hi. This is the qmail-send program at domain1.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<joe@domain2>:
203.47.xx.xxx does not like recipient.
Remote host said: 553 Sorry, that is an invalid e-mail address
Giving up on 203.47.xx.xxx.

What I would like to do is no to reply at all, saving bandwidth and also not confirming the existence of the mail server - maybe the robots would give up.  I've noticed this hapening when changing ssh port 22 to a higher port, if it does no reply, they go away.

How to do this?  Creating individual mail rules for each "sender" is not practical, they keep changing all the time...

[raem]

burnat

> Sorry, that is an invalid e-mail address
> bytes in: 85 bytes out: 141

> What I would like to do is no to reply at all,
> saving bandwidth and also not confirming the
> existence of the mail server

You are talking a very few bytes per message, not likely to create bandwidth problems for most users here.
I also suggested enabling the double bounce control, so you are not bothered by the return failure messages (out of sight out of mind so to speak).

There is no way you can hide your server from the Internet if you have active open ports.
I think you are overconcerned about the "problem".


> Creating individual mail rules for each "sender" is not practical, they keep changing all the time

Even if you did that, it still wouldn't stop the traffic !

[chris burnat]

Thansk for replying Ray, I see your point. I use double-bounce, a real saving grace!  However, consider; some days, I get over 1000 or so emails addressed to non-existent users based on a dictionary, starting with aba and ending with zoo. I would like, as a test, to send all this garbage to dev/nul instead of returning to sender or forwarding to admin.  Unfortunately, I do not know enough to achieve this, hence my question.  Can you suggest something? There was a post about this a while back, and so there is interest I think. Regards, chris.

[raem]

burnat

> ....some days, I get over 1000 or so emails addressed to non-existent users.....

So you are talking about 200K or so per day of unwanted traffic, irrelevant for anyone on broadband.

> I would like...to send all this garbage to dev/nul instead of returning to sender or forwarding to admin.

If you set your system to Return to Sender and they then bounce as the return addresses are bogus, then any  double bounces returned to admin get sent to the bit bucket by the double bounce deletion anyway ! I agree it's a step later in the process but it certainly doesn't require any effort from the administrator to deal with these types of messages, it all happens automatically.

Note that if you accept the messages in the first place (as you wish to) and then delete them (send to dev/nul, then you have still accepted that traffic anyway.

It's hardly worth the effort to do anythoing about it all, just let the system run on auto pilot as is.