Koozali.org: home of the SME Server

How to stop spamming on SME 7?

WEBlance

How to stop spamming on SME 7?
« on: October 12, 2006, 09:01:37 AM »
I host a website on my SME 7 where there is a contact form.

Every day I get several failure notices from MAILER-DAEMON@mydomain.dk and are looking something like this:


Hi. This is the qmail-send program at mydomain.dk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<dinotto2@aol.com>:
205.188.158.121 failed after I sent the message.
Remote host said: 554-:  (RLY:CS4) http://postmaster.info.aol.com/errors/554rlycs4.html
554 TRANSACTION FAILED

--- Below this line is a copy of the message.

Return-Path: <anonymous@mydomain.dk>
Received: (qmail 16893 invoked by uid 100); 11 Oct 2006 14:23:42 -0000
Date: 11 Oct 2006 14:23:42 -0000
Message-ID: <20061011142342.16892.qmail@mydomain.dk>
To: website@owner.dk
Subject: www.problemwebsite.info >> Contactform
From: hey@mydomain.dk
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: CompuServe 7.0 for Windows US sub 124
Subject: varieties include the talian prosciutto crudo

hams require a prolonged period of rehydration

a35b8a899efd40b36dae90f413f8f383
.
 <admin@mydomain.dk>


Name: hey
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: CompuServe 7.0 for Windows US sub 124
Subject: varieties include the talian prosciutto crudo
bcc: dinotto2@aol.com

hams require a prolonged period of rehydration

a35b8a899efd40b36dae90f413f8f383
.

How do I stop this?

/Car

Offline mmccarn

  • *
  • 2,626
  • +10/-0
How to stop spamming on SME 7?
« Reply #1 on: October 12, 2006, 01:27:50 PM »
Configure your system to delete double-bounce messages
config setprop qmail DoubleBounceTo devnull
signal-event email-update
/etc/init.d/qmail restart

install qmHandle
http://www.saco-support.de/index.php?_m=downloads&_a=view&parentcategoryid=3&pcid=0&nav=0
On my system, the following command will remove existing double-bounces from the queue:
qmHandle -Sfailure\ notice

And then I run this, to make sure qmHandle hasn't left qmail unstable:
/etc/init.d/qmail restart

Offline byte

  • *
  • 2,183
  • +2/-0
How to stop spamming on SME 7?
« Reply #2 on: October 12, 2006, 01:47:23 PM »
Quote from: "mmccarn"
Configure your system to delete double-bounce messages
config setprop qmail DoubleBounceTo devnull
signal-event email-update
/etc/init.d/qmail restart


Don't forget to expand template so here is the way I would do it...

To stop getting double bounce messages-

[root@server /]# config setprop qmail DoubleBounceTo devnull
[root@server /]# signal-event email-update

If you really geeky Smile You can check the database if you like...

[root@server /]# config show qmail
qmail=service
DoubleBounceTo=devnull
MaxMessageSize=15000000
status=enabled

Expand only the doublebounceto template....

[root@server /]# expand-template /var/qmail/control/doublebounceto

Check /var/qmail/control/doublebounceto is set to devnull.....

[root@server /]# cat /var/qmail/control/doublebounceto
devnull

And restart qmail 'manually'....

[root@server /]# svc -t /service/qmail

I made a note of this from someone who found this, so thanks to them for the original post
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline russs

  • ***
  • 77
  • +0/-0
How to stop spamming on SME 7?
« Reply #3 on: November 02, 2006, 12:21:11 PM »
Just noticed this message when searching for AOL on the Forums.
The reason I am searching is that we have problems with AOL. We cannot get mail to any of our AOL based customers. We are always blocked by them! Sometimes the customers using AOL are on a mailing list and sometimes are emailed directly.

This only started about six months ago when we switched to Eclipse from BT but I cannot blame them for it and they have investigated and found our A and MX records to be set correctly.

I will post further details if anyone replies to this, just wanted to see if this was a common porblem and if anyone had advice on what I have am doing wrong.

We are using the latest version of SME7 of course.

Thanks Guys

Russ
...

Offline raem

  • *
  • 3,972
  • +4/-0
How to stop spamming on SME 7?
« Reply #4 on: November 02, 2006, 12:45:58 PM »
russs

> We cannot get mail to any of our AOL based customers.
> We are always blocked by them!

Your server IP is probably on a RBL list.
Do you have a dynamic IP, if so you should set your email panel to use your ISP's smtp server for outgoing mail. That way the emails appear to come from your ISP's static IP, which hopefully is not on any RBL list.

> This only started about six months ago when we switched to Eclipse from BT ..

Your IP may be a in a block that is being blacklisted by a RBL list.

see
http://openrbl.org/
...

Offline russs

  • ***
  • 77
  • +0/-0
How to stop spamming on SME 7?
« Reply #5 on: November 02, 2006, 12:58:31 PM »
Thanks Ray for your prompt answer,

I had been thinking it was something a little more serious and 'sinister' but in fact it seems (after hanging on the phone for 45 minutes till I got through to AOL) that it is simply their customers reporting our mail as Spam.

So you are right but I had never been able to confirm this for certain before after repeatedly emailing AOL and getting no reply so I was starting to get a little desperate!
Everyone on the SME Forums are so helpful so I thought I'd it a go!

Thanks again

Russ
...

Offline byte

  • *
  • 2,183
  • +2/-0
How to stop spamming on SME 7?
« Reply #6 on: November 02, 2006, 01:44:43 PM »
Quote from: "RayMitchell"

Your IP may be a in a block that is being blacklisted by a RBL list.
see
http://openrbl.org/


Also try www.dnsstuff.com for a whole wide range of tools...As a note we have AOL email address which we use to forward email from their main email account and it works with no problems, so as Ray mentioned you might be in the blacklist?
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline russs

  • ***
  • 77
  • +0/-0
How to stop spamming on SME 7?
« Reply #7 on: November 02, 2006, 01:57:04 PM »
I already use DNS Stuff, an excellent site I have always found.

Thanks Byte, I'll bare it in mind!
...

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
How to stop spamming on SME 7?
« Reply #8 on: November 02, 2006, 04:11:58 PM »
Quote from: "mmccarn"
Configure your system to delete double-bounce messages
config setprop qmail DoubleBounceTo devnull


This is bad advice. And irrelevant advice. SME7 should not see double bounces. Good advice is don't do anything until you understand the problem.

> I host a website on my SME 7 where there is a contact form.

Remove the contact form at once. Do not put it back up until it has been fixed so that it cannot be used to send spam. The users of the form must be prevented from being able to add recipient addresses to the messages the form sends. In the example you have given us, the spammer has been able to add dinotto2@aol.com to the list of message recipients. Fortunately that bounced, so you are informed that there is a problem. You need to fix the problem, which is a problem with your contact form, not with SME server.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
How to stop spamming on SME 7?
« Reply #9 on: November 02, 2006, 05:55:07 PM »
AOL now has a procedure to follow if you are having trouble sending email to their users.  Look at http://postmaster.aol.com/tools/index.html and use the tools provided to make sure your email will be allowed in to their servers.

There is a link on that page to setup a "feedback loop" so that AOL will send you a copy of any email from your server that is reported as SPAM by an AOL user, and another link to request that your mail server be "whitelisted" by AOL.

Quote from: "CharlieBrady"
Quote from: "mmccarn"

Configure your system to delete double-bounce messages
config setprop qmail DoubleBounceTo devnull

This is bad advice. And irrelevant advice. SME7 should not see double bounces. Good advice is don't do anything until you understand the problem.
OK - re-reading this thread from the beginning I, too, find my advice to be irrelevant.  Sorry!  However, since I use an 'internal mail server' I do get double-bounce messages - thousands of them, in fact...

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
How to stop spamming on SME 7?
« Reply #10 on: November 02, 2006, 07:34:04 PM »
Quote from: "mmccarn"

 However, since I use an 'internal mail server' I do get double-bounce messages - thousands of them, in fact...


Ah yes, that's the one case where you will see double-bounce messages. If you can easily obtain the valid address list of the internal server then you should create a custom template to do address validation at the front door.

Offline jonroberts

  • ***
  • 111
  • +0/-0
    • http://www.westcountrybusiness.com
How to stop spamming on SME 7?
« Reply #11 on: November 02, 2006, 07:48:18 PM »
Quote from: "russs"
We cannot get mail to any of our AOL based customers. We are always blocked by them! Sometimes the customers using AOL are on a mailing list and sometimes are emailed directly.


Russ,

I've come across this quite a lot and its mostly down to a Reverse DNS lookup failing.  Check the Reverse DNS entry for your Mail Server's IP address in DNSStuff.

More and more mail servers seem to be using this test to identify Spam.  Basically it takes the IP address of your mail server and does a reverse DNS lookup to see what FQDN it resolves to.  If this fails or the FQDN doesn't match your server's Host Name, its rejected.

Hope that helps.
Jon

There are two solutions to this that I have used.  One is to sent email via your ISP mail servers (You can set this in the Delegate Mail Server part of the email panel of Server Manager).  

The other is to create a valid Reverse DNS entry for your mail server.  You need to contact your ISP for this.  You need a fixed IP address and then they need to configure the PTR record for your IP address to match the FQDN of your Mail server.
......

Offline raem

  • *
  • 3,972
  • +4/-0
How to stop spamming on SME 7?
« Reply #12 on: November 03, 2006, 04:01:37 AM »
jonroberts

> I've come across this quite a lot and its mostly down to a Reverse DNS lookup failing.  
> More and more mail servers seem to be using this test to identify Spam.

Or more correctly to identify spam sources (supposedly).


> The other is to create a valid Reverse DNS entry for your mail server.  > You need to contact your ISP for this.  You need a fixed IP address and > then they need to configure the PTR record for your IP address to
> match the FQDN of your Mail server.


What about the situation that many sme users will be in with hosting multiple domains and email for those domains.

Only email sent that comes from the main domain name address will pass the reverse IP lookup test.

It's a badly flawed test and servers & lists shouldn't be using it.

I have been caught by this one too !

Complain as loudly as you can to ISP's and RBL list maintainers.
...

Offline piran

  • ****
  • 502
  • +0/-0
How to stop spamming on SME 7?
« Reply #13 on: November 03, 2006, 11:46:25 AM »
Quote from: "RayMitchell"
What about the situation that many sme users will be in with hosting multiple domains and email for those domains.
Only email sent that comes from the main domain name address will pass the reverse IP lookup test.
It's a badly flawed test and servers & lists shouldn't be using it.
I have been caught by this one too !
Complain as loudly as you can to ISP's and RBL list maintainers.
It took over a year's complaining to my ISP (BT) asking them to fix
the rDNS on my static IP before they finally agreed;~/ When they had
finally done it I managed to persuade (even) fivetensrc to pull the red
flag (dnsstuff.com) seemingly permanently on my address. I notice that
they still have the rest of BT's range red flagged but my entry has a
special classification returned that doesn't cause alarms. Intermittently an
otherwise good RBL service inaccurately/inappropriately re-classifies that
BT range as being all dynamic, whereas it is all static though admittedly
not all rDNS-enabled. A recent example was the nomorefunn RBL service.

Given the above am I heading for trouble Ray with the dozen or
so domains hosted here? With a rDNS-enabled static IP I have not yet
used BT's own SMTP preferring to 'roll my own' emails with my SME7.

WEBlance
Your text looks very similar to the stuff some of my WordPress blogs
spew up through their contact form plugin mechanisms. A suitable anti
'injection email exploit' mechanism now traps them effectively. Be aware
that you are now likely to be on circulating lists as being 'vulnerable' and
that such exploit attempts will continue albeit (possibly) intermittently.

Offline gbentley

  • ****
  • 482
  • +0/-0
  • Forum Lurker
    • Earth
How to stop spamming on SME 7?
« Reply #14 on: November 03, 2006, 11:56:02 PM »
If you can possibly avoid BT do so. Dont even get me started on BT ... they have caused so many problems for me ....

Note: Even if you ask for static IP all that they do is set your host81-137-236-xxx.in-addr.btopenworld.com named dynamic address with a permanent IP - you are still within a business+residential netblock that has home user spam zombies on it with users that dont care or dont understand and you will soon be on the black lists.

Go with plus.net or pipex ....

 As Bill Cole points out: "The problem with people on dynamic addresses doing that otherwise perfectly reasonable and normal thing (sending mail directly from their ip address) is not that it violates a service contract (in itself it usually does not) but rather that the dynamic nature of the addresses and the sloppiness/laziness/cheapness of their providers makes it impossible for anyone who gets the mail to have anything useful as an audit trail for where the mail came from beyond identifying an IP address. ISP's historically have claimed that they cannot identify the guilty party and more often today fall back to amorphous and grotesquely unethical 'privacy' standards decreeing that they will not identify abusive users. By racing to the bottom on price and service quality, they have also managed to create an environment where it is impossible for them to remain economically viable and police their networks in any but the most coarse and restrictive ways. We have people shunning port 25 traffic from such networks not because it is inherently bad, but because those networks have no overall competent authority and no way for outsiders to determine a competent authority for any specific address at any particular time."
"If you don't know what you want, you end up with a lot you don't."

Offline piran

  • ****
  • 502
  • +0/-0
How to stop spamming on SME 7?
« Reply #15 on: November 04, 2006, 12:43:57 AM »
gbentley----
Ah... I sense the painful stirrings of a fellow openwound sufferer;~/
I didn't ask for a static IP I had to pay through the nose for one, month
after month, until the watchdog got BT to reduce its unhealthy markup.
Yes, IP was blighted from the very moment I signed up (I checked the IP
10secs after its allocation to me and found it was already red flagged).
Bottom line now is that eventually I got a proper rDNS and it works;~)
(crossed digits/touching organic fibrous material)

Offline chris burnat

  • ****
  • 1,135
  • +2/-0
    • http://www.burnat.com
How to stop spamming on SME 7?
« Reply #16 on: November 04, 2006, 08:33:32 AM »
Quote from: "mmccarn"

install qmHandle
http://www.saco-support.de/index.php?_m=downloads&_a=view&parentcategoryid=3&pcid=0&nav=0
On my system, the following command will remove existing double-bounces from the queue:
qmHandle -Sfailure\ notice


mmccarn, where did you find command lines arguments for qmHandle.  I have seen another somewhere to delete a whole cue, but cannot find documentation at SACO.  Many thanks for information. rgds. chris
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
How to stop spamming on SME 7?
« Reply #17 on: November 04, 2006, 09:08:16 AM »
Quote from: "burnat"

mmccarn, where did you find command lines arguments for qmHandle.  I have seen another somewhere to delete a whole cue, but cannot find documentation at SACO.  Many thanks for information. rgds. chris


Code: [Select]
USAGE
-----

Usage is fairly simple. Here goes the help screen:

Available parameters are:
  -a     : try to send all queued messages now (qmail must be running)
  -l     : list message queues
  -L     : list local message queue
  -R     : list remote message queue
  -s     : show some statistics
  -vN    : display message number N
  -dN    : delete message number N
  -Stext : delete all messages that have/contain text as Subject
  -D     : delete all messages in the queue (local & remote)
  -V     : print program version

Additional (optional) parameters are:
  -c     : display colored output
  -N     : list message numbers only
           (to be used either with -l, -L or -R)

It's possible to specify multiple parameters for multiple actions, in any
order.

Please note that you'll have to be superuser (root) in order to use this
program.

A typical output of the command:

qmHandle -l

could be:

-------------------------------------------------
143874 (9, R)
  Return-path: m.beltrame@betamag.com
  From: Michele Beltrame <m.beltrame@betamag.com>
  To: beta-reg@nice.it
  Subject: Re: [beta-reg] Server news pubblico.
  Date: Fri, 10 Apr 1998 09:04:32 +0200
  Size: 1600 bytes
-------------------------------------------------

The first line shows the number the message has in queue (the name of the
files in which it's stored) and, between parentheses, the directory number
where it's located and the queue he's in (L=local, R=remote).

Regards,
William

IF I give advise.. It's only if it was me....

Offline mmccarn

  • *
  • 2,626
  • +10/-0
How to stop spamming on SME 7?
« Reply #18 on: November 04, 2006, 02:26:26 PM »
If you do delete any messages from the queue using qmHandle - whether from the command line or using the server-manager panel - be sure to check the status of "qmail" when you're done as it occasionally crashes after deleting messages and needs to be restarted.

I posted more about this in Qmail problems

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
How to stop spamming on SME 7?
« Reply #19 on: November 04, 2006, 04:19:37 PM »
Quote from: "mmccarn"
If you do delete any messages from the queue using qmHandle - whether from the command line or using the server-manager panel - be sure to check the status of "qmail" when you're done as it occasionally crashes after deleting messages and needs to be restarted.


You should never do anything with the queue without stopping qmail first.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
How to stop spamming on SME 7?
« Reply #20 on: November 04, 2006, 06:12:09 PM »
qmHandle tries to close qmail, it just doesn't always succeed.

There's an open bug on this: http://bugs.contribs.org/show_bug.cgi?id=2020

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
How to stop spamming on SME 7?
« Reply #21 on: April 13, 2007, 09:21:58 PM »
I dont have a webpage with a form and anything, but i have a lot of double-bounce messages, why? i dont want to eliminate, just i wana know why and so try to solve the possible issue.
thks

Offline mmccarn

  • *
  • 2,626
  • +10/-0
How to stop spamming on SME 7?
« Reply #22 on: April 13, 2007, 10:24:34 PM »
The two main sources I've seen for double bounce emails are:

1) SME as a mail filter in front of an "Internal" mail server (Exchange or otherwise):

SME versions prior to 7.1 would accept email to any address at your domain - but if the Internal mail server then rejected the message SME was left trying to send a non-delivery report to the non-existent spam "From" address.  When these bounces fail a "double-bounce" message is sent to postmaster.

2) SME as a mail filter, but with a "backup MX" server run by your ISP

Most backup MX servers accept email for any recipient at your domain.  When SME then refuses the invalid emails the backup MX tries to return them.  The return bounces (since the spammer's didn't use their own email address!) to 'postmaster@...yourdomain' - which is a valid address and gets to your SME as a "double bounce"

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
How to stop spamming on SME 7?
« Reply #23 on: April 19, 2007, 07:19:29 PM »
OK, i found the problem, and it is teh following:

3 years ago, the mail acounts was managed by an ISP, and there was 4 acounts that i dont create when mount the sme email server, those acounts are spamed all the time and as the domain is the same, qmail accept the email but when look at the acount does not exist in the server makes double bounce emails.
So rigth now that i konw what happend, i wana know a way to stop this, how can i reject email to some acounts??? or if the rigth solution is other, what it is?
thanks