Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: I getting tired of this: bounced emails clogging the queue

  1. #1
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default I getting tired of this: bounced emails clogging the queue

    I've been reading these forums and seeing others with similar problems and I believe it's about time someone, (Cpanel?) step up to the plate and resolve this situation.

    Here (for about the 6th time posting here) is the problem:

    user@domain.com gets ton of spam. He decides to delete user@domain.com and creates user1@domain.com. However the spam keeps coming to user@domain.com, but now bounces, and goes into the queue where it sits... Now multiple that by a few dozen users per account, times 200 accounts per box... and you have a real problem.

    Now add:

    Every account that the admin or a reseller creates also has with it an email loginid@domain.com associated with it. 99.99% of the users never use that email address, but because spammer use finger (or something else) they always find that login and instantly send millions of spams to it.

    Now add:

    Many of us used to use the catchall. That was fine in the days of a civilized internet, but today, it's email anarchy and now we get joe1@domain.com joe2@domain.com, joe3@domain.com etc... even totally random names thlj24@domain.com.

    Now you add all these together, run top and you see exim sitting there all day long at the top of the chart. You see sever loads going from 1 to 20, even as high as 900 one day, all with multiple runnings of exim.

    I completely admit, I don't know the ins and outs of exim, so I need someone, (CPanel?) to step up and find some solution to this.

    The first one is simple: if there is no user@domain.com account, just FAIL it. To me that's a no brainer. We don't need to bounce it to the admin to tell him there is no such user.

    Second, every email account loginid@domain.com should instantly be set to FAIL. IN fact, why (and how) are we broadcasting this information? it's half the login sequence. Sure makes it easier for the hackers and creeps.

    Third, on catchalls... we need something, but frankly I don't know what. Maybe someone here has an idea. Perhaps a checkbox system where the admin could log in and either "confirm" or "fail" and email address. If they are confirmed, they pass thru, if they fail, everything to that address just goes away.

    In the 12 hours since I last cleared the queue, there are now over 5000 email sitting in there. And I have it set to flush every 24 hours. I can't imagine how much better all of our servers would run if there would be an end to these "lower than pig sh*t" spammers.

    The situation, imo, is completely out of hand and all network administrators are wasting untold hours fighting something that should not exist in the first place.

  2. #2
    Registered Member
    Join Date
    Feb 2004
    Posts
    469

    Default

    ...The first one is simple: if there is no user@domain.com account, just FAIL it. To me that's a no brainer. We don't need to bounce it to the admin to tell him there is no such user.
    If you use :fail: email bounces and joins the queue and the system gets an email.
    If you use :blackhole: the mail will go into oblivian and not join any queues and the system gets no emails.

    Quote from cPanel: 'Default Address/Set Default Address' Hint: You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address here to bounce it.
    HTH

  3. #3
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default

    Originally posted by Izzee
    If you use :fail: email bounces and joins the queue and the system gets an email.
    If you use :blackhole: the mail will go into oblivian and not join any queues and the system gets no emails.

    Quote from cPanel: 'Default Address/Set Default Address' Hint: You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address here to bounce it.
    HTH
    But here's the problem: When a client (of which we have hundreds) "gets rid of" their old email address, they just delete the "user" from their control panel and creates a new one. They do not go the next step forward and log into the forwarders and setup "oldemail@domain.com" to "blackhole."

    The "default" address, what I'm refering to is: login-id@domain.com. That is never used. If I set the "default" to "blackhole" I do not think this applies to "loginid@domain.com" because that's a valid account as far as the server is concerned.

    Am I wrong in that belief?

  4. #4
    Registered Member
    Join Date
    Feb 2004
    Posts
    469

    Default

    Please follow me as its the only way I can explain this. You will know what to do and I appreciate that but if you can follow this you will get rid of your queues and your hassles. I have no queues unless a client makes a mistake, which is very rare.

    Open up a cPanel and go to E-mail/Manage Accounts.

    You will now be in the Mail Account Maintenance screen.

    First entry is your infamous login-id@domain.com marked as Main Account with Login as login-id and ReadWebmail only.

    The next entry will be a user account user@domain.com with:
    Account - user@domain.com Login - user+domain.com - Delete - Read Webmail - Change Quota - Change Pass

    There will usually be many others, we only nead to worry about 1 account as the rest is just a duplication. Note we have not refered to a default account yet.

    Note the Main Account is never used as you say.

    Now lets go back to the main cPanel menu.

    Go to E-mail/Default Address.

    You will now be in the Default Address Maintenance screen.

    All unrouted mail will be sent to:

    This will be blank if you have the catchall enabled. We will now remove the catchall and define a default address. Here now is where this default address comes into play.

    Select Set Default Address.

    Up comes the Default Address Maintenance screen.

    Have it do this:
    Send all unrouted e-mail for: domain.com to: :blackhole: Click Select

    If you go back to the Default Address Maintenance screen you should now see:

    All unrouted mail will be sent to: domain.com
    This is what is now called the Default Address

    We have now got rid of our catchall and any mail that is addressed to anyemailaddress@domain.com other than user@domain.com will be blackholed never to be heard of again.

    This applies to any clients deleted e-mail accounts. No need to forward anything. It is taken care of by this one process we have just completed above.

    You need then to go WHM and delete all the mail in the queue that you can and then keep your eye on it for a while. If you start to get the queue again look at the email and it will tell you in the header which account is having problems. It will say something like blogs@thisdomain.com FAILED no such address here (this is the clue). Get the owner of that account to set up Default Address like above and not to use :fail: but to use :blackhole: instead. That will be one less in the queue in future.
    I don't know of a quicker way but someone might. I do this right from the start so I don't have a huge build up before I have to do something about it.
    HTH

  5. #5
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default

    Thank you for your explanation. But am I reading this correctly? You want me to do this for every account on the box?

  6. #6
    Registered Member
    Join Date
    Jul 2002
    Posts
    303

    Default

    problem is that we have to go and add this changes manually to every account...

  7. #7
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default

    Originally posted by wimp
    problem is that we have to go and add this changes manually to every account...
    Not only that, but how am I supposed to log into my customers accounts to do this?

  8. #8
    Registered Member
    Join Date
    Feb 2004
    Posts
    469

    Default

    In WHM under Account Functions/List Accounts click on the cPanel logo in the column between the Domain and the IP of the account you want to access.

    Then when asked for user/pass copy the clients users name, which is also very handy, into the text field then use your root password in the other text field.

    You should now have access to your clients cPanel.
    HTH

  9. #9
    Registered Member dory36's Avatar
    Join Date
    Aug 2003
    Posts
    179

    Default

    You'l have to figure out what to do about your existing customers -- that is tricky from a customer relations point of view, although you can login to their cpanel with their user name (as seen in whm) and your root or reseller password.

    For future customers, go to /scripts/wwwacct and search for "*:" $user (or something like that) and change it to read "*: :blackhole:" -- then new accounts' default will be to discared mail to unknown users.

    Thanks to whoever posted that fix here a while back.

    Bill

  10. #10
    Registered Member
    Join Date
    Feb 2004
    Posts
    469

    Default

    Originally posted by dory36
    ...For future customers, go to /scripts/wwwacct and search for "*:" $user (or something like that) and change it to read "*: :blackhole:" -- then new accounts' default will be to discared mail to unknown users.

    Thanks to whoever posted that fix here a while back.

    Bill
    That is minus the "" and edit the /scripts/wwwactt not run it.
    So should read like this:
    edit /scripts/wwwacct and arround line 1108 find *: $user and replace it with *: :blackhole:

    Find:
    1106 open(VALIAS,">/etc/valiases/$domain");
    1107 print VALIAS <<EOM;
    1108 *: $user
    1109 EOM
    1110 close(VALIAS);
    Edited:
    1106 open(VALIAS,">/etc/valiases/$domain");
    1107 print VALIAS <<EOM;
    1108 *: :blackhole:
    1109 EOM
    1110 close(VALIAS);

    Thats how I interpreted Bill's post above. Would that be right?
    And this is only relevant for new clients as wwwacct is the account set up script.

    With regard to PR of current clients, a broadcast email to the effect that bulk spam is clogging up the works and slowing the servers down, but a fix that can be activated from within clients cPanels by admin can be achieved, yadda yadda... May help to overcome any PR issues. Nobody likes that 4 letter word spam.

  11. #11
    Registered Member dory36's Avatar
    Join Date
    Aug 2003
    Posts
    179

    Default

    Yep - that's what I meant.

    If you install or uninstall cPanel Pro or perhaps update it, you might find that wwwacct gets overwritten, so it is worth checking every once in a while. I just do grep blackhole /scripts/wwacct after any action that I suspect might update that file.

    Bill

  12. #12
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default

    thanks for the info.

    There is still the issue of the "other" default email address. The above works for for "undefined" but by default when you setup an account on an cpanel server, it creates a valid email account: UsersLoginID@UsersDomain.com. That is NOT "unrouted" email because cpanel creates that email address when you setup the account, and so far, I can't find a way to set that to :blackhole:

  13. #13
    Registered Member dory36's Avatar
    Join Date
    Aug 2003
    Posts
    179

    Default

    It looks to me like the place where you set the :blackhole: in wwwacct is where it is writing the /etc/valiases file for the new account.

    I wonder if you could so something like $user: :blackhole: on the next line?

    Bill

  14. #14
    Registered Member
    Join Date
    Jun 2003
    Posts
    176

    Default

    Here's a new twist to this problem:

    I had my customer :blackhole: a junk email address and got this now:


    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    webmaster@customersdomain.com
    error in redirect data: missing or malformed local part (expected word or "<") in ":blackhole":
    retry timeout exceeded



    I just logged into his account to chk how it set it up and he's got it right. :blackhole:

    could this be a bug in cpanel?
    Last edited by matt621; 04-19-2004 at 01:02 AM.

  15. #15
    Registered Member
    Join Date
    Aug 2003
    Location
    United Kingdom
    Posts
    186

    Default

    Open up an ssh session and check the file /etc/valiases/customersdomain.com

    Check the last line reads:

    *: :blackhole:

    This is the file that cpanel refers to, just in case there is a bug in the interface.
    Last edited by projectandrew; 05-19-2004 at 09:16 AM.

Page 1 of 2 12 LastLast

Similar Threads

  1. bounced emails going to nobody
    By ramorse in forum cPanel & WHM Discussions
    Replies: 25
    Last Post: 05-26-2010, 03:01 PM
  2. SpamAssassin Problems - spamd failed, message queue clogging up
    By graham_w in forum cPanel & WHM Discussions
    Replies: 5
    Last Post: 06-21-2006, 10:51 AM
  3. Emails being bounced
    By WGN in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 02-07-2006, 10:33 AM
  4. Sick and tired of getting the cpanel daily run emails!!!!!!!!!
    By Jeff75 in forum cPanel & WHM Discussions
    Replies: 8
    Last Post: 08-22-2004, 12:33 PM
  5. Bounced emails
    By sigep739 in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 05-26-2004, 06:06 PM
bargain