The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim problem receiving delivery error messages

Discussion in 'General Discussion' started by fenixer, Feb 3, 2008.

  1. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Hello:

    I have a problem related to my exim spool queue, frozing messages simillar like this, where mydomain.tld is a domain hosted by me.

    I guess a spammer used mydomain.tld to send Spam from a non-legitimal server (not mine of course).. the problem is he used random adresses using mydomain.tld to send spam, and 3rd. SMTP servers of course try to send me the "delivery error message", because of spam, or just because any other problem.

    At some cases, my spool queue could have nearly thousands of these emails, the 3rd. SMTP servers sends me without a correct "From:", as you may see.

    I don't know why Exim frozens the emails and maintains them at the queue, instead of simply refuse them or drop them, as the To: adress does not exists in my server.

    Spammer uses <ramdom>@mydomain.tld to send spam from his house, by example --> destination SMTP refuse them and send to my server (mydomain.tld) the current notification to <ramdom>@mydomain.tld --> <ramdom>@mydomain.tld does not exist in my server, and instead of refuse or drop it, it keeps frozen in my queue list.

    Anyone know how to prevent this? Thanks
     
    #1 fenixer, Feb 3, 2008
    Last edited: Feb 3, 2008
  2. sarhosting

    sarhosting Well-Known Member

    Joined:
    Oct 1, 2007
    Messages:
    164
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Twitter:
    I think this could be caused by a mailing list and or Spoofing.

    Do some reverse DNS * SPF Records as well. SHould help stop the spoofing.
     
  3. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Thanks, but I dont think SPF is the solution, since very few domains uses SPF nowadays... the most of the SMTP servers does not care of them.

    The problem is not the spoofing.. Nowadays, I cannot do nothing to prohibit some spammers to use my domain to send spam (yes, SPF, but not much useful nowadays)... the problem is the notifications are getting frozen in my exim, and staying in my spool queue in spite of being deleted (they are going to a non-existent user).

    ¿?
     
  4. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Well, in spite of being using RELEASE in all my servers, I am adding manually through a bash script a SPF record for all my domains hosted, directly writting at var/named/zones the new "standard" record... After that I will configure at DNS templates for new domains...

    Other question is: is exim installed default with cpanel check for SPF records when receiving emails from 3rd SMTPs?

    But this question does not resolv the initial one, since the problem is not the "domain spoofing" here, but EXIM frozing emails with "<> from" instead of giving the fail to the 3rd SMTP server just because delivery address does not exists at my server.
     
  5. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    SMF records applied, but not the most external SMTP servers checks them nowadays... Problem is still... please someone!!

    You can check:
    http://www.configserver.com/free/fail.html

    Well, in my case it justs receives message and then frozen it!!!

    Some more data:

    IN MY QUEUE:
    WHEN TRYING TO DELIVER FROM QUEUE:
    AT LOGS (first time):
    What the hell? It is :FAIL: supposed to reject emails during SMTP protocol!?!?!?! why the email is at my server queue, and frozen?!?!?!

    Please help! I am trying to find a solution, but blackholing it is not a great idea I think.
     
    #5 fenixer, Feb 7, 2008
    Last edited: Feb 7, 2008
  6. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    ok

    finally find the problem for myself...

    Added require verify = recipient before checking anything else and accepting the email.

    Cpanel, with it defaults, first accept the email, and then refuse it sending a bounce message to the external SMTP server.. I think this is a bit crazy.. Why do we have to send the "non existent user" email, instead of just refusing during SMTP protocol the incoming email? for that have I a ":fail:"??? Now, with my modification, is the external SMTP the one who notify the sender.

    CPANEL, I think you might take care of this!
     
Loading...

Share This Page