The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do spammers get past the :FAIL: default configuration?

Discussion in 'General Discussion' started by Canned_Heat, Jan 6, 2004.

  1. Canned_Heat

    Canned_Heat Member

    Joined:
    Oct 8, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I have default email configed with :fail:.

    I received a spam email addressed to:
    honey1@mydomain.com and of course, there is no pop account or forward with that name.

    So I tested it myself with another email account, sending an email to the honey1@ address. It bounced just like it was supposed to... invalid address.

    So how do spammers get past the :fail: and what can be done to tighten things up?

    Thanks,
    CH
     
  2. Canned_Heat

    Canned_Heat Member

    Joined:
    Oct 8, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    If somebody in these forums cannot answer this, can somebody recommend a site/forum about spam where I can post the question? I would really like to know why stuff is slipping by.

    Thanks
     
  3. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    It may have been addressed to honey1@yourdomain but it probably had a bcc of a valid email address.

    I believe the only way you could tell is by looking at the header of the email message and see who it was delivered to.

    Chris
     
  4. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Are you using <accountname>@domain as your default email or have you set up another account (badmail@domain for example) to handle this mail?

    You should setup a seperate account for handling non-existant addresses and then set the delivery options you want :)blackhole:, :fail:, etc) on that account. There have been numerous posts on this forum concerning the problems associated with using the main account address as the default email address.
     
  5. Canned_Heat

    Canned_Heat Member

    Joined:
    Oct 8, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I learned forwarding to the main default does not work. What I had done was set up all POP and forward accounts as I wanted them, then on the default page set mydomain.com to :fail:

    Per your above reply (thanks) this is what I have now done:

    1. created a POP account named fail@mydomain.com

    2. in the Default Address section I have set fail@mydomain.com to receive all unrouted mail to mydomain.com

    3. In my version of cpanel, I did not see an option to set the delivery options of the POP account fail@mydomain.com to :fail: so in the Forwarder section I set the forward for that address to :fail: which I assume is the same thing.

    Thanks for your help. I'll see how it works.

    CH
     
  6. webfeatus

    webfeatus Active Member

    Joined:
    Jul 28, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bali
    Be discourteous.

    Use :blackhole:

    (spammers beat me into this approach - I can't be bothered any more)
     
  7. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    :blackhole: is useless. Why accept spam and waste bandwidth accepting spam when you can stop most of it dead in its tracks?
     
  8. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    :blackhole: is useless? I have hundreds of email messages stuck in my servers mail queue because users have their default email account set to :fail: -- fail tries to send a message back to the sender and in most cases the senders email address is not a valid email address. I would much rather my customers use :blackhole:, that would keep the messages from clogging up the mail queue.
     
  9. Canned_Heat

    Canned_Heat Member

    Joined:
    Oct 8, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hmmmmm good points. A couple of questions.

    First, I would tend to use :fail: because if a legitimate email tries to get thru to an address I forgot to forward, then I want that user to know and contact me for a valid address.

    On the other hand, is this correct?:

    spammer sends spam

    but the address is not valid so a bounce message is sent back to spammer

    but because spammer went thru 3,479 open relays, and the final sending address was not valid, -that- server sends a bounce message back to me, (to my default account?) clogging up my server.

    Correct?

    CH
     
  10. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator

    What's more likely to happen is:

    spammer sends spam

    default address is set to :fail: and the email address the spammer emailed is not valid so error message is sent to spammer

    spammers email address is bogus so error message to spammer sits in the mail queue for 5 days.
     
    #10 Curious Too, Jan 8, 2004
    Last edited: Jan 8, 2004
  11. Afro Boy

    Afro Boy Member

    Joined:
    Oct 14, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    This is my preferred set-up too. If someone (spammer or not) send e-mail to an invalid address, they should receive a bounce back e-mail.

    If it is a spammer and their bounce sits on my server ... well, can anyone write a little cron job script to periodically empty that out?

    Cheers,
    Af.
     
  12. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    I didnt say fail works either. I said blackhole is useless and that includes fail. I'd hate to see your bandwidth usage just because you allowed thousands of spam msgs to arrive to blackhole. Also, when you do this, it give spammers a reason to continue sending spam thinking its being delivered to your server when in fact its going into oblivion. How do they know this? If you want fail to work properly get the modification from the Rackshack forum, posted by aussie, that turns fail into a working option.
     
  13. webfeatus

    webfeatus Active Member

    Joined:
    Jul 28, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bali
    aussie has 2240 posts and I have done several searches.

    Do you have time to supply the link?
     
  14. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
  15. webfeatus

    webfeatus Active Member

    Joined:
    Jul 28, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bali
    That's it thanks.

    (and it is a wonder why cPanel does not offer this option)
     

Share This Page