The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail filtering / default address

Discussion in 'E-mail Discussions' started by larkim, Mar 3, 2008.

  1. larkim

    larkim Member

    Joined:
    Sep 27, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hi

    For a while I've had a set up which uses mail filtering to match certain words and forward those mails to specific addresses. e.g. "header_to contains "matthew"" which picks up anything addressed to *****.matthew@mydomain.com and forwards it to "matthew@mydomain.com" (an account set up via cPanel on the server)."

    Anything which failed to be filtered onwards like this would remain in the default user account where the default mail address for the domain was set to :fail:

    Last week this all seemed to stop working. Mails addressed to "matthew@mydomain.com" were properly filtered, but mails addressed to "*****.matthew@mydomain.com" were bounced (550), and testing through the cPanel trace mail gave "virtual_aliases via virtual_aliases router forced address failure".

    I unset the :fail: on the default address (set it to the account name - i.e. username), and miraculously the mails started coming through. Unfortunately, now all the junk misaddressed stuff (about 3000 per day) is coming into the main account mailbox (username@mydomain.com).

    Which set of events is "right"? i.e. how can I ignore all of the badly formed addresses?

    Thanks!

    Matt
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Generally the mentality nowadays is to disable catch-all by setting your default address to :fail:. After that, put in the appropriate redirects etc. to get mail that should be sent to you relayed to you.

    Setting the default address to anything other than :fail: or :blackhole: will likely result in the receipt of much spam.
     
  3. larkim

    larkim Member

    Joined:
    Sep 27, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Thanks.

    The odd thing is that previously I did have it set to :fail: and that it all worked fine.

    However, a couple of weeks ago it stopped.

    Can I clarify the order of events that will happen, because it seems to me that things have moved out of order.

    Firstly, the working setup (as I interpret it)
    - mail received on the server
    - mail tested against existing filters and deliveries initiated
    - mail which does not match any filter then delivered either to an existing account based on the address matching perfectly, or delivered to the "catch all" address (and therefore failing)

    Secondly, the setup which now seems to happen (again, as I intepret it)
    - mail received on the server
    - mail tested to determine if it matches exactly any specific account set up
    - mail which does not match any filter then delivered either to the "catch all" address

    So, in the first example, a mail addressed to cpanel.matthew@mydomain.com would:-
    -arrive on the server
    -match a filter which says "deliver anything addressed to an address with the word "matthew" in it to the account "matthew@mydomain.com"

    However, in the second example, the same mail would:-
    -arrive on the server
    -not match any specific account and therefore deliver to the default address
    -be processed by :fail:

    Am I right in making my assumptions about the order of events and where the filtering kicks in?

    Sorry for the lengthy post, I'd just like to understand it more fully.

    Thanks!

    Matt
     
  4. larkim

    larkim Member

    Joined:
    Sep 27, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Just to round this off, I've fixed my personal problems with this with some (not very clever) lateral thinking.

    The problem is that my catch all address is catching loads of traffic. The answer is to use a cron task to delete these mails once they arrive.

    This morning when I checked the catch all address (which I now seem to have to have enabled otherwise the filters don't work) there were 22,000 spam mails (all received since Friday evening), so I needed a solution.

    So I run rm ./mail/cur/* every 5 minutes and all of the catch all mails are deleted.

    Seems to work, unless anyone has any good reasons why I shouldn't be doing this!

    Matt
     
  5. larkim

    larkim Member

    Joined:
    Sep 27, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, this is turning into a one man posting session. I was hoping someone could chip in with at least a comment on what I'm doing.

    Anyway, it seems to me that since I had to take off :fail: from the default email address, I'm getting increasingly large amounts of spam.

    Is that likely to be because the spam is being accepted by a mail server, rather than rejected with a failure notice?

    Any help gratefully received.

    Matt
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I wouldn't suggest "taking off" :fail:
    Also I would suggest enabling Email Authentication as well. Should help some.
     
  7. larkim

    larkim Member

    Joined:
    Sep 27, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I agree, I don't like having :fail: off, but if I don't (see first post) then much legitimate mail fails to get through to me.

    Perhaps my own fault for the type of email addresses that I give out to non-personal contacts, but that's my problem!

    What is email authentication? Is that SPF?

    Matt
     
Loading...

Share This Page