The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mailman forwarding invalid mail to root

Discussion in 'E-mail Discussions' started by anoetic, Feb 22, 2008.

  1. anoetic

    anoetic Active Member

    Joined:
    Feb 5, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Spammers are sending mail to mailman-request@example.com and mailman-bounces@example.com (where example.com is one of the domains on my server). There is no "mailman" list under the domain or any other domain on my server, but these messages are being forwarded to root. I cannot find where this is being done or how I can stop it. I want Mailman to discard any messages for which there is no valid mailing list. How do I accomplish this?
     
  2. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    After the recent Mailman upgrade, this is happening to me also.

    One example: spam sent to mailman-bounces or mailman-owner or mailman-request @somecust.com. Even if I create a forwarder for mailman-bounces@somecust.com, in that customer's cPanel, and set it to "Discard at SMTP time with error", so that we do not accept the message... it just does not work.

    Here are some headers... see for yourself how messed up this is:

    www4.myserver.com is my cPanel hosting server
    somecust.com is the customer that has a hosting account on this cPanel server


    Received: from localhost ([127.0.0.1] helo=www4.myserver.com)
    by www4.myserver.com with esmtp (Exim 4.69)
    (envelope-from <mailman-bounces@www4.myserver.com>)
    id 1KkfGv-000843-T5
    for root@localhost.myserver.com; Tue, 30 Sep 2008 08:28:14 -0500
    Received: from 163.red-79-155-49.staticip.rima-tde.net ([79.155.49.163]
    helo=102.Red-88-17-105.dynamicIP.rima-tde.net)
    by www4.myserver.com with esmtp (Exim 4.69)
    (envelope-from <outsyn_2000@spammer.com>) id 1KkfGp-00083l-OR
    for mailman-owner@myhost.com; Tue, 30 Sep 2008 08:28:08 -0500
    From: London <outsyn_2000@spammer.com>
    To: <mailman-owner@somecust.com>


    Notice how the message is sent to mailman-owner@somecust.com, but it is immediately put into the root@localhost account.

    As far as I know, NOTHING should be sent to mailman-anything @ anycustomer -- these are bogus addresses and should not be accepted.

    Help?

    - Scott
     
  3. vlsoft

    vlsoft Registered

    Joined:
    Jan 11, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    If you have exim, there should be a mailman_virtual_transport & mailman_virtual_router section in /etc/exim.conf .
    These normally won't let bogus mail in, but they watch only the suffix like this (found in mailman_virtual_router section):
    local_part_suffix = -admin : \
    -bounces : -bounces+* : \
    -confirm : -confirm+* : \
    -join : -leave : \
    -owner : -request : \
    -subscribe : -unsubscribe

    So there it is, they can write to non-existant lists too - and the mailman router is before any of the other routers, so it even misses the spam check on my config. However, this was no problem for me so far, we host only moderated lists.

    If you host only a small number of lists, you should write a few extra checks with
    {match{$local_part}

    If you look into your exim.conf, there are already rules for the -bounce suffix there:
    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}

    So you should write a few like these for the other valid suffixes.

    Edit: BEFORE MESSING WITH exim.conf, SAVE A BACKUP SOMEWHERE, BECAUSE IT'S WISE TO RESTORE THE ORIGINAL BEFORE USING WHM'S EXIM CONFIG EDITOR!
    Hope this helps, but bear in mind, that if you modify /etc/exim.conf, it would be overwritten by cpanel at the next update, so it's OK for testing things, but for permanent results you should put in the necessary changes through WHM's exim config editor.


    Oh, and after modifying exim's config, you must restart exim for the changes to take effect...
     
    #3 vlsoft, Oct 2, 2008
    Last edited: Oct 2, 2008
Loading...

Share This Page