Spammers are sending mail to [email protected] and [email protected] (where example.com is one of the domains on my server). There is no "mailman" list under the domain or any other domain on my server, but these messages are being forwarded to root. I cannot find where this is being done or how I can stop it. I want Mailman to discard any messages for which there is no valid mailing list. How do I accomplish this?
After the recent Mailman upgrade, this is happening to me also.
One example: spam sent to mailman-bounces or mailman-owner or mailman-request @somecust.com. Even if I create a forwarder for [email protected], in that customer's cPanel, and set it to "Discard at SMTP time with error", so that we do not accept the message... it just does not work.
Here are some headers... see for yourself how messed up this is:
www4.myserver.com is my cPanel hosting server
somecust.com is the customer that has a hosting account on this cPanel server
Received: from localhost ([127.0.0.1] helo=www4.myserver.com)
by www4.myserver.com with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1KkfGv-000843-T5
for [email protected]; Tue, 30 Sep 2008 08:28:14 -0500
Received: from 163.red-79-155-49.staticip.rima-tde.net ([79.155.49.163]
helo=102.Red-88-17-105.dynamicIP.rima-tde.net)
by www4.myserver.com with esmtp (Exim 4.69)
(envelope-from <[email protected]>) id 1KkfGp-00083l-OR
for [email protected]; Tue, 30 Sep 2008 08:28:08 -0500
From: London <[email protected]>
To: <[email protected]>
Notice how the message is sent to [email protected], but it is immediately put into the [email protected] account.
As far as I know, NOTHING should be sent to mailman-anything @ anycustomer -- these are bogus addresses and should not be accepted.
Help?
- Scott
One example: spam sent to mailman-bounces or mailman-owner or mailman-request @somecust.com. Even if I create a forwarder for [email protected], in that customer's cPanel, and set it to "Discard at SMTP time with error", so that we do not accept the message... it just does not work.
Here are some headers... see for yourself how messed up this is:
www4.myserver.com is my cPanel hosting server
somecust.com is the customer that has a hosting account on this cPanel server
Received: from localhost ([127.0.0.1] helo=www4.myserver.com)
by www4.myserver.com with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1KkfGv-000843-T5
for [email protected]; Tue, 30 Sep 2008 08:28:14 -0500
Received: from 163.red-79-155-49.staticip.rima-tde.net ([79.155.49.163]
helo=102.Red-88-17-105.dynamicIP.rima-tde.net)
by www4.myserver.com with esmtp (Exim 4.69)
(envelope-from <[email protected]>) id 1KkfGp-00083l-OR
for [email protected]; Tue, 30 Sep 2008 08:28:08 -0500
From: London <[email protected]>
To: <[email protected]>
Notice how the message is sent to [email protected], but it is immediately put into the [email protected] account.
As far as I know, NOTHING should be sent to mailman-anything @ anycustomer -- these are bogus addresses and should not be accepted.
Help?
- Scott
If you have exim, there should be a mailman_virtual_transport & mailman_virtual_router section in /etc/exim.conf .
These normally won't let bogus mail in, but they watch only the suffix like this (found in mailman_virtual_router section):
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
So there it is, they can write to non-existant lists too - and the mailman router is before any of the other routers, so it even misses the spam check on my config. However, this was no problem for me so far, we host only moderated lists.
If you host only a small number of lists, you should write a few extra checks with
{match{$local_part}
If you look into your exim.conf, there are already rules for the -bounce suffix there:
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
So you should write a few like these for the other valid suffixes.
Edit: BEFORE MESSING WITH exim.conf, SAVE A BACKUP SOMEWHERE, BECAUSE IT'S WISE TO RESTORE THE ORIGINAL BEFORE USING WHM'S EXIM CONFIG EDITOR!
Hope this helps, but bear in mind, that if you modify /etc/exim.conf, it would be overwritten by cpanel at the next update, so it's OK for testing things, but for permanent results you should put in the necessary changes through WHM's exim config editor.
Oh, and after modifying exim's config, you must restart exim for the changes to take effect...
These normally won't let bogus mail in, but they watch only the suffix like this (found in mailman_virtual_router section):
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
So there it is, they can write to non-existant lists too - and the mailman router is before any of the other routers, so it even misses the spam check on my config. However, this was no problem for me so far, we host only moderated lists.
If you host only a small number of lists, you should write a few extra checks with
{match{$local_part}
If you look into your exim.conf, there are already rules for the -bounce suffix there:
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
So you should write a few like these for the other valid suffixes.
Edit: BEFORE MESSING WITH exim.conf, SAVE A BACKUP SOMEWHERE, BECAUSE IT'S WISE TO RESTORE THE ORIGINAL BEFORE USING WHM'S EXIM CONFIG EDITOR!
Hope this helps, but bear in mind, that if you modify /etc/exim.conf, it would be overwritten by cpanel at the next update, so it's OK for testing things, but for permanent results you should put in the necessary changes through WHM's exim config editor.
Oh, and after modifying exim's config, you must restart exim for the changes to take effect...
Last edited:
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| U | Issue with mailman | 14 | ||
|
Mailman WAY out of date | 3 | ||
| K | Starting mailman services error | 5 | ||
| C | Exim Mailman and Retry Rates | 1 | ||
| C | Mailman not forwarding | 1 |