Tons of emails that are masqueraded

[peterr]

Hi,

I don't usually get much spam from my email box, maybe one per week, if that, but the other day there were 235 emails in the inbox. The next day it is 114. The emails are not what I would call spam, because they are not sent directly to me.

People have been using my domain name when sending email to other people, which is well known as "masqueraded" emails. All of the 235 emails were undeliverable type, all from postmasters, the masqueraded emails were sent to email addresses that didn't exist. Maybe they sent thousands of emails though, and these were the ones that had the recipient email address as invalid.

What can I do about this ? It would be crazy to "block" each one, because I looked through many of them, and they were all unique addresses being used as the 'sender' , using my domain name and unique usernames.

Can the email side of things be setup so that ONLY specific usernames can be emailed to my domain ? At present of course, any username is 'valid'.

Although this is masquerading and not _really_ spam, is this something that SpamAssasin can do ??

I only have one email box (account). Maybe something can be configured so that the 'real' emails (define a group or set of usernames that are valid) still goto that default email box, and everything else goes to the blackhole ?

Thanks,

Peter

cPanel.net Support Ticket Number:

 

[peterr]

Hi,

I'm sure someone has encountered this problem before. The junk/masqueraded problem aside for a moment, here are my objectives:

1. Setup about 10 usernames, and any email for those people, to go to my default/main email box (the one that is setup by default, without having to add an email account). I understand the method to handle this part is by using fowarding.

2. EVERYTHING else to go to a different email account, a 'catch-all' for all the junk.

BTW, there is some weird thing happening when I create a new email account, as follows:

For testing purposes, I created a new email account, and called it 'junk'. I sent a test email to [email protected], looked under file manager, and was surprised that the email had been delivered to two paths.

/home/username/mail/junk/inbox
/home/username/domainname/junk/inbox

Seems a waste of disk space to me, any reason for this ? I checked that one of the 'paths' was not in fact a link, but nope, they are both set as directories.

Thanks,

Peter

cPanel.net Support Ticket Number:

 

[jcn]

The duplicated files are actually hardlinks (if what the CPanel techs tell me is true) and it's part of some sort of migration they're doing from one system to another (presumably to having the domain name explicitly listed). So there is a bit of wasted space in that the link will take up space, but they're actually taking up the same location on disk.

Try editing the mailbox file and see what happens to the other one.

cPanel.net Support Ticket Number:

 

[peterr]

Hi,

Originally posted by jcn The duplicated files are actually hardlinks (if what the CPanel techs tell me is true)

I don't know much about *nix stuff, but when I use an FTP connection, the path/folder WWW has a right arrow on the icon, and instead of seeing a 'd' for directory in the first position, just beofre the permissions part of the attribute, there is an "ln", which I guess means "link".

Whereas, all the paths/folders under the /home/username/mail path are directories, I just double-checked, ... yes, none are links, they are all directories. Unless of course my FTP client is wrong.

Try editing the mailbox file and see what happens to the other one.

There were 5 emails in /mail/junk/inbox; I added one email manually through Control Panel, saved it, looked in /mail/domainname/junk/inbox, and guess what, the extra email WAS there. How do they do that without the links showing ??

So, you are correct.

Thanks,

Peter

cPanel.net Support Ticket Number:

 

[jcn]

They are both links, but they are different types of links. The first type of link, that looks sort of like

www -> public_html

is a symbolic link. That is, www is really just a pointer to public_html. If public_html were to go away, www doesn't actually have any content in it, it's just pointing at the other file.

The other type of link is a hard link which means that it doesn't actually LOOK like a link because both of the files names actually refer to the same piece of data stored on the hard drive, rather than having one pointing at the data and one pointing at the other file (which is in turn pointing at the data).

This means that, in theory, if you were to remove one of those inbox files, the other would still exist, since they are both technically pointers to that data, but I keep hearing about all of these problems that people are having with CPanel when they delete hard links, so I wouldn't recommend doing that.

cPanel.net Support Ticket Number:

 

[peterr]

Hi 'jcn',

Thanks for explaining the difference between symbolic links and hard links.

Peter

cPanel.net Support Ticket Number:

 

[peterr]

Hi,

I have asked the SpamAssasin discussion group at Sourceforge, and there is something I can do; see http://www.exit0.us/index.php/VirusBounceRules

Peter

cPanel.net Support Ticket Number:

 

[maverick2]

You could also just set the Default Address to :blackhole: and then set up forwarders for any aliases that you don't want deleted to go to a set pop account.
That solutiion worked for us when we had a user with a similar problem.

Mav.

cPanel.net Support Ticket Number: