The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

with :fail:, some bounce messages still being sent

Discussion in 'E-mail Discussions' started by Samuraid, Jan 30, 2008.

  1. Samuraid

    Samuraid Member

    Joined:
    Apr 20, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hello CPanel-ers,

    I am having an issue with Exim sending bounce e-mail messages.

    The problem:
    When anyone sends mail to a non-existent address, Exim is still generating a bounce email. (the queue is filled with them)

    I expect this is because they are sending the mail in the correct fashion:
    Spammer -> Our external MX servers (whitelisted) -> CPanel box

    However, I thought :fail: would prevent ANY bounces from being sent, regardless of the circumstances.

    Here is the setup:
    - The CPanel server is the outgoing mail server, which sends mail directly out to recipients
    - All incoming mail is sent to an external MX server for filtering and then the mail is forwarded to the CPanel server for each users' mailbox.
    - Users POP3 directly into the CPanel box to receive their mail.

    Here are a few of the important config settings:
    - All non-existent e-mail addresses are set to :fail:, both at the global level in WHM and on the specific account we have running on the server.
    - The external MX servers are added to "Whitelist: Trusted Mail Hosts/Ip Blocks"
    - I added a special ACL setting in Exim that denies any other external servers from trying to send mail directly to the CPanel server (spammers try that all the time). They get a 550 error if they try.

    Does anyone have any ideas on how to stop the bounce emails? :confused:
     
    #1 Samuraid, Jan 30, 2008
    Last edited: Jan 30, 2008
  2. Samuraid

    Samuraid Member

    Joined:
    Apr 20, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    In case anyone else runs into something like this in the future...


    I solved this issue by moving this configuration statement:
    Code:
    #recipient verifications are required for all messages that are not sent to the local machine
      #this was done at multiple users requests
      require verify = recipient
        message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid.  Details: $acl_verify_message"
    and placing it ABOVE the [% ACL_WHITELIST_BLOCK %] and other whitelist verifications.

    The server now seems to be correctly sending 550 errors on bad addresses instead of trying to send bounces.
     
  3. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    Without having access to the mail server(s) involved, here are a few things to try:

    1. See http://www.root0.net/script/spamcheck_ip.html and http://www.root0.net/script/index.html (Find out spammer IPs link).

    This may be helpful in tracking abusive IP's which can then be blocked in the firewall.

    2. If you have not already blocked TCP port 113 incoming, then please do so.

    3. You may already know these, but some helpful netstat commands (which can be modified as you desire):

    # Provide a list of IP's connecting to port 25 along with how many connections
    netstat -ntu | grep ':25' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort

    # Check for possible syn floods against port 25
    netstat -an | grep SYN | grep :25 | sort

    # Overall count of port 25 connections
    netstat -nap | grep :25 | wc -l

    # Provide a list of connection IP's by count
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    maybe chirpy can right something us for us on this matter...
     
Loading...

Share This Page