Hello,

I have installed qmail with spamassassin 3.1.5 following steps based on qmailrocks guide on an debian machine. Spamassassin is configured to delete al messages scored with 6 points, however when the server receives a spam message to a invalid user it returns to the address specified in return-path without deleting message. Often return path is a invalid address too.

There are some way to delete all spam messages including messages to invalid users ? i wouldn't like to disable bouncing messages to invalid users.



i think my server is suffering a spam attack because recently the number of messages recevied has raised signally. Most of them are double bounces because a return path to a invalid user on my domain.


i appreciate some help.

I'm having, almost, the same problem if i understand you well..
Spammers are sending a mail to my server with addressing like this:

From: Flora Mccoy [mailto:NO_EXISTING_USER@netforce-is.nl]
Sent: Tuesday, October 31, 2006 3:03 PM
To: REALUSER@REALDOMAIN.TLC
Subject: drag

This results that the recepeint thinks the spam comes from my server. In case its not blocked by any spamfilter at the recepients side, it wil be deliverd. in case ist blocked, i get a bounce...

I think i mised something in the smtp_auth howto...but what...

This is the result of an open-relay test:

Relay test 7

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <rlychk@netforce-is.nl>
<<< 250 ok
>>> RCPT TO: <"rlytest@rep.rbl.jp">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
relay NOT accepted!!

------------
Relay test 8

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <rlychk@netforce-is.nl>
<<< 250 ok
>>> RCPT TO: <"rlytest%rep.rbl.jp">
<<< 250 ok
relay accepted!!

------------
Relay test 9

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <rlychk@netforce-is.nl>
<<< 250 ok
>>> RCPT TO: <rlytest@rep.rbl.jp@netforce-is.nl>
<<< 250 ok
relay accepted!!

This shows that when a mail is send from an (non-existing)address under my domain, it is accepted for relaying... but i thought smtp_auth was preventing this.... What have i missed in the howto? i cant find it....

These test were preformed at http://www.rbl.jp/svcheck.php

I'll tell you how *I* personally do it...you can take it or leave it

Rather than having messages bounce back, I just forward everything off to a spambox. This then prevents the queue from filling up with failure messages...I then have cron call a script to empty out the cur, new, and temp folders in the spam boxes Maildir every couple of minutes.

Whether you do that part or not is up to you...the other thing you should definatly do though is under /var/qmail/control make a file called doublebounceto and inside the file put the # character

This will eliminate the dredded double bounces...



in response to the second poster...I wouldnt worry too much about that test...on his site he even says..."You may not be an open relay" almost all Qmail installs fail that pages tests regardless of if it's QMR or not so dont sweat it...the big thing is that you get the 550 error for anyone not in your RCPTHOSTS file for which you dont have selective relaying in tcp.smtp setup

Relay test 8

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <rlychk@netforce-is.nl>
<<< 250 ok
>>> RCPT TO: <"rlytest%rep.rbl.jp">
<<< 250 ok
relay accepted!!

qmail doesn't recognize "%" as a separator between a mailbox name and a domain name. it thinks the tester is sending a message to a mailbox called "rlytest%rep.rbl.jp" at whatever domain name is contained in your /var/qmail/control/me file.

Relay test 9

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <rlychk@netforce-is.nl>
<<< 250 ok
>>> RCPT TO: <rlytest@rep.rbl.jp@netforce-is.nl>
<<< 250 ok
relay accepted!!

and for this one, you have "netforce-is.nl" in your control/rcpthosts file, so it accepts anything "within" that domain. in this case, it thinks "rlytest@rep.rbl.jp" will be the name of a MAILBOX within that domain. it won't "re-interpret" the address and try to send the message to wherever "rep.rbl.jp" is.

This shows that when a mail is send from an (non-existing)address under my domain, it is accepted for relaying...

just because your server accepts a RCPT command, doesn't mean that the server will actually DELIVER that message. in this case, both of the messages would have bounced.

... but i thought smtp_auth was preventing this.... What have i missed in the howto? i cant find it....

you aren't really missing anything in the "howto", but the "howto" is probably missing a clear explanation of what relaying and AUTH actually do .

the SOLUTION to the problem you're probably having (i don't see your original question here) is that you need to set your server up so that it doesn't accept messages with non-existent recipients in the first place. the validrcptto.cdb patch is one way of doing this, and it's included as part of the combined patch on my web site.

in fact, qmailrocks is actually using an ANCIENT VERSION of my combined patch- so if you're using the "current" qmailrocks, you're already using my patch. however, because of some rather strange decisions eric made while writing the qmailrocks guide, upgrading to the current version is more complicated than just downloading the new patch, compiling it, and getting on with life... you should spend some time reading the stuff on my web site, and asking questions on the mailing list (not the forums, i rarely visit here.)

These test were preformed at http://www.rbl.jp/svcheck.php

this automated tester is obviously broken. for one that works correctly, see http://www.njabl.org/method.html.

and for information about the current versions of the combined patch, see http://qmail.jms1.net/patches/combined.shtml.

...the other thing you should definatly do though is under /var/qmail/control make a file called doublebounceto and inside the file put the # character

This will eliminate the dredded double bounces...

have you actually TRIED this? this is NOT how it works.

the proper way is to create an alias which points nowhere, and then send your doublebounces to that alias. for example, i have an alias called "nospam@jms1.net" on my server. i created the alias like so:

# cd `vdominfo -d jms1.net`
# chmod +t .
# echo '#' > .qmail-nospam
# chown vpopmail:vchkpw .qmail-nospam
# chmod -t .

and then pointed the doublebounces to it:

# cd /var/qmail/control
# echo nospam > doublebounceto
# echo jms1.net > doublebouncehost
# chmod 644 doublebounce*
# svc -d /service/qmail-send
(wait for it to stop)
# svc -u /service/qmail-send

in fact, qmailrocks is actually using an ANCIENT VERSION of my combined patch- so if you're using the "current" qmailrocks, you're already using my patch. however, because of some rather strange decisions eric made while writing the qmailrocks guide, upgrading to the current version is more complicated than just downloading the new patch, compiling it, and getting on with life... you should spend some time reading the stuff on my web site, and asking questions on the mailing list (not the forums, i rarely visit here.)




Best option, rebuild the whole mailserver with your latest patches and scripts.. i almost read your whole site :) im rebuilding the mailserver on debian, (server wont run smooth with Fedora...:S)