Web Hosting Forums

Results 1 to 9 of 9

This is a discussion on Junk Mail sent/forwarded from non-existent accounts? in the Hosting Talk & Chit-chat forum
Hi guys. My mailbox is filling up with stuff like this. Is yours? Obviously, [email protected] is not a valid user. Does this mean the mail ...

  1. #1
    crazy davey flipdoubt's Avatar
    Join Date
    Aug 2002
    Location
    Plymouth, MI
    Posts
    546

    Junk Mail sent/forwarded from non-existent accounts?

    Hi guys. My mailbox is filling up with stuff like this. Is yours?


    Obviously, [email protected] is not a valid user. Does this mean the mail server is openly forwarding email? Is there anything I can do about this? Is there anything Jag can do about this?

  2. #2
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    Those look like cockadoodie to me. I get 1000's of similar notices each month on almost every mail account I have, here and elsewhere. Have you noticed how most of them have attachments? Probably worms and so forth...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  3. #3
    Loyal Client
    Join Date
    Jun 2004
    Location
    Hakuba Nagano Japan
    Posts
    52
    Flipdoubt, my accounts go like the same sometimes.
    If i remember right, since last year I have gotten a lot junk e-mails, spams in my e-mail boxes even before i moved into Jaguar/Aletia hosting server. So this is a world-wide phenomena I guess (I'm located in Japan ). But unfortunatelly at this moment I don't think I have any excellent way to stop them.

    The senders described in your posts i.e. postmaster, Mailer-Daemon, Mail delivery systems etc are regulars which are junks or smaps to me. I just ignore them which are not filtered by virus protection software. Usually people don't attach any nowadays - of course rarely some do though. But sometimes there might be some e-mails which you need but look junks or spams. So the best way is maybe you just need to check each and every being careful. When i check some e-mails which might be virus-contained, i just right click them and then see the property , then detail and finally message sauce.

    Convenience and inconvenience always come together everytime everywhere
    Cozy home in country.
    http://www.hakubajapan.com

  4. #4
    crazy davey flipdoubt's Avatar
    Join Date
    Aug 2002
    Location
    Plymouth, MI
    Posts
    546
    Right, but is there nothing we can do at the mail server level? Personally, I just got a free authentication certificate from Thawte so that the people to whom I send mail know that it isn't me unless it has the certificate. But I wonder whether our mail server can do the same thing: don't forward it unless it is authenticated. Are these messages ever even passing through Jaguar's servers?

    Domains hosted by Jaguar would be that much more valuable if Jaguar became known as a host leading the fight against spam and zombie mailers.

  5. #5
    crazy davey flipdoubt's Avatar
    Join Date
    Aug 2002
    Location
    Plymouth, MI
    Posts
    546
    Actually, I assumed that the mail servers were sending failure receipts to addresses on my domain because someone out there had some sort of zombie mailer installed on their machine that was making up email addresses at my domain. That is why I was asking about mail server authentication.

    Also, I found that I can set my account's default email address to :fail: so that these messages are discarded rather than forwarded to me. But I assume that is why the messages are sent to me in the first place, because the original mail server bounced them back to their supposed (non-existent) sender because the target (non-existent) email address is not valid.

    Does this mean it is going to be like Pong, with mail servers sending failure notifications back and forth?
    Last edited by flipdoubt; 06-22-2004 at 07:12 AM.

  6. #6
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,503
    Maybe set it to :discard:

    But I'd guess that there are sanity checks in the failure routine.
    Good luck

  7. #7
    crazy davey flipdoubt's Avatar
    Join Date
    Aug 2002
    Location
    Plymouth, MI
    Posts
    546
    Hey Ron. Do :discard: and :fail: come from the same vocabulary? I only set it to :fail: because that is what it says in cPanel. Where would I look for more options? What language in the Tower of Babel are we speaking?

  8. #8
    Community Leader jason's Avatar
    Join Date
    Sep 2001
    Location
    Rochester, NY
    Posts
    5,884
    :discard: silently deletes the message when it doens't match a valid handler (mailbox, list, redirect, script, etc.) on the server. :fail: sends a bounce message to the sender.

    I believe that "good" mail servers don't send bounce notices for bounce notices., That is, if someone sends a message from a bogus address at your domain to another bogus address, and the receiving server sends a bounce notice to the bogus address at your domain, your server should see that it is an error message that it just received and silently delete it, even if you are using :fail:.

    To answer your question about how these are being sent, all that someone has to do to send a message is put any address they want in the From: header. Almost everty mail cient out there lets you specify a custom from header. The SMTP server does no checking of this header, so if I wanted to, I could send mail from [email protected] through my server, my school's server, and my home ISP's server and none of them would care, as long I authenticated to the server properly. The mail doesn't need to go anywhere near your JPC server to be sent "from" your domain. This is why spoofing like this is so common these days.

    If you are concerend that people may be receiving mail from your domain and that the sender is trying to impersonate you, then the best thing to do is to digitally sign all of the mail that you send with a third-party-issued certificate and to warn your recipients to look for the signature. This isn't a very good solution, but it is about the best one that exists right now. (Of course, unless you are a bank or some other big business and you're being hit with a phishing scam then the emails that are being sent with your domain name are probably just ads for Viagara or something like that.)

    --Jason
    Jason Pitoniak
    Interbrite Communications
    www.interbrite.com www.kodiakskorner.com

  9. #9
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,503
    Originally posted by flipdoubt
    Hey Ron. Do :discard: and :fail: come from the same vocabulary? I only set it to :fail: because that is what it says in cPanel. Where would I look for more options? What language in the Tower of Babel are we speaking?
    What Jason Said.

    I only know of the :FAIL: and :DISCARD: options. I don't know if this is built into exim, but looked it up there.

    If these commands are simply passed from the forwarder (whatever is doing that) to exim without check, it would seem to me to be quite dangerous to use anything other than :FAIL: and :DISCARD:.

    If these commands simply mimic what is available in exim, then I don't know what the rest of the commands are.

    In other words, I'm just shooting in the dark, using :FAIL: at least for a short time. I want the servers of some of these spammers to get a failure message so they stop sending the spam. Of course in your case where the return addy has been spoofed, that doesn't help.

    I plan on shifting to :DISCARD: soon myself.

    My wife may be planning on shifting to :discard: as well, so I'm on my best behavior lately.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •