Results 1 to 6 of 6

Thread: Q: NDR Spam - best way to handle

  1. #1
    billinvegas's Avatar
    billinvegas is offline Active Member
    Join Date
    Jun 2011
    Location
    Sin City
    Posts
    38
    Rep Power
    4

    Default Q: NDR Spam - best way to handle

    Hello, new to Zimbra, and the support forums. please forgive any newbie
    transgressions!

    My company is considering implementing Zimbra for their e-mail and calendaring solution. We are using the community version
    Release 7.1.1_GA_3196.UBUNTU10_64 UBUNTU10_64 FOSS edition

    mydomain.com gets a fair amount of NDR spam. in the past, before I was aware of such a problem, our domain did get on a RBL. Since that time, I set up a "catch-all" account, and manually go in and delete everything about once a month (around 1K spam e-mails / mo. )

    I've searched for the term "catch all" here, and a few people have commented about the "spam ramifications" (or similar)

    I would like to know what would be the best way to implement zimbra, in a situation where the domain does get targeted by NDR spam?

    I am a bit new to all of this, so perhaps a detailed explanation if you would please?

    thank you very much

    Additional:

    Details of our current NDR situation, and how it (seems) to be dealt with
    (please let me know if I'm mistaken, or am doing it wrong)


    -------------------------

    spammers create non-existant email address for our domain in to: field
    i.e. wxyz@mydomain.com
    they place target e-mail address in from: field
    i.e. target@someotherdomain.com

    mail gets delivered to mydomain.com, e-mail server cannot deliver to
    wxyz@mydomain.com, gets "bounced" back to target@someotherdomain.com

    mail is shown to be delivered from mydomain.com (either mailer-daemon, or some other address leading back to mydomain.com)

    user (or some metrics) see this as spam, gets reported - domain is listed in an RBL.

    So, to prevent the "bounces", I set up a catch-all e-mail address
    i.e. noone@mydomain.com, and make it a valid account.

    spammers send to wxyz@mydomain.com and then the mail server determines it doesn't belong to any active user, and then delivers to
    noone@mydomain.com, and the bounce doesn't happen.

    mail in noone@mydomain.com's account gets purged on a regular basis

    ---------------------------------------------

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    You do not, under any circumstances, want a catch-all address on your server or you will continue to receive spam - the catch-all is a spammers dream. Try some of the techniques in the forums or wiki for limiting NDR spam and/or this: Improving Anti-spam system - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    billinvegas's Avatar
    billinvegas is offline Active Member
    Join Date
    Jun 2011
    Location
    Sin City
    Posts
    38
    Rep Power
    4

    Default

    Thank you for that information. I will read through it later on my lunch break.

    Can you clarify for me what you mean by stating
    that the catch-all address is a spammers dream?

    My take on it is that if the catch-all intercepts the e-mail, and prevents the bounce to the victim, (and also preventing the possibility of getting the domain on an RBL) isn't that a good thing?

    Just trying to learn the best ways to cope with this spam situation


    Quote Originally Posted by phoenix View Post
    You do not, under any circumstances, want a catch-all address on your server or you will continue to receive spam - the catch-all is a spammers dream. Try some of the techniques in the forums or wiki for limiting NDR spam and/or this: Improving Anti-spam system - Zimbra :: Wiki

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by billinvegas View Post
    ]Can you clarify for me what you mean by stating
    that the catch-all address is a spammers dream?
    A catch-all, by definition, will catch all email bound for your server whether there's an existing account or not. You will end up being flooded with spam and at the very least, waste cpu cycles dealing with it. AT the SMTP level you should reject any email address that doesn't exist on your server. You should also have some effective RBLs on your server in addition to (possibly) changing the spam Tag/Kill percentages.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    billinvegas's Avatar
    billinvegas is offline Active Member
    Join Date
    Jun 2011
    Location
    Sin City
    Posts
    38
    Rep Power
    4

    Default

    Bill,

    thanks - the picture is starting to clear up a bit for me.

    So, a reject is different from a bounce, or NDR - is this correct?

    The rejected e-mail doesn't get returned to the sender (victim)
    thus exposing our domain as the source of the spam?

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by billinvegas View Post
    The rejected e-mail doesn't get returned to the sender (victim).....
    No, a reject will not accept (i.e. drop) the message.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. spam: how to block by sender alias
    By sangamc in forum Administrators
    Replies: 3
    Last Post: 05-10-2011, 06:29 AM
  2. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 07:44 PM
  3. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 12:07 PM
  4. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •