Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Q: NDR Spam - best way to handle

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-22-2011, 12:13 PM
Active Member
  
Posts: 37
Default Q: NDR Spam - best way to handle
Hello, new to Zimbra, and the support forums. please forgive any newbie
transgressions!

My company is considering implementing Zimbra for their e-mail and calendaring solution. We are using the community version
Release 7.1.1_GA_3196.UBUNTU10_64 UBUNTU10_64 FOSS edition

mydomain.com gets a fair amount of NDR spam. in the past, before I was aware of such a problem, our domain did get on a RBL. Since that time, I set up a "catch-all" account, and manually go in and delete everything about once a month (around 1K spam e-mails / mo. )

I've searched for the term "catch all" here, and a few people have commented about the "spam ramifications" (or similar)

I would like to know what would be the best way to implement zimbra, in a situation where the domain does get targeted by NDR spam?

I am a bit new to all of this, so perhaps a detailed explanation if you would please?

thank you very much

Additional:

Details of our current NDR situation, and how it (seems) to be dealt with
(please let me know if I'm mistaken, or am doing it wrong)


-------------------------

spammers create non-existant email address for our domain in to: field
i.e. wxyz@mydomain.com
they place target e-mail address in from: field
i.e. target@someotherdomain.com

mail gets delivered to mydomain.com, e-mail server cannot deliver to
wxyz@mydomain.com, gets "bounced" back to target@someotherdomain.com

mail is shown to be delivered from mydomain.com (either mailer-daemon, or some other address leading back to mydomain.com)

user (or some metrics) see this as spam, gets reported - domain is listed in an RBL.

So, to prevent the "bounces", I set up a catch-all e-mail address
i.e. noone@mydomain.com, and make it a valid account.

spammers send to wxyz@mydomain.com and then the mail server determines it doesn't belong to any active user, and then delivers to
noone@mydomain.com, and the bounce doesn't happen.

mail in noone@mydomain.com's account gets purged on a regular basis

---------------------------------------------
Reply With Quote
  #2 (permalink)  
Old 06-22-2011, 12:25 PM
Zimbra Consultant & Moderator
  
Posts: 20,315
Default
You do not, under any circumstances, want a catch-all address on your server or you will continue to receive spam - the catch-all is a spammers dream. Try some of the techniques in the forums or wiki for limiting NDR spam and/or this: Improving Anti-spam system - Zimbra :: Wiki
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 06-22-2011, 12:37 PM
Active Member
  
Posts: 37
Default
Thank you for that information. I will read through it later on my lunch break.

Can you clarify for me what you mean by stating
that the catch-all address is a spammers dream?

My take on it is that if the catch-all intercepts the e-mail, and prevents the bounce to the victim, (and also preventing the possibility of getting the domain on an RBL) isn't that a good thing?

Just trying to learn the best ways to cope with this spam situation


Quote:
Originally Posted by phoenix View Post
You do not, under any circumstances, want a catch-all address on your server or you will continue to receive spam - the catch-all is a spammers dream. Try some of the techniques in the forums or wiki for limiting NDR spam and/or this: Improving Anti-spam system - Zimbra :: Wiki
Reply With Quote
  #4 (permalink)  
Old 06-22-2011, 12:46 PM
Zimbra Consultant & Moderator
  
Posts: 20,315
Default
Quote:
Originally Posted by billinvegas View Post
]Can you clarify for me what you mean by stating
that the catch-all address is a spammers dream?
A catch-all, by definition, will catch all email bound for your server whether there's an existing account or not. You will end up being flooded with spam and at the very least, waste cpu cycles dealing with it. AT the SMTP level you should reject any email address that doesn't exist on your server. You should also have some effective RBLs on your server in addition to (possibly) changing the spam Tag/Kill percentages.
__________________
Regards


Bill
Reply With Quote
  #5 (permalink)  
Old 06-22-2011, 01:04 PM
Active Member
  
Posts: 37
Default
Bill,

thanks - the picture is starting to clear up a bit for me.

So, a reject is different from a bounce, or NDR - is this correct?

The rejected e-mail doesn't get returned to the sender (victim)
thus exposing our domain as the source of the spam?
Reply With Quote
  #6 (permalink)  
Old 06-22-2011, 10:43 PM
Zimbra Consultant & Moderator
  
Posts: 20,315
Default
Quote:
Originally Posted by billinvegas View Post
The rejected e-mail doesn't get returned to the sender (victim).....
No, a reject will not accept (i.e. drop) the message.
__________________
Regards


Bill
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.