Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: 'Blackhole' e-mails send to non-zimbra accounts?

  1. #1
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Question 'Blackhole' e-mails send to non-zimbra accounts - also stalled queues

    Hello - we are seeing a lot of this happening:
    we host somedomain.com, with users x, y, and z
    we are seeing a large amount of directory harvesting going on, and a lot of e-mail trying to go to aaaaaaa@somedomain.com, aaaaaab@somedomain.com, aaaaaac@somedomain.com, etc., etc.
    obviousely, there are no accounts there, but zimbra is still trying to process the mail, and is sending mailer-daemon replies to the senders of those e-mails.

    now, is there a way to set zimbra to black-hole any e-mail whose intended recipient does not exist on the server (on incoming mail only obviously).

    if so, how can I set this?

    thanks!
    Last edited by zagman76; 12-11-2006 at 04:44 PM. Reason: changing title to reflect new toic of discussion

  2. #2
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    8

    Default

    I don't know how to make it 'blackhole' as you say, but I think what you are looking for is for postfix to REJECT (550 - unknown user). If you are in a shared environment, co-lo, etc, the default postfix in Zimbra will accept emails from any IP in your subnet and then bounce for unknown users rather than reject. Bouncing is bad for a number of reasons: see this thread for discussion: Postfix - how to make zimbra respond 550 unknown user rather than bounce?

    To fix this, you need to change the default postfix mynetworks_style from subnet to host.

    See bug here for fix:
    http://bugzilla.zimbra.com/show_bug.cgi?id=12724

    Please consider voting for the bug also if it makes sense to you.

  3. #3
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Default

    Quote Originally Posted by jdell View Post
    I don't know how to make it 'blackhole' as you say, but I think what you are looking for is for postfix to REJECT (550 - unknown user). If you are in a shared environment, co-lo, etc, the default postfix in Zimbra will accept emails from any IP in your subnet and then bounce for unknown users rather than reject. Bouncing is bad for a number of reasons: see this thread for discussion: Postfix - how to make zimbra respond 550 unknown user rather than bounce?

    To fix this, you need to change the default postfix mynetworks_style from subnet to host.

    See bug here for fix:
    http://bugzilla.zimbra.com/show_bug.cgi?id=12724

    Please consider voting for the bug also if it makes sense to you.
    I want my mail server to accept mail from any IP - I don't know where my senders are located

    However, in that thread you linked, you said that all you effectively did was push the bounce upstream to the previous mta. I want zimbra to accept the mail, and then essentailly send it to /dev/null

  4. #4
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    Quote Originally Posted by zagman76 View Post
    I want my mail server to accept mail from any IP - I don't know where my senders are located
    Are you kidding ?

    You do not want your mail server to accept mail from any IP, that's called an open relay. It's bad, very bad.

    You should correctly setup the mynetwork parameters in postfix (see linked thread) and additionnaly get your users to use SMTP-auth to be able to send mail from anywhere.

    But you should not, in any case, accept (any) mails from any IP.
    Obviously, mails for your domain(s) coming from other servers are allowed 8)).

    Quote Originally Posted by zagman76 View Post
    I want zimbra to accept the mail, and then essentailly send it to /dev/null
    Bad too.
    With this, you'll put lot more load on your server (MTA + amavisd + etc) to end up with discarding mail. And I'm not sure this is very RFC compliant.
    Last edited by Klug; 12-09-2006 at 05:46 PM.

  5. #5
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Default

    Quote Originally Posted by Klug View Post
    Are you kidding ?

    You do not want your mail server to accept mail from any IP, that's called an open relay. It's bad, very bad.

    You should correctly setup the mynetwork parameters in postfix (see linked thread) and additionnaly get your users to use SMTP-auth to be able to send mail from anywhere.

    But you should not, in any case, accept (any) mails from any IP.
    Obviously, mails for your domain(s) coming from other servers are allowed 8)).
    no - you misunderstood me - I will not deliver mail from <any ip> to <any ip> - I will deliver from <any ip> to <onlythe zimbra users on my server> and send all others to /dev/null - I certainly do not want an open relay.

    Perhaps I was using incorrect terminology in my earlier posts... if so, I apologize.

  6. #6
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    I apologize too for being a bit "harsh" in my previous answer.

    But I don't really understand why you want to accept any emails and discard them to /dev/null instead of using SMTP the way "it's meant to work"...

  7. #7
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Default

    Quote Originally Posted by Klug View Post
    I apologize too for being a bit "harsh" in my previous answer.

    But I don't really understand why you want to accept any emails and discard them to /dev/null instead of using SMTP the way "it's meant to work"...
    no need to apologize - I did not take offense

    perhaps it's just my confusion. As I understand mail flow, this is what I would like zimbra to do (or postfix to be more exact):
    <e-mail from any ip / any sender> --> zimbra checks to see if recipient is located within --> if yes, deliver mail; if no, discard mail (with no answer to the person who sent it)

    We are not in a hosted/co-lo environment - we own a 0.0.0.0/25 block of IPs. Even if the other devices on the network were sending e-mail (which they aren't) - it is ok if they send through the zimbra box - that traffic would be minuscule anyway.

  8. #8
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    8

    Default

    Quote Originally Posted by zagman76 View Post
    I want my mail server to accept mail from any IP - I don't know where my senders are located

    However, in that thread you linked, you said that all you effectively did was push the bounce upstream to the previous mta. I want zimbra to accept the mail, and then essentailly send it to /dev/null
    The only reason my situation pushed the bounce to the upstream MTA is that my zimbra server does not have the MX record for my domain. For most people, the MX record has the same IP as your zimbra server, so a REJECT is exactly what you want.

    In my case, the mail gateways that have my MX record will soon be implementing a 'known user' list so they will be able to reject properly without ever bothering my Zimbra server.

    As far as sending to /dev/null, I do think you will run afoul of the SMTP standards by doing that. Nobody is going to stop you from doing that but that really isn't proper behavior for a mail server.

  9. #9
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Default

    Here is an update - I added the 550 code, and now the obvious junk is being bounced back upstream.

    However, I am seeing that 3-5 times a day, the mta (i think it's the mta) stops, and the active and deferred queues freeze. So far, I have only been able to resolve this by issuing a zmcontrol stop / start.

    Has anyone else seen this? What is happening here, and how can I resolve this?

    Thanks!

  10. #10
    zagman76 is offline Active Member
    Join Date
    Aug 2006
    Posts
    49
    Rep Power
    8

    Default

    I am seeing a lot of 'Dec 11 14:42:13 mail4 postfix/smtpd[6049]: connect from unknown[my.edge.mta.device]' errors (the 'my.edge.mta.device' is our upstream device).

    I am not sure if that means anything or not though.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  2. Replies: 7
    Last Post: 01-24-2007, 11:03 PM
  3. zimbra-core missing
    By kinaole in forum Developers
    Replies: 1
    Last Post: 10-02-2006, 11:59 AM
  4. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •