'Blackhole' e-mails send to non-zimbra accounts?

**zagman76** · 12-09-2006, 10:52 AM

Hello - we are seeing a lot of this happening:
we host somedomain.com, with users x, y, and z
we are seeing a large amount of directory harvesting going on, and a lot of e-mail trying to go to aaaaaaa@somedomain.com, aaaaaab@somedomain.com, aaaaaac@somedomain.com, etc., etc.
obviousely, there are no accounts there, but zimbra is still trying to process the mail, and is sending mailer-daemon replies to the senders of those e-mails.

now, is there a way to set zimbra to black-hole any e-mail whose intended recipient does not exist on the server (on incoming mail only obviously).

if so, how can I set this?

thanks!

**jdell** · 12-09-2006, 01:58 PM

I don't know how to make it 'blackhole' as you say, but I think what you are looking for is for postfix to REJECT (550 - unknown user). If you are in a shared environment, co-lo, etc, the default postfix in Zimbra will accept emails from any IP in your subnet and then bounce for unknown users rather than reject. Bouncing is bad for a number of reasons: see this thread for discussion: Postfix - how to make zimbra respond 550 unknown user rather than bounce?

To fix this, you need to change the default postfix mynetworks_style from subnet to host.

See bug here for fix:
http://bugzilla.zimbra.com/show_bug.cgi?id=12724

Please consider voting for the bug also if it makes sense to you.

**zagman76** · 12-09-2006, 04:31 PM

Originally Posted by jdell

I don't know how to make it 'blackhole' as you say, but I think what you are looking for is for postfix to REJECT (550 - unknown user). If you are in a shared environment, co-lo, etc, the default postfix in Zimbra will accept emails from any IP in your subnet and then bounce for unknown users rather than reject. Bouncing is bad for a number of reasons: see this thread for discussion: Postfix - how to make zimbra respond 550 unknown user rather than bounce?

To fix this, you need to change the default postfix mynetworks_style from subnet to host.

See bug here for fix:
http://bugzilla.zimbra.com/show_bug.cgi?id=12724

Please consider voting for the bug also if it makes sense to you.

I want my mail server to accept mail from any IP - I don't know where my senders are located

However, in that thread you linked, you said that all you effectively did was push the bounce upstream to the previous mta. I want zimbra to accept the mail, and then essentailly send it to /dev/null

**Klug** · 12-09-2006, 04:43 PM

Originally Posted by zagman76

I want my mail server to accept mail from any IP - I don't know where my senders are located

Are you kidding ?

You do not want your mail server to accept mail from any IP, that's called an open relay. It's bad, very bad.

You should correctly setup the mynetwork parameters in postfix (see linked thread) and additionnaly get your users to use SMTP-auth to be able to send mail from anywhere.

But you should not, in any case, accept (any) mails from any IP.
Obviously, mails for your domain(s) coming from other servers are allowed 8)).

Originally Posted by zagman76

I want zimbra to accept the mail, and then essentailly send it to /dev/null

Bad too.
With this, you'll put lot more load on your server (MTA + amavisd + etc) to end up with discarding mail. And I'm not sure this is very RFC compliant.

**zagman76** · 12-09-2006, 04:47 PM

Originally Posted by Klug

Are you kidding ?

You do not want your mail server to accept mail from any IP, that's called an open relay. It's bad, very bad.

You should correctly setup the mynetwork parameters in postfix (see linked thread) and additionnaly get your users to use SMTP-auth to be able to send mail from anywhere.

But you should not, in any case, accept (any) mails from any IP.
Obviously, mails for your domain(s) coming from other servers are allowed 8)).

no - you misunderstood me - I will not deliver mail from <any ip> to <any ip> - I will deliver from <any ip> to <onlythe zimbra users on my server> and send all others to /dev/null - I certainly do not want an open relay.

Perhaps I was using incorrect terminology in my earlier posts... if so, I apologize.

**Klug** · 12-09-2006, 04:49 PM

I apologize too for being a bit "harsh" in my previous answer.

But I don't really understand why you want to accept any emails and discard them to /dev/null instead of using SMTP the way "it's meant to work"...

**zagman76** · 12-09-2006, 04:58 PM

Originally Posted by Klug

I apologize too for being a bit "harsh" in my previous answer.

But I don't really understand why you want to accept any emails and discard them to /dev/null instead of using SMTP the way "it's meant to work"...

no need to apologize - I did not take offense

perhaps it's just my confusion. As I understand mail flow, this is what I would like zimbra to do (or postfix to be more exact):
<e-mail from any ip / any sender> --> zimbra checks to see if recipient is located within --> if yes, deliver mail; if no, discard mail (with no answer to the person who sent it)

We are not in a hosted/co-lo environment - we own a 0.0.0.0/25 block of IPs. Even if the other devices on the network were sending e-mail (which they aren't) - it is ok if they send through the zimbra box - that traffic would be minuscule anyway.

**jdell** · 12-09-2006, 05:02 PM

Originally Posted by zagman76

I want my mail server to accept mail from any IP - I don't know where my senders are located

However, in that thread you linked, you said that all you effectively did was push the bounce upstream to the previous mta. I want zimbra to accept the mail, and then essentailly send it to /dev/null

The only reason my situation pushed the bounce to the upstream MTA is that my zimbra server does not have the MX record for my domain. For most people, the MX record has the same IP as your zimbra server, so a REJECT is exactly what you want.

In my case, the mail gateways that have my MX record will soon be implementing a 'known user' list so they will be able to reject properly without ever bothering my Zimbra server.

As far as sending to /dev/null, I do think you will run afoul of the SMTP standards by doing that. Nobody is going to stop you from doing that but that really isn't proper behavior for a mail server.

**zagman76** · 12-11-2006, 11:34 AM

Here is an update - I added the 550 code, and now the obvious junk is being bounced back upstream.

However, I am seeing that 3-5 times a day, the mta (i think it's the mta) stops, and the active and deferred queues freeze. So far, I have only been able to resolve this by issuing a zmcontrol stop / start.

Has anyone else seen this? What is happening here, and how can I resolve this?

Thanks!

**zagman76** · 12-11-2006, 11:44 AM

I am seeing a lot of 'Dec 11 14:42:13 mail4 postfix/smtpd[6049]: connect from unknown[my.edge.mta.device]' errors (the 'my.edge.mta.device' is our upstream device).

I am not sure if that means anything or not though.

Zimbra

Thread: 'Blackhole' e-mails send to non-zimbra accounts?

LinkBack

Thread Tools

Search Thread

Display

'Blackhole' e-mails send to non-zimbra accounts - also stalled queues

Thread Information

Users Browsing this Thread

Similar Threads

zmtlsctl give LDAP error

multiple errors during upgrade on fc4 from 4.0.2ga to 4.5ga

zimbra-core missing

Services stopped working

FC3 Install and no zimbra ?

Posting Permissions