Results 1 to 4 of 4

Thread: Need help debugging bounced messages.

  1. #1
    jim.thornton is offline Loyal Member
    Join Date
    May 2010
    Posts
    95
    Rep Power
    5

    Default Need help debugging bounced messages.

    I have one email address that is receiving hundreds and hundreds of bounced messages daily. At first I thought someone got a hold of his email password and was sending out emails using my SMTP server so I immediately changed his password. This started on a DirectAdmin box running exim. I then changed this domain over to my Zimbra box and set him up there. He was still receiving the bounced messages so I scanned his computer for viruses and he had a couple. I then figured (after much research) that it was an exploit in Outlook that was causing his computer to send out hundreds of spam messages and they were bouncing back to him.

    I totally uninstalled Outlook and have him using the web interface for Zimbra and the bounced messages are still happening.

    I know think that someone has spoofed his email address (if that is the correct terminology). I think they have configured their client with his email address so when they bounce, they go to him.

    I don't know what to do. I came across DKIM and my understanding is that it will tag each email sent with a public key. In the case of a bounced message it would look for that public key and verify it with the server and if the public key is not valid or does not verify then the bounced message will be deleted instead of being sent through to his inbox.

    Is this correct? If so...

    I've been reading the following tutorial: Guide to Install OpenDKIM for multiple domains with Postfix and Debian

    Are there any better ways to combat this?
    Release 7.1.2_GA_3268.UBUNTU10_64 UBUNTU10_64 FOSS edition.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by jim.thornton View Post
    Is this correct? If so...
    Only if the receiving server check the DKIM signature (a lot do).

    Quote Originally Posted by jim.thornton View Post
    That's always a good measure.

    Quote Originally Posted by jim.thornton View Post
    Are there any better ways to combat this?
    Not better but there are other ways to combat this, search the forums (and the internet) for 'backscatter' or 'NDR' spam and see if any of the solutions are suitable for you.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    jim.thornton is offline Loyal Member
    Join Date
    May 2010
    Posts
    95
    Rep Power
    5

    Default

    Okay, so if that is a good tutorial then can you help me with this? I don't know what/how to add for the public key in the DNS record.

    Do I have to add an entry for every domain that I send emails from or just one for the host?

    For example:
    Zimbra host: mail_redcarpetfinancial_com
    account: email@domain1.com
    account: email@domain2.com
    account: email@domain3.com

    So, do I set one DNS TXT record up for redcarpetfinancial_com or do I set one up for each of domain1.com domain2.com and domain3.com?

    Also... The tutorial says :
    Code:
    4. Add to DKIM public key to DNS
    
    Add an entry for the public key to the DNS server you are using for your domain. You find the public key here:
    1
    	
    cat /etc/opendkim/keys/mydomain.com/default.txt
    But, when I look in that file there is a bunch of stuff and I don't know what to include in the DNS record.
    Release 7.1.2_GA_3268.UBUNTU10_64 UBUNTU10_64 FOSS edition.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by jim.thornton View Post
    Okay, so if that is a good tutorial then can you help me with this? I don't know what/how to add for the public key in the DNS record.

    Do I have to add an entry for every domain that I send emails from or just one for the host?

    For example:
    Zimbra host: mail_redcarpetfinancial_com
    account: email@domain1.com
    account: email@domain2.com
    account: email@domain3.com

    So, do I set one DNS TXT record up for redcarpetfinancial_com or do I set one up for each of domain1.com domain2.com and domain3.com?
    It tells you in item 3 of that tutorial, you add them to the TrustedHosts:

    3. Edit /etc/opendkim/TrustedHosts

    nano /etc/opendkim/TrustedHosts

    Add domains, hostnames and/or ipís that should be handled by OpenDKIM. Donít forget localhost.
    An example (plus any hosts etc. that you wish to add - you'll have to check the openDKIM documentation for the format and possible entries):

    Code:
    *@domain1.com default._domainkey.domain1.com
    *@domain2.com default._domainkey.domain1.com
    Quote Originally Posted by jim.thornton View Post
    Also... The tutorial says :
    Code:
    4. Add to DKIM public key to DNS
    
    Add an entry for the public key to the DNS server you are using for your domain. You find the public key here:
    1
    	
    cat /etc/opendkim/keys/mydomain.com/default.txt
    But, when I look in that file there is a bunch of stuff and I don't know what to include in the DNS record.
    It tells you how to create the keys further into that article and I didn't say that was a good tutorial I said it was a good measure [to implement], you might like to look this article which (I think) explains the steps in better detail.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Bounced messages resending OK
    By withanh in forum Installation
    Replies: 3
    Last Post: 04-02-2012, 08:31 PM
  2. A lot of deferred and bounced messages
    By Labsy in forum Administrators
    Replies: 5
    Last Post: 11-11-2010, 01:43 PM
  3. Help getting flooded with bounced messages!
    By ScottChapman in forum Administrators
    Replies: 2
    Last Post: 01-27-2010, 05:39 AM
  4. Bounced messages/Catch all account
    By mschuler in forum Installation
    Replies: 9
    Last Post: 12-13-2007, 03:14 PM
  5. Where to start debugging?
    By aaronm in forum General Questions
    Replies: 1
    Last Post: 03-26-2007, 12:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •