Results 1 to 10 of 11

Thread: [SOLVED] How to have a catchall and reject spam sent to specific addresses?

Hybrid View

  1. #1
    Join Date
    Apr 2008
    Posts
    69
    Rep Power
    7

    Default [SOLVED] How to have a catchall and reject spam sent to specific addresses?

    Hello.

    I have a catchall account, so I get quite a bit of spam. Spamassassin correctly junks most of them. But I'm seeing that many of the spam keep using the same non-existing recipient (i.e. webpage@example.com, etc.).

    When signing up with some services, I created throwaway accounts, so I need to keep a catchall.

    How do I have a catchall account and *reject* those emails sent to non-existing accounts? I want those to be rejected to avoid backscatter and not even need to reach Spamassassin to process.

    ZCS 5.0.7-64bit + CentOS 5.2

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

  3. #3
    Join Date
    Apr 2008
    Posts
    69
    Rep Power
    7

    Default

    Thanks for the link, but doesn't look quite like what I'm looking for. Sorry, I was not clear.

    I signed up on some sites and entered a "fake" or "throwaway" email address, (ie. twitter.com@mydomain.com, etc.), but these addresses do not exist in Zimbra and will not be created. The catchall catches and deliver the email to me. From there, I can tell from the "To:" field where the mail came from.

    But with the catchall, spam of course is getting in. But I noticed a lot of the spam is using the same email addresses (addresses I never created, like pren@mydomain.com, lxh@mydomain.com, info@mydomain.com, sales@mydomain.com, etc.).

    Is there a way to *list* specific email addresses to reject (at the smtp level so spamassassin isn't involved) and still be able to keep the catchall account? I know this won't solve the spam problem, but it should reduce a significant amount of spam.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by frankman View Post
    I signed up on some sites and entered a "fake" or "throwaway" email address, (ie. twitter.com@mydomain.com, etc.), but these addresses do not exist in Zimbra and will not be created. The catchall catches and deliver the email to me. From there, I can tell from the "To:" field where the mail came from.
    A catchall address is a spammers dream, you'll always get spam in there.

    Quote Originally Posted by frankman View Post
    Is there a way to *list* specific email addresses to reject (at the smtp level so spamassassin isn't involved) and still be able to keep the catchall account? I know this won't solve the spam problem, but it should reduce a significant amount of spam.
    You would be far better having the throwaway address as an alias of your normal account and you can still check the from and to headers. You can then modify the zmmta.cd option
    Code:
    smtpd_reject_unlisted_recipient
    and change it from no to yes then restart postfix. That change will need to be made after each upgrade.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Apr 2008
    Posts
    69
    Rep Power
    7

    Smile

    Thanks for the quick reply!
    Quote Originally Posted by phoenix View Post
    You would be far better having the throwaway address as an alias of your normal account and you can still check the from and to headers.
    The problem is that I don't recall all the throaway addresses I created :-(.
    That's a good idea and seems to be the way to go going forward.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by frankman View Post
    The problem is that I don't recall all the throaway addresses I created :-(.
    It's difficult to know what to sugegst in this case. Perhaps you could add the address that you do remember as an alias and keep the catchall for a couple of weeks and see what turns up. Do you remember the sites you've subscribed to with these throwaway addresses? If you do then I'd kill the catchall account after a while and then just subscribe again with new throwaway addresses that would now be created as an alias on your normal account. It's about the best I can think of at the moment, perhaps someone will give you a more inventive suggestion.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You can use zmprov to list the aliases for an account:
    Code:
    zmprov ga account@yourdomain.com | grep zimbraMailAlias
    you'd have to script the add but you can do it with zmprov:

    Code:
    addAccountAlias(aaa) {name@domain|id} {alias@domain}
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Apr 2008
    Posts
    69
    Rep Power
    7

    Default

    Great, both worked!

    For anyone else reading this, a sample of the command is here)

    Thanks, Bill!

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Glad you've got it working.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Apr 2008
    Posts
    69
    Rep Power
    7

    Lightbulb blacklist_to

    I found that using the "blacklist_to" token works as a solution for a transition period away from a catchall account.


    I have added those known aliases to the account, kept the catchall turn on, and added (over a period of time) spam addresses (those created by spammers, never created by me) to the blacklist_to.

    For example, I've added a list of spam addresses to /opt/zimbra/conf/salocal.cf.in:
    Code:
    blacklist_to taj@example.com
    blacklist_to pren@example.com
    blacklist_to service@example.com
    ...etc...
    Instructions are in the wiki.

    Note: Spammers conjured up those fake addresses (where example.com is replaced with my domain). The catchall account received spam with those addresses in the TO: or CC: field. I've found thousands of spams sent to the same (so far) 52 addresses.

    So, the transition solution for getting away from a catchall account might go this way:
    1. Migrate mail server to Zimbra, including the catchall account. (This all came about because I had a catchall on the previous mail server.)
    2. Add all known aliases to the catchall, while leaving the catchall left on.
    3. Over a period of time (I'm going for a few months), continue to add other good aliases to the catchall and add annoying spam emails to the blacklist_to token.
    4. Finally, turn off the catchall and remove the blacklist_to in the /opt/zimbra/conf/salocal.cf.in.

    This solution maybe helpful for those with smaller sites. Hope this is helpful for someone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •