Article 16185 at 09/12/07 04:02:31 From: adanneffel (at mark) atomation.com Subject: [coba-e:16185] Re: No such user here

Index: [Article Count Order] [Thread]
Date:  Sun, 6 Dec 2009 11:13:10 -0800
From:  "Andrew Danneffel" <adanneffel (at mark) atomation.com>
Subject:  [coba-e:16185] Re: No such user here
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <039901ca76a8$26ff0170$4001a8c0@Maxwell>
References:  <026f01ca75f6$a20ee450$4001a8c0 (at mark) Maxwell> <1260061467.9208.10.camel (at mark) c102.home.com>
X-Mail-Count: 16185

Thanks for your input, all.

I am not using any catch alls.  However, I did activate a catch all for 
about 20 minutes as suggested to see what was trying to be sent.  I received 
3000+ spam messages during this time - and given the subject lines they were 
all obviously spam.  They were being sent from hundreds of different IPs so 
it was difficult to find one or two main offenders.

I did not have the blacklists (i.e. spamcop) activated until yesterday.  Now 
that they are active the server is doing a better job identifying and 
stopping spam but I am still receiving thousands of the "No such user here" 
errors in the maillog.

Gerald, I have looked in the sendmail.mc file and sure enough, there is a 
line:

FEATURE(`accept_unresolvable_domains')dnl

I have noticed that most of the spam IPs are unresolvable to a hostname so 
disabling this setting may help a great deal.  I commented out this line in 
sendmail.mc and then adjusted some settings in the GUI to have the .mc data 
written to the sendmail.cf file.  My edit in the .mc file did not seem to be 
overwritten by the GUI.  Is what I did sufficient to make this adjustment 
active for sendmail?

Andrew

----- Original Message ----- 
From: "Gerald Waugh" <gwaugh (at mark) raqware.com>
To: <coba-e (at mark) bluequartz.org>
Sent: Saturday, December 05, 2009 5:04 PM
Subject: [coba-e:16181] Re: No such user here


>
> On Sat, 2009-12-05 at 14:02 -0800, Andrew Danneffel wrote:
>> Hi there,
>>
>> My Blue Quartz server is constantly being hammered with email to users
>> that do not exist on the server (I believe they are referred to NDRs).
>> The maillog lists thousands and thousands of these "No such user here"
>> errors each day.  Strangely the vast majority of them are to two
>> domains, each which start with "a".  I don't believe the server is
>> automatically sending out responses to these senders as this has been
>> happening for some time and the server is not blacklisted from what I
>> can see.  I understand that these messages are from spammers and that
>> the sender email addresses are spoofed.
>>
>> I am wondering what (if anything) can be done to prevent the server
>> from processing and logging all of these useless messages.  I suspect
>> all of these mail requests are generating significant data transfer.
>> Is it simply a fact of life or can some component of the mail system
>> be optimized to stop it?
>>
>
> Are you using any catchall email accounts?
> If so stop using them!
>
> Is you sendmail.mc / cf configured to accept unresolvable domains?
> If so reconfigure
> Also check if Sendmail configured for DNS-Based Blacklisting
>
> Gerald
>