Article 16186 at 09/12/07 05:14:38 From: gwaugh (at mark) raqware.com Subject: [coba-e:16186] Re: No such user here

Index: [Article Count Order] [Thread]
Date:  Sun, 06 Dec 2009 14:18:43 -0600
From:  Gerald Waugh <gwaugh (at mark) raqware.com>
Subject:  [coba-e:16186] Re: No such user here
To:  coba-e (at mark) bluequartz.org
Message-Id:  <1260130723.9208.25.camel (at mark) c102.home.com>
In-Reply-To:  <039901ca76a8$26ff0170$4001a8c0@Maxwell>
References:  <026f01ca75f6$a20ee450$4001a8c0 (at mark) Maxwell>	 <1260061467.9208.10.camel (at mark) c102.home.com>	 <039901ca76a8$26ff0170$4001a8c0 (at mark) Maxwell>
X-Mail-Count: 16186


On Sun, 2009-12-06 at 11:13 -0800, Andrew Danneffel wrote:
> Thanks for your input, all.
> 
> I am not using any catch alls.  However, I did activate a catch all for 
> about 20 minutes as suggested to see what was trying to be sent.  I received 
> 3000+ spam messages during this time - and given the subject lines they were 
> all obviously spam.  They were being sent from hundreds of different IPs so 
> it was difficult to find one or two main offenders.

You need to execute 'make'
then restart sendmail
  cd /etc/mail
  make
  /etc/init.d/sendmail restart

> I did not have the blacklists (i.e. spamcop) activated until yesterday.  Now 
> that they are active the server is doing a better job identifying and 
> stopping spam but I am still receiving thousands of the "No such user here" 
> errors in the maillog.
> 
> Gerald, I have looked in the sendmail.mc file and sure enough, there is a 
> line:
> 
> FEATURE(`accept_unresolvable_domains')dnl
> 
> I have noticed that most of the spam IPs are unresolvable to a hostname so 
> disabling this setting may help a great deal.  I commented out this line in 
> sendmail.mc and then adjusted some settings in the GUI to have the .mc data 
> written to the sendmail.cf file.  My edit in the .mc file did not seem to be 
> overwritten by the GUI.  Is what I did sufficient to make this adjustment 
> active for sendmail?
> 
> Andrew
> 
> ----- Original Message ----- 
> From: "Gerald Waugh" <gwaugh (at mark) raqware.com>
> To: <coba-e (at mark) bluequartz.org>
> Sent: Saturday, December 05, 2009 5:04 PM
> Subject: [coba-e:16181] Re: No such user here
> 
> 
> >
> > On Sat, 2009-12-05 at 14:02 -0800, Andrew Danneffel wrote:
> >> Hi there,
> >>
> >> My Blue Quartz server is constantly being hammered with email to users
> >> that do not exist on the server (I believe they are referred to NDRs).
> >> The maillog lists thousands and thousands of these "No such user here"
> >> errors each day.  Strangely the vast majority of them are to two
> >> domains, each which start with "a".  I don't believe the server is
> >> automatically sending out responses to these senders as this has been
> >> happening for some time and the server is not blacklisted from what I
> >> can see.  I understand that these messages are from spammers and that
> >> the sender email addresses are spoofed.
> >>
> >> I am wondering what (if anything) can be done to prevent the server
> >> from processing and logging all of these useless messages.  I suspect
> >> all of these mail requests are generating significant data transfer.
> >> Is it simply a fact of life or can some component of the mail system
> >> be optimized to stop it?
> >>
> >
> > Are you using any catchall email accounts?
> > If so stop using them!
> >
> > Is you sendmail.mc / cf configured to accept unresolvable domains?
> > If so reconfigure
> > Also check if Sendmail configured for DNS-Based Blacklisting
> >
> > Gerald
> > 
>