Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » Multiple recipients
Multiple recipients [message #974] Thu, 23 December 2004 14:05
romano.cibien
Messages: 4
Registered: December 2004
Junior Member
Symptoms:
My NST Proxy attachement filter is configured to filter (reject/delete) a specific list of recipient adresses. The problem is, that if an incoming mail is addressed to multiple recipients (e.g. *@mydomain.com) and if there's at least one non-existing address whithin the recipients which is not filtered (Log: check disabled), the mail is delivered to the existing mailboxes regardless of a malicious attachement! Because of the (non-existing) recipient which is not listed in the 'address patterns to enable filter' the check is disabled and the mail is delivered.

How can I prevent this behaviour?

Thanks.
Romano

Re: Multiple recipients [message #975 is a reply to message #974] Thu, 23 December 2004 14:25 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
> Symptoms:
> My NST Proxy attachement filter is configured to filter
> (reject/delete) a specific list of recipient adresses. The
> problem is, that if an incoming mail is addressed to multiple
> recipients (e.g. *@mydomain.com) and if there's at least one
> non-existing address whithin the recipients which is not
> filtered (Log: check disabled), the mail is delivered to the
> existing mailboxes regardless of a malicious attachement!
> Because of the (non-existing) recipient which is not listed in
> the 'address patterns to enable filter' the check is disabled
> and the mail is delivered.
>
> How can I prevent this behaviour?

You can either configure your mail server to reject non-existing
recipient addresses (for MS Exchange, please see
http://www.byteplant.com/support/nospamtoday/howtorejectexchange.html
for details) or you can use NoSpamToday!'s Open Relay Protection to restrict
the set of valid recipient addresses: launch the Admin Wizard, switch to the
"Configuration" tab and double-click on the SMTP Proxy. On the third page
of the SMTP Proxy wizard you can enter the valid addresses you want to accept
into the "Recipient Addresses" list.



Customer Support
Byteplant GmbH
Re: Multiple recipients [message #976 is a reply to message #975] Thu, 23 December 2004 14:32 Go to previous message
romano.cibien
Messages: 4
Registered: December 2004
Junior Member
My smtp server refuses mail to non-existing recipients, but this does not help as the mail is delivered to all existing recipients.

The 'open relay protection' does not work so far, as any send requests of my clients to external addresses will be rejected (already tested). The smtp server and the NST proxy run on the same W2k server. NST listens on port 25 and forwards smtp requests to the smtp server on port 26. Cause I do not want to open my firewall for port 26 my clients need to go through the NST proxy.

Any idea how to allow the clients to send email to external adresses with 'open relay protection' configured?

Thanks.
Romano
Re: Multiple recipients [message #977 is a reply to message #976] Thu, 23 December 2004 15:14 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
> My smtp server refuses mail to non-existing recipients, but
> this does not help as the mail is delivered to all existing
> recipients.
> The 'open relay protection' does not work so far, as any send
> requests of my clients to external addresses will be rejected
> (already tested). The smtp server and the NST proxy run on the
> same W2k server. NST listens on port 25 and forwards smtp
> requests to the smtp server on port 26. Cause I do not want to
> open my firewall for port 26 my clients need to go through the
> NST proxy.
>
> Any idea how to allow the clients to send email to external
> adresses with 'open relay protection' configured?

As NoSpamToday! works as a transparent proxy, it only accepts mail
for recipient addresses your smtp server also accepts.
The "Address Patterns to Enable/Disable Filter" setting also applies only
to recipient addresses your smtp server accepts.
You can easily test, if a given recipient address will be accepted.
Open a command line window and type:
telnet 26
EHLO
mail from:
rcpt to:

If you get a 250 reply, mails to
will be accepted.



Customer Support
Byteplant GmbH
Re: Multiple recipients [message #978 is a reply to message #977] Thu, 23 December 2004 15:40 Go to previous message
romano.cibien
Messages: 4
Registered: December 2004
Junior Member
All this works as it should, that means, the smpt server rejects non-existing adresses correctly.

But the problem is, that the NST attachement filter does not check the attachement but stops cheching as soon as it finds a recipient that is not listed in the 'address patern to enable filter'. Before delivering any mail, NST should finish the filter chain.

See some extracted log-lines:

---------------------------------------------
Here, the mail (to one existing and one non-existing mailbox) was delivered, regardless of the attachment (pif file):

Dec 23, 2004, 15:38:19 Session 0: MAIL FROM:
Dec 23, 2004, 15:38:19 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:38:19 Session 0: RCPT TO:
Dec 23, 2004, 15:38:19 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:38:19 Session 0: RCPT TO:
Dec 23, 2004, 15:38:19 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:38:19 Session 0: DATA
Dec 23, 2004, 15:38:19 Session 0: Incoming mail action: accept/deliver (check disabled)
Dec 23, 2004, 15:38:19 Session 0: 354 Start mail input; end with .
Dec 23, 2004, 15:38:19 Session 0: Received end of data, mail size 5kB
Dec 23, 2004, 15:38:19 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:38:48 Session 0: Connection closed by client

-----------------------------------------------------
Here, the SAME mail (to two existing mailboxes) was correctly rejected/deleted:

Dec 23, 2004, 15:41:38 Session 0: MAIL FROM:
Dec 23, 2004, 15:41:38 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:41:38 Session 0: RCPT TO:
Dec 23, 2004, 15:41:38 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:41:38 Session 0: RCPT TO:
Dec 23, 2004, 15:41:38 Session 0: 250 Requested mail action okay, completed
Dec 23, 2004, 15:41:38 Session 0: DATA
Dec 23, 2004, 15:41:38 Session 0: 354 Start mail input; end with .
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) From: xxx.yyy@bluewin.ch
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) Subject: test
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) To: xxxx@xxxxx.xx,
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) zzzzz@xxxxx.xx
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) Attachment blocked:
Dec 23, 2004, 15:41:38 Session 0: Received end of data, mail size 5kB
Dec 23, 2004, 15:41:38 Session 0: (Attachment Filter) Filter result is reject/delete
Dec 23, 2004, 15:41:38 Session 0: Incoming mail action: reject/delete
Dec 23, 2004, 15:41:39 Session 0: 550 Your message was not delivered for policy reasons.
Dec 23, 2004, 15:41:39 Session 0: QUIT


Any idea?

Thanks.
Romano
Re: Multiple recipients [message #979 is a reply to message #978] Thu, 23 December 2004 18:02 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
> All this works as it should, that means, the smpt server
> rejects non-existing adresses correctly.
> ....
>
> Any idea?

I just connected to your primary MX myself and found out
that it accepts virtually any recipient address. Please check your
mail server configuration.



Customer Support
Byteplant GmbH
Re: Multiple recipients [message #980 is a reply to message #974] Thu, 23 December 2004 20:06 Go to previous message
romano.cibien
Messages: 4
Registered: December 2004
Junior Member
Yeah, I know. That's why I normally forward mails to unkown mailboxes to the "null" mailbox. I do this, because these times many 'return to sender' replies will remain in the mailserver's outbox due to invalid sender addresses. By forwarding nonsense mails to the "null" mailbox I can get rid of such stuff.

I just reconfigured the smtp server so that mails to unkown mailboxes will be returned to the sender. Try again.

Thanks.
Romano.
Previous Topic: Spam trap suggestion?
Next Topic: Auto Blacklist
Goto Forum:
  


Current Time: Sun Dec 04 11:13:46 CET 2016