Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Unknown recipients always bounce?
  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
Hey everyone,

I'm curious to know if there is a way to control how KMS handles a message that comes in to an unknown recipient. In our case, we have an external mail gateway doing some filtering of all incoming messages. It does a virus check, spam check, and makes sure the message is bound to an address at our domain before sending it through to the mail server inside. The problem lately has been that we have been getting messages sent to an invalid account, and some Kerio is bouncing them back. Of course, the original sender address was made up, or was randomly chosen, so people are getting these bounced messages that are looking like spam from us. Not good.

So, can we configure Kerio to not bounce these messages back? Bascially, if the account name doesn't exist, drop the message. Is this possible?

Thanks!
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
You could configure a catch-all account, and set up a rule to discard the messages that get delivered to it. Probably not ideal, but it should do the trick.

Scott
  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
Yeah, I had thought about doing that too, as it would also work. I'll probably end up doing that if there isn't a way to have Kerio drop those messages automatically.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I don't think it's actually Kerio. The "bounce" is usually generated by the sending server/gateway. All Kerio does is issue a user not found response when delivery is attempted.

Scott
  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
Good point, that makes sense. Ok then, catch-all it is. Thanks!
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
This is bad. This is wrong. You should not do it.

1) Email RFC requires that a mailserver return a message when it could not be delievered to an end user.

2) If someone sends mail to the wrong address - if your address is phaethar<_at_>yourcompany.com and they spell it as pheathar<_at_>yourcompany.com - the sender will NOT recieve any warning that the message was not delivered! They will think it was sucessfully recieved!

We see people trying to do this all the time. Usually they believe it will help reduce spam. It doesn't; if the mail is recieved with no return message, the spammer thinks he got a good address and will keep sending.

Pretty soon your mailserver will be flooded with spam, as each spammer thinks he was successful and keeps sending. It will be a drag on your server.

And innocent users will wonder "why didn't phaethar write back to me? It's been 2 days..." when that message to pheathar went to the giant bucket.

[Updated on: Thu, 04 May 2006 19:57]


Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
Josh,

I can see where you're coming from with this. Unfortunately, I don't see a lot of options right now. We're getting a lot of messages coming in with spoofed sender addresses. These messages come in to a non-existant account, get rejected, and are sent "back" to the sender address. I'm sure a small amount of these are misspelled names, but almost all of them are just junk mail. As a result, we've been getting some complaints of spam lately, thinking we may have an open relay even, which of course we don't. After looking through logs, we found out that they're basically bouncing mail off of us using this technique.

Faced with this, we had to do something. I'd rather deal with the potential of a bit more spam, which I don't think we'll see much of anyway, than have to worry about getting on blacklists because we've been reported for spam.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Quote:

Faced with this, we had to do something. I'd rather deal with the potential of a bit more spam, which I don't think we'll see much of anyway, than have to worry about getting on blacklists because we've been reported for spam.


It isn't spam it's a bounce message, therefore you wouldn't end up on a blacklist.

What you are trying to achieve goes against RFC standards. If your mailserver goes against these rules, you 'could' be listed on an AHBL, for having a badly configured mailserver. More info here:
http://rfc-ignorant.org/
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
You need to stop the spam before it enters the server for processing. The following features work in this way:

* SPF
* CallerID
* Spam Repellant
* Blacklists

Do you have all of them enabled? Are your blacklists set to deny (instead of adding spam score)?

I'd also recommend creating a custom blacklist and adding spam servers that cause you trouble.

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I think the problem is that he's using a mail gateway that doesn't verify the TO address before accepting mail. Better to let the mail server handle the virus scanning, and spam check since it knows what is and what isn't a valid address.

Scott
  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
sedell wrote on Thu, 04 May 2006 15:42

I think the problem is that he's using a mail gateway that doesn't verify the TO address before accepting mail. Better to let the mail server handle the virus scanning, and spam check since it knows what is and what isn't a valid address.



Yes, that is exactly the problem here. As far as the Kerio server is concerned, all mail comes from the same IP, which is an internal IP that routes through a conduit in our firewall to the DMZ and our mail gateway. This gateway only checks the destination domain before forwarding on to the mail server on the inside. While having 2 layers of defense is great from a virus and security standpoint, it does make things harder from a spam standpoint, as none of the features Joshua listed will work.

It sounds like I'm caught between a rock and a hard place. On the one hand, if I leave things as they've been, we get reported for spam because we're kicking back 30-40 messages per day at least based on spoofed addresses. These people get the messages that they never sent and report it as junk coming from us.

On the other hand, if I set up a catch-all account and get rid of the junk messages that way, I'm possibly running a poorly configured server and am RFC ignorant.

So, do I have any options short of making a lot of network changes? Putting the mail server into the DMZ is really not something I would like to do, for multiple reasons.

I appreciate all the help here so far!
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Ok, didn't realize this was a gateway. Well, if it were me (and I have no idea what your organizations requirements are) I would do what Scott suggested:
Quote:

Better to let the mail server handle the virus scanning, and spam check since it knows what is and what isn't a valid address


However, you already have a virus scanner on the gateway but will also need to get another for KMS (not very cost effective I know). Maybe wait for ClamAV, rumoured to be released within the next ??????


  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
We also receive mail relayed through our provider (store & forward). So all mail to us is coming from the same IP and therefore SPF, CallerID, etc. won't work. For this reason alone I'm changing our mail setup to direct delivery to our mail server (with the provider as backup during downtime)...

The more mail servers on the Internet check SPF and/or CallerID, the less these bouncing messages will get a chance. (If the 'other' mail server would have checked SPF/CallerID and your DNS was setup correctly, you would not have got the bounced mail in the first place.)
  •  
jessica

Messages: 1
Karma: 0
Send a private message to this user
Josh,

I'm using version 6.3.1 and it looks like this mail server was set up to have a catchall account (I didn't set it up...) and I'm trying to change this, as you've suggested. I can't find where I'm supposed to turn bounce messages on! I've looked at the manual, poked around the admin tool... can you please direct me?
Nixs

Messages: 159
Karma: 0
Send a private message to this user
Your first inbound mail hop should be configured to verify e-mail addresses. Kerio provides an LDAP, so your first MTA could verify against that.

If your inbound MTA has no ability to do user verification, then it's time to look at a decent MTA as your receiver.

BTW -- there are blacklists that add you if you send out non-delivery notifications for these spams. I can't name one off the top of my head, but I've had to deal with that issue myself before I implemented this.
Previous Topic: Messages from Kerio MailServer marked as *SPAM*
Next Topic: KOC & Outlook Weird Behavior
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 01:31:38 CET 2017

Total time taken to generate the page: 0.00570 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.