Hi,

I have a dedicated Linux server. I am allowing a small site owner to have their site on my server at no cost. It generates just a handful of visits each day so it's no big deal.

The problem is email. They are forwarding one of their email addresses (not associated with my server) to the email address that is on my server. (This email address gets a lot of spam and I'm having to sort through it in my trash mailbox.) I have asked them to stop, but I haven't gotten any response yet. Short of throwing them off the server, how can I deny email messages from going through my server when the TO: address is not on my server?

Can I use procmail? What do I do?

Thanks!

Let me get this straight.. They are forwarding THEIR email to YOUR email address? Not to one of their own @domainhostedonyourserver.com addresses?

They're not forwarding to MY address, but their own. It's on my server though, and it's unnecessarily using my bandwidth and time. (I gave them a spot on my server for free, after all...)

They have an email address with their dialup company, user@dialup.com and all mail to it is being forwarded to user@theirdomain_onmyserver.com.

Does that make sense? I need to set up something that will reject incoming mail that is addressed to user@dialup.com.

But why are you sorting through it?
Shouldn't they be looking after their own email?

I have a spam filter on the server and all of it goes to the same trash mailbox on the server. I go into it daily to make sure there weren't any important messages trashed. Regardless of the filter, though, having the email forwarding through my server is using bandwidth unnecessarily, as I said before.

Do you know how to block email sent to "user@dialup.com"?

OK. What mail server are you using?

sendmail...

Anyone???

I can deny email FROM a certain address, surely I can deny email TO a certain address... I'm just not sure where to do it. I'm thinking I could do it through procmail, but I don't know what syntax to use...

Okay, I'll try one more time.... Surely there is someone who knows how to do this, or can get me on the right foot so I can find the info myself. ???

Originally posted by AtoZ_2
Okay, I'll try one more time.... Surely there is someone who knows how to do this, or can get me on the right foot so I can find the info myself. ???

On your virtusertable file (usually /etc/mail/virtusertable) put:

user@theirdomain_onmyserver.com error:nouser No such user here

That will return any email send to that mailbox with an error message

Originally posted by AtoZ_2
Okay, I'll try one more time.... Surely there is someone who knows how to do this, or can get me on the right foot so I can find the info myself. ???

You are probably correct that procmail is the way to do it (if procmail is filtering your spam now). Depending on what procmail recipies you have there now, and what you want to do with the mail, it will probably be just a slight modification to the existing filter that is dumping it in with all of your other filtered mail. If you need help, I'll see what I can do to get you a recipie that will work.

Originally posted by Roger


On your virtusertable file (usually /etc/mail/virtusertable) put:

user@theirdomain_onmyserver.com error:nouser No such user here

That will return any email send to that mailbox with an error message

Realize that will kill ALL the inbound mail for that address. Not just the mail being forwarded from the other dialup account.

Look at access.db (actually probably the access.in file for the text version). There you can block by ip address range. Know the sending sever's ip address??? If not take a look at your mail log files, it's in there... See http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap22sec178.html for some help on how to confiure. You also need to makemap the file -- "/usr/sbin/makemap hash access < access.in" (if your text version is access.in, and restart sendmail with a kill -HUP to get it to reread the file. Be careful though if you get carried away with the access.in you could block mail you didn't mean to.

Originally posted by labgeek


Look at access.db (actually probably the access.in file for the text version). There you can block by ip address range. Know the sending sever's ip address??? If not take a look at your mail log files, it's in there... See http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap22sec178.html for some help on how to confiure. You also need to makemap the file -- "/usr/sbin/makemap hash access < access.in" (if your text version is access.in, and restart sendmail with a kill -HUP to get it to reread the file. Be careful though if you get carried away with the access.in you could block mail you didn't mean to.

Using the access.db to block by IP address may also have the effect of preventing the said user from sending mail to himself (use@hosteddomain.com) from his dial-up account, or... any other user on that dial-up mailserver as well... his friends and neighbors possibly? will be unable to send mail to the legitimate address hosted on the server.

It's probably not a big concern, as the account is being given to the user for free, but for precise blocking, it appears to me that procmail is the way to go in this case.

It's a lot less drastic than killing everything inbound for that user. You can also reject on sender's username and/or domain.

Originally posted by labgeek
It's a lot less drastic than killing everything inbound for that user. You can also reject on sender's username and/or domain.

Agreed that it is a lot less drastic, and if the access.db and virtusertable methods proposed were the only two methods available, the access.db is the one I would choose, for that reason. But, the access.db method may still have unintended consequences, which is what I was pointing out. As far as blocking on senders username/domain, that isn't what he is wanting to do, and unless the forwarder is rewriting the FROM headers to make the mail appear to be from himself at his ISP account, it won't work in this case.
Procmail has the advantage of being able to filter on any field in the headers (or the body of the message for that matter) so it can do selective filtering, and will be able to filter on the correct header field.

Thanks for all the replies.

I would like to use procmail if possible, but I don't know how to write the recipes. I will keep looking for one that bases it on the TO address.

Right now I just have a couple of recipes that look for characteristics of the most common worms, sircam and klez. The sircam one works perfectly, so I just send them to /dev/null, but the klez filter has around a 5% error rate, so I send it to a special mailbox that I check on the server and delete before it goes to my inbox on my home computer.

If I had a separate recipe based only on the TO field, I think that would work. I just am not sure on the syntax. If anyone has ideas, let me know. I can experiment.