blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-26 15:35

Scenario:

You have CATCHALL enabled.

You keep receiving a unwanted emails to a handful specific addresses that are not official (and therefore would come in to CATCHALL) BUT those specific addresses are the same ones and you know that they are always going to be a waste/spam/unwanted (maybe because they ended up on a spam address list). You want to reject them at source instead of receiving them.

EG,
INBOUND emails to:
accountuser1@ = received as it is an official address
accountuser2@ = received as it is an official address

specific_nonaccount1@ = reject
specific_nonaccount2@ = reject

random_nonaccount1 = receive to CATCHALL
random_nonaccount2 = receive to CATCHALL
random_nonaccount3 = receive to CATCHALL
random_nonaccountx = receive to CATCHALL

My external supplier mail host supplier gives the options to set up a blacklist of addresses to "return to sender" whilst receiving all others to a CATCHALL address.

What is your method of blacklisting specific local email addresses (preventing incoming deliveries to them) whilst having CATCHALL enabled to catch all other non-specific addresses?

(I have my method but would like to compare to other peoples ideas and methods)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-26 18:19

At end of OnAcceptMessage place the following or create a function with following code and call the function from end of OnAcceptMessage

Code: Select all

 if (InStr(1, oMessage.to, "accountuser1", 1) > 0) Then
  Result.Value = 1
 End If
 if (InStr(1, oMessage.to, "accountuser2", 1) > 0) Then
  Result.Value = 1
 End If
Or if these messages are coming from the same IP or from an IP range associated with the senders domain name then put their IP or IP Range into your windows firewall to block them from even getting to hmailserver. There will be no trace of them then. IP numbers in CIDR format can be placed in windows format for brevity.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-26 18:55

Or better yet don't use a catchall which is a job creation scheme with the job title being "time wasting operative" for everyone involved.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-26 18:58

Ok, I am impatient and Ill give you guys a choice of options that I have thought of and ask for your opinions:

1, use a script that refers to a hardcoded list of addresses (either by array, it...then or CASE etc) and reject them during the event of receipt (as in Percepts' example above) or simlar:

Code: Select all

	arrayAccounts(0,0)= "notwanted1@domain.com"
	arrayAccounts(1,0)= "notwanted2@domain.com"
	arrayAccounts(2,0)= "notwanted3@domain.com"
	for C = 0 to uBound(arrayAccounts)
		If arrayAccounts(C,0) <> "" then
			If (InStr(1, oMessage.to, arrayAccounts(C,0), 1) > 0) then
				Result.Value = 1
			End
		End if
	Next
Needs a script and the list remains invisible from the GUI.

2, Use a script against a DISTRIBUTION list (similar to my script here: viewtopic.php?p=175347#p175347):
Create a distribution list called "Banned Addresses" and in it list all the addresses that you want to blacklist. Then have the script refer to that particular distribution list, and if any of the addresses match then issue a rejection. Again, this relies on a script being placed in your EVENTSHANDLER.
Needs a script but the list is visible/modifiable via the GUI (in the distribution list).

3, Simply create an account of the addresses you want blacklisting, but do not enable them. That way the direct delivery will be rejected with "550 Account Not Active". This doesnt require any scripting but it does involve having accounts in your domains that have no place or purpose other than to perform a 'blacklisted address' function.
Doesnt need a script and list is visible in the GUI, but needs 'straggler accounts' setting up.

(oh yeah, option 4: get the feature introduced in to HMS :wink: )
Would be great but in reality isnt going to appear for years...if it does at all.

For me, the optimum solution is to have the feature built in to the software (obviously) an actually I find it very usefiul (I already use it in my mail), But in the meantime, which of the above options, or any others that you can think of, would be the best or preferred.

(Note this is just a question of opinion and discussion out of curiosity).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-26 19:31

I wouldn't use any of them. Its a time wasting exercise. Just switch the catchall OFF and problem solved and no ones time is wasted exceppt the person who can't type an email address correctly, but they find that out pretty quick when the mail is bounced to them and they can correct it without bothering you unless its very wrong and they need to phone you which they'll only do if its important.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-26 22:09

Well indeed. But there are also those that find the use of a CATCHALL address suitable and beneficial to their business/requirements though. (Afterall, if it wasnt of use then the 'catchall' feature wouldnt have been invented or incorporated). Rather than opinion of the benefits of the catchall feature, I was really asking for peoples preferred way of managing this situation; the purpose of asking was really about choices of script versus GUI compromise.

So anyone have a preference?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-27 00:27

percepts wrote:Just switch the catchall OFF and problem solved
+1
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 00:32

mattg wrote:
percepts wrote:Just switch the catchall OFF and problem solved
+1
Thats not answering the question though.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-27 00:45

Well it is...

Catchall achieves nothing, except your mail server then accepts SPAM

If you want to track which email address is sold / given to spammers by other companies (ie you want a unique email address for every sign up that you do), then use 'plus addressing'.
If a regular sender has your email address wrong, without a catchall they get a notification, and can change the address that they have.
If you have a regular misnomer that is used (eg I get some mail that says matthew@ rather than matt@) then you can create an alias

All a catchall achieves is to accept unsolicited mail.
That's fine if you want to delete all SPAM rather than notify the sender of a rejection, or if you want to create a honeypot, but most users just don't this rubbish in their email inbox.

Is there a valid reason to use catchall that I've missed?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-27 01:16

And its expensive to use a catchall both in time and money.
somebody has to be allocated the task of checking it regularly (daily) otherwise its pointless having it.
Then you have senders saying they sent the email and the intended recipient saying it hasn't arrived conducting pointless discussions between the two of them when the bounce caused by the lack of a catchall notifies the sender quickly that the address is wrong without wasting the intended recipients time.
Many email hosts still haven't got wise to this. I had one webhost change their default catchall on to catchall off when they finally woke up to the fact it was wasting massive amounts of their mailservers resources. previously they were using it as one of their selling points.

And as for the following drivel, you assume that every function in a piece of software was a good design idea. There are always some howlers in software and catchall is one of them to appease the paranoid who think they get some benefit from it when all it does is waste peoples time.
(Afterall, if it wasnt of use then the 'catchall' feature wouldnt have been invented or incorporated).

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-27 01:28

There are valid uses for catchall...
mattg wrote:All a catchall achieves is to accept unsolicited mail.
That's fine if you want to delete all SPAM rather than notify the sender of a rejection, or if you want to create a honeypot, but most users just don't this rubbish in their email inbox
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 01:35

Benefit number 1:
With the catchall, people can 'register' on the fly a type of 'plus addressing' address; this is particularly useful for, as an example, creating addresses to be used on the fly when signing up to different websites.
ie,
KLM Ltd: register as "klm@yourdomain.com"
McDonalds Ltd: register as "mcdonalds@yourdomain.com"
Avast: "avast@yourdomain.com"
etc

this gives 2 major benefits:
1, no hassle 'plus addressing' without the need of going through the rigmarole of requesting, arranging and setting up the 'new' address and contacting IT and get the alias setup
2, if any one of these addresses ends up on some unwanted spam list, you know EXACTLY how it got there and who/what company to blame
3, it gives the IT man time to do other things than waste time setting these things up

Benefit number 2:
Official 'plus addressing' style is well known about and is VERY obvious once you see a 'plus address'. For example, if an address is seen as "name+random@domain.com" it is very obvious a plus address. That tells those that see it that this system is possibly going to accept ANYTHING in this format without check by just changing the first or second word. (I refer you to google). And that makes it worse than a CATCHALL address because a catchall address looks 'normal' ("word@domain.com") and they have no idea it isnt official and therefore doesnt raise the possibility of being guessed at just by its look/format.

We use catchall addresses as described in example number 1 above. And we dont receive any 'spam' to catchall addresses other than to addresses that have addresses generated by 'chancing' from public records.
ie, Company is owned by 'Geoff' and 'Marion', and this is publicly visible on the internet (In the UK: Companie sHouse lists all Direvtors of all Limited companies). So they send an email to "geoff@company.com" on the off chance it gets delivered and is correct. However, with catchall, I would only have to blacklist "geoff@company" and "Marion@company" whilst letting in any other address knowing that it has been generated by use (by registering these addresses).

Also, using the catchall system would give UNLIMITED amount of emails to be used whilst the blacklist would contain only 4 or 5 addresses. Furthermore, there are genuine users that do misspell genuine email addresses: true they would be bounced if catchall was not in use, but that would :
a, delay the ultimate delivery and/if
b, the original sender notices it, and hassles to correct it and resends it. (some people are just too busy to notice and time delays can be critical. I know, we can discuss the stupidity of using email for urgent matters another day but fact is there are people that do).

However, with catchall enabled, it will be received first time round and can be actioned upon.

I have had catchall enabled for 3½ years now and have had to blacklist 4 addresses only: 3 of which are generated by chancers as detailed above using public records of the directors names (and the other one was sniffed as our enquiry address from the website - something that has now been changed and advertised differently). What's more ALL other spam that comes in to the business is on the geniune email addresses of users (not in catchall addresses) because these are the ones hat get banded about. (And dont forget we have spam-fighting systems in place anyway so it still gets weeded out and stopped whether its on catchall or genuine emails.)

So whatever you say about catchall, although is I agree with the THEORY, it certainly hasnt been proven to be practice in my experience.

There are 2 reasons for using CATCHALL.


so.... what do people prefer to create a blacklist:
1, Needs a script and the list remains invisible from the GUI.

2, Needs a script but the list is visible/modifiable via the GUI (in the distribution list).

3, Doesnt need a script and list is visible in the GUI, but needs 'straggler accounts' setting up.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-27 02:53

jimimaseye wrote:this gives 2 major benefits:
1, no hassle 'plus addressing' without the need of going through the rigmarole of requesting, arranging and setting up the 'new' address and contacting IT and get the alias setup
2, if any one of these addresses ends up on some unwanted spam list, you know EXACTLY how it got there and who/what company to blame
3, it gives the IT man time to do other things than waste time setting these things up
I count that you wrote three btw, perhaps one of those isn't a major benefit :mrgreen:

#1 Plus addressing just works 'on-the-fly' once it is set up. Ie you turn it on, and pick the character. What you describe sounds like Alias, not plus addressing
#2 No truer for catchall than plus addressing or even regular accounts. The only way to know exactly who sends mail is to check the logs
#3 No time needed or wasted by it if there is no catchall

FWIW, I don't use catchall, and haven't for many years. I don't use plus addressing.
I used to set up aliases, by these days I have an email address like 'promotions@mydomain.com' (pretty obviously a dud email address, sort of counters your plus addressing argument doesn't it) and get hundreds of vouchers and offers sent there each week. I have whitelisted this address in SpamAssassin, so I don't miss any important pizza vouchers or cheap movie tickets or whatever...

If I want to order pizza, I go to this account in my mail client and filter for work 'pizza' and get all of the pizza vouchers.
Delete stuff automatically that is >30 days old in this account

Catchall is (in my view) a good way to catch spam, and that's all
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-27 03:08

a, delay the ultimate delivery and/if
b, the original sender notices it, and hassles to correct it and resends it.
a, no it won't, it will speed it up becasue otherwise some numpty needs to be sitting watching the catchall account in real time otherwise how will anyone know its in there. And you just created a job for someone to waste their time when they could be doing something more productive.

b. The original sender will most times see their own error and fix it without hassling anyone. If its in the catchall who will know its in the catchall. Oh yeah, the numpty who has to spend all day watching it but of course they won't so it'll sit there for hours whereas if were bounced they'll know its wrong within 5 or 10 minutes and if they can't fix it then of course they make the effort to find out what correct address is. But that'll happen a damn site quicker than waiting an hour or two for the numpty to look in the catchall with all the spam and junk they'll need to sift through. And as I said, if its a simple typo then they can most likely fix it themselves which will be quicker.

Your arguments are bordering on ludicrous.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 11:29

mattg wrote:
jimimaseye wrote:this gives 2 major benefits:
1, no hassle 'plus addressing' without the need of going through the rigmarole of requesting, arranging and setting up the 'new' address and contacting IT and get the alias setup
2, if any one of these addresses ends up on some unwanted spam list, you know EXACTLY how it got there and who/what company to blame
3, it gives the IT man time to do other things than waste time setting these things up
I count that you wrote three btw, perhaps one of those isn't a major benefit :mrgreen:
Well, yes (added after). Maybe not a 'major' benefit but still a benefit.

mattg wrote: #1 Plus addressing just works 'on-the-fly' once it is set up. Ie you turn it on, and pick the character. What you describe sounds like Alias, not plus addressing
Yes, I suppose what I am describing 'on-the-fly' aliasing giving the benefits of 'plus addressing'. The 'catchall' address (despite what some may think) is actually one of the main manned addresses so the emails still get seen.

Example, imagine a main real account: "SALES@company.com". The catchall will also be set to be SALES@company.com. But when the sales department manning sales@ account look in there and see the orders, they can see straight away which company the orders belong to purely by the TO address. (And without fear of delaying or missing orders due to mistyped addresses by the sender)

mattg wrote: #2 No truer for catchall than plus addressing or even regular accounts. The only way to know exactly who sends mail is to check the logs
You missed my point. If I have registered and deliberately given them an email address which is unique to that contact/site, and then that address ends up on incoming shitty emails, I know exactly who has irresponsibly passed it on or at least who I am to be careful with in the future (if its a nuisance, it doesnt matter if it is that company abusing my opt-in preferences or being handled by a spambot called 'Olga from Russia' wanting to sell me her *benefits*). Furthermore it takes nothing to stop that address from coming in again and without effecting any other registrations I might have made with it to anywhere else (because that address is specific to that company). Its a "Disposable Address" (https://en.wikipedia.org/wiki/Disposable_email_address)

mattg wrote: #3 No time needed or wasted by it if there is no catchall
Irrelevant. If there is no time wasted without a catchall, and there is no time wasted WITH the catchall (as I am demonstrating), then the 'time wasting' argument doesnt exist.

mattg wrote: FWIW, I don't use catchall, and haven't for many years. I don't use plus addressing.
I used to set up aliases, by these days I have an email address like 'promotions@mydomain.com' (pretty obviously a dud email address, sort of counters your plus addressing argument doesn't it)
Does it ? How? I said plus addressing is bad because it advertises a 'free-for-all' catchall system for those that chose to change the random word (2nd part after the delimiter character) and fire off whatever they want in to you knowing it will be received. Whereas a format of 'promotions@mydomain.com' does not.

mattg wrote: ..... and get hundreds of vouchers and offers sent there each week. I have whitelisted this address in SpamAssassin, so I don't miss any important pizza vouchers or cheap movie tickets or whatever...If I want to order pizza, I go to this account in my mail client and filter for work 'pizza' and get all of the pizza vouchers.
But you still then have to spend "wasted time" searching through them to look for useful ones. Whereas if you have specific addresses for the particular company then you would know whether they are useful or not. But when YOUR 'promotions@mydomain.com' ends up being abused, you will spend more and more 'wasted time' searching through that list. In the end you may need to delete that alias but you will end up you will have several registrations to redo with your local pizza companies and NHS suppliers. I use it for the same reason and spend a lot less time filtering through shit knowing what outlet my addresses have been linked to simply by seeing the TO address in my client. No filtering required.

mattg wrote: Catchall is (in my view) a good way to catch spam, and that's all
And yet:
mattg wrote:FWIW, I don't use catchall, and haven't for many years. I don't use plus addressing.
....so it is all theory on your part. Whereas, on my part:
jimimaseye wrote: I have had catchall enabled for 3½ years now and have had to blacklist 4 addresses only: 3 of which are generated by chancers as detailed above using public records of the directors names (and the other one was sniffed as our enquiry address from the website - something that has now been changed and advertised differently). What's more ALL other spam that comes in to the business is on the genuine email addresses of users (not in catchall addresses) because these are the ones that get banded about.
...I have REAL LIVING evidence and experience to show the contrary. I use catchall and I simply cant catch any spam in it. So clearly NOT a good way.


Now for the other counter answer. I will, of course, start with his quote:
percepts wrote:
jimimaseye saying something that Im not reading.
(I will make lots of assumptions like:
a, catchall goes to an unmanned account
b, an appointed person needs to search that unmanned account and that will take them A LONG time
c, but it is simply unthinkable that a company or business will have a man available for looking at email accounts anyway.

and I will formulate my own response to my own assumptions.
)

Your arguments are bordering on ludicrous.
No response required. You dont bother reading things anyway.

I will repeat, I have wanted opinion and peoples preferences between script and no GUI, script with GUI, or just GUI, to achieve a solution to something, and not focus on peoples ideas of whether catchall is good or bad. Still, I guess I was asking too much in such an easy request.

No worries, I'll go back to my trouble free, spam free, easy access disposable catachall address system and continue to use my chosen method of blacklisting. And the rest of the world will just have to do the same and keep it to themselves and hope they too never want inciteful opinion here. (What with this being a public FORUM an' all, in THEORY, it should have been a good place to get it).

Oh well.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-27 17:03

jimimaseye wrote:
mattg wrote: Catchall is (in my view) a good way to catch spam, and that's all
And yet:
mattg wrote:FWIW, I don't use catchall, and haven't for many years. I don't use plus addressing.
....so it is all theory on your part.
Not at all.

I did use a catchall for the first five or so years, thinking that I would achieve something form it's use.
Didn't happen.

Now having NOT used catchall for the last quite a few years, I don't believe that I've missed anything, except some spam.

I tried plus addressing and aliases.
Creating a promotion@domain.com account is where I evolved to, many years ago.
Not looked back.

'Filtering,via Thunderbirds built in filter, is no different to look for the word 'pizza' or 'dominos' than it is to check a TO address in a catchall account.

Catchall accounts increase spam, and make you fail some open relay tests.
It is even worse if you have a default domain as well.




FWIW, now that I have started to tame SpamAssassin, I use the blackilst and whitelist feature of SpamAssassin. Much easier and quicker than trying to script a solution in hMailserver, although there is a feature request for a blackilist in hMailserver.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 4192
Joined: 2006-08-21 15:38
Location: Denmark

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by SorenR » 2016-02-27 18:32

mattg wrote:FWIW, now that I have started to tame SpamAssassin, I use the blackilst and whitelist feature of SpamAssassin. Much easier and quicker than trying to script a solution in hMailserver, although there is a feature request for a blackilist in hMailserver.
I have a Blacklist and a Whitelist global rule that sets a header value in the email based on whichever match I define (from, to, message-id etc.). My SPAM rule then know which folder to put it in... If it goes into the SPAM folder then SA will learn it as Bayesian SPAM and deal with it...

Minimum maintenance, maximum pleasure :mrgreen:
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 18:50

mattg wrote: I did use a catchall for the first five or so years, thinking that I would achieve something form it's use.

Now having NOT used catchall for the last quite a few years, I don't believe that I've missed anything, except some spam.
I guess this comes down to luck then (and maybe a little bit of personal management about how and when the knowledge of the open catchall feature gets publicised?). You had catchall, and you received spam on catchall addresses. I have catchall on, find it handy and use it very successfully to serve a purpose, and I dont receive any at all on them.

I personally am quite open minded to see that there can be more than one opinion based on experience that can be considered and accepted (especially when there are facts and examples demonstrating and backing up the point). But random denouncing of any other opinion but ones own without personal experience whilst being faced with other peoples experiences to the contrary just has no place for me in any discussion. At all.

The conclusion (yes, I mean "THE" conclusion, not just 'my opinion') is, therefore, that 'catchall' has its benefits and possibly (as in not guaranteed) also a downside (if youre unlucky) that needs management.

What it also means is that it DOESNT only "achieve to accept unsolicited mail". And "is expensive to use a catchall both in time and money." Not true. Proven. Fullstop.

So.... out of the 3 options below, what would people prefer to create a blacklist (Yes, Ill try one last time....):
1, Needs a script and the list remains invisible from the GUI.

2, Needs a script but the list is visible/modifiable via the GUI (in the distribution list).

3, Doesnt need a script and list is visible in the GUI, but needs 'straggler accounts' setting up.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-27 19:40

Luck? There is nothing about software systems that come down to luck. How much time have you spent over the last two years farting about with spam protection in SpamAssassin just so you can tell us how clever you think you are becasue you don't get any spam in your catchall account when switching catchall off in the first palce would have solved that in a few seconds.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 22:13

percepts wrote:How much time have you spent over the last two years farting about with spam protection in SpamAssassin just so you can tell us how clever you think you
None. Didnt need to. I dont get any spam coming to my catchall accounts in the first place.

Sorry, Ill repeat it.... "I dont get any spam coming to my catchall accounts in the first place."

(I thought Id make it bigger for you to see, what with you having problems in reading what people write..as is obvious in this thread and that other one you keep responding to: viewtopic.php?f=10&t=29275 - despite the man already having countered earlier in the thread what you keep questioning and saying that he is no longer going to be answering. Mind you, its your time youre wasting. (You can have that hint on me. Youre welcome.))

You seem to be a man that despite your signature doesnt actually want to be "learning new tricks" and understand that there are other experiences and ways of doing things beyond that of your own. Maybe you should change the way you advertise yourself.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-27 22:15

For others (that want to read), I am posting my chosen solution. Tested and works fine for me.

Create a Distribution List called "CatchallBlacklist" within the domain containing all addresses as members that you want to blacklist. Make sure it is enabled. Then add this script to EVENTSHANDLERS. Simple because the list is tailorable within the GUI of admin instead of messing around with scripts.

Code: Select all

Sub OnSMTPData(oClient, oMessage)
removed
End Sub
In addition I added a little bit of code to log the event in ERRORS log and also email me a notification every time one arrives - this way I can keep track of the lack of catchall spams I get. :lol:

Done.
(no comment required).
Last edited by jimimaseye on 2016-02-28 12:30, edited 1 time in total.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by mattg » 2016-02-28 01:44

jimimaseye wrote:Create a Distribution List called "CatchallBlacklist" within the domain containing all addresses as members that you want to blacklist. Make sure it is enabled. Then add this script to EVENTSHANDLERS. Simple because the list is tailorable within the GUI of admin instead of messing around with scripts.
Interesting approach jimimaseye.

Same approach could be used for restricting access to some users, or maintaining lists of domain admins, or all sort of things that affect only certain users.

It seems that this is where you were headed from the outset, discussion just went tangentially though.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by percepts » 2016-02-28 02:01

jimimaseye wrote:
percepts wrote:How much time have you spent over the last two years farting about with spam protection in SpamAssassin just so you can tell us how clever you think you
None. Didnt need to. I dont get any spam coming to my catchall accounts in the first place.

Sorry, Ill repeat it.... "I dont get any spam coming to my catchall accounts in the first place."

(I thought Id make it bigger for you to see, what with you having problems in reading what people write..as is obvious in this thread and that other one you keep responding to: viewtopic.php?f=10&t=29275 - despite the man already having countered earlier in the thread what you keep questioning and saying that he is no longer going to be answering. Mind you, its your time youre wasting. (You can have that hint on me. Youre welcome.))

You seem to be a man that despite your signature doesnt actually want to be "learning new tricks" and understand that there are other experiences and ways of doing things beyond that of your own. Maybe you should change the way you advertise yourself.
Not reading what people are asking? take a look at your first post in this topic today. :lol: :lol: :lol: :lol: :lol: :lol:

viewtopic.php?f=9&t=29300#wrap

And since you claim you don't receive any spam in catchall why are you wasting your and other peoples time asking about how to stop it, especially when you had already worked out what you wanted to try and impress everyone else with. Maybe you're just trying to get everyone to tell you how to do your work for someone else but since you weren't interested in hearing what they said because it contradicted what you had already worked out, it emphasises the point that you really just wanted to impress everyone with what you've already done.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 10:37

mattg wrote:Interesting approach jimimaseye.

Same approach could be used for restricting access to some users, or maintaining lists of domain admins, or all sort of things that affect only certain users.
Well, yes, I think so. In fact this: viewtopic.php?f=20&t=28045 does do the 'restricting some users' using that very method.
mattg wrote: It seems that this is where you were headed from the outset, ....
Well, not really. I know what I was going to do (hence me saying "(I have my method but would like to compare to other peoples ideas and methods)" in my first post. I really just wanted discussion of the different methods (potentially leading to me to ask for a vote in Feature Requests). That was the whole point of my initial thread.
mattg wrote: ..... discussion just went tangentially though.
Depends on your point of view. For me, yes, because no one gave me an answer to my actual question (preferred methods of blacklisting) instead offering their opinion on why I shouldn't be using it in the first place. But if you use the literal term "discussion" and apply it to that subject of 'CATCHALL - good or bad", then it wasnt so bad (it really was a 'discussion'). :wink:
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 10:53

Crikey, youre persistent, Ill give you that.
percepts wrote: And since you claim you don't receive any spam in catchall why are you wasting your and other peoples time asking about how to stop it
I didnt. Read it again. I asked on peoples preferred method to approaching it.
percepts wrote:especially when you had already worked out what you wanted to try
Yep, true. I said that in the first post too.
percepts wrote:Maybe you're just trying to get everyone to tell you how to do your work for someone
No, I had my method (already said so), was already using it, and it was for me and my purpose only.

Hint: Reading helps. It will help with your invaluable help you offer to the forum. (You can have that on me. Youre welcome.)

Oh, and again, I think you didnt read the bit on that last post:
jimimaseye wrote:For others (that want to read), I am posting my chosen solution. Tested and works fine for me.
.
.
.
In addition I added a little bit of code to log the event in ERRORS log and also email me a notification everytime one arrives - this way I can keep track of the lack of catchall spams I get. :lol:

Done.
(no comment required).
http://dictionary.reference.com/browse/read - in case you're unsure.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 4192
Joined: 2006-08-21 15:38
Location: Denmark

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by SorenR » 2016-02-28 14:11

Could everyone please take a dive in the ocean and cool down...

I've looked at the code and "CatchAll" does not mean what you think it means... I believe the term "Universal Blacklist" cover it better.

Functionality: For every domain on the server there will be a distributionlist called "CatchallBlacklist@mydomain1.com", "...@domain2.com", "...@domain3.com" and so on. Each list contain email addresses the system should blacklist - but only for the specific domain...

Jez... You guys are such children sometimes...
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 14:39

SorenR wrote: Functionality: For every domain on the server there will be a distributionlist called "CatchallBlacklist@mydomain1.com", "...@domain2.com", "...@domain3.com" and so on. Each list contain email addresses the system should blacklist - but only for the specific domain...
Indeed, exactly. And I use it to blacklist addresses that would otherwise come in because my catchall (for the specific domain) is enabled thus allowing 'on-the-fly' (ie, without needing "setup" or creation) disposable addresses whilst being to able control and prevent use of abused ones. There is no point using it to list and prevent actual real accounts because that can be achieved by simply disabling the account. Quite effective, actually.

Maybe I should rename and title the whole thing as "(MY way of...) Creating an on-the-fly Disposable Address system in Hmailserver"
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 15:48

This was the inspiration and what I was trying to reproduce (when asking about preferred ways of implementing it). It is a feature that I already had in use as provided by our external email provider (from what the screenshot below is taken) and I wanted to replicate for using direct smtp deliveries. The screen is self explanatory and you can see how my above script fits in and replicates:
Catchall.png
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 20:01

I removed the code from above because I discovered that it was suitable only to my specific scenario, and not good enough for general use (despite how it looked).

Initially, it uses the idea of checking the recipient user against the blacklist and rejecting accordingly. However, I found out with a CATCHALL address set, the 'recipient' was ALWAYS going to be whatever the address is set as catchall - it is never the actual address that was intended by the email.

eg.
1, CATCHALL = catchall@domain.com
2, email comes in addressed to 'unwanteduser@domain.com'
3, 'unwanteduser'@domain.com is not a real active user so gets sent to catchall@domain.com' therefore recipient is modified to 'catchall@domain.com'
4, omessage.recipient.address is ALWAYS "catchall@domain.com" (never the original 'unwanteduser@domain.com'), and therefore would never match the blacklisted address ('unwanteduser@domain.com').

This is not ideal and technically no good for the generic purpose I wanted or for anyone else.

That said, the code worked fine for my situation because I had a ROUTE setup for my domain which was still sending out to my external host (which I would later collect via pop3). Consequently, because there is a route, the recipient WAS checked and matched against the blacklist. Its strange, but true.

ie
1, CATCHALL = catchall@domain.com
2, email comes in addressed to 'unwanteduser@domain.com'
'3, unwanteduser'@domain.com is not a real active user but there is a route for DOMAIN.COM for unknown users
'4, unwanteduser'@domain.com was then checked against the blacklist, found and rejected
(whereas wanteduser@domain.com' would be checked, not found blacklisted, and then routed out via the route)
(5, POP download collects the mail from external host which would now include the mail to 'wanteduser@domain.com').

It comes down to the problem we have seen before of a CATCHALL address being ignored if a route has been set up (currently in github).

So, to summarise, I personally have a solution, but it is specific to my scenario and not ideal for generic 'publication'. I would like a generic solution that doesnt involve routing and external hosting.

Im still thinking about it before I give up and selfishly accept that at least *I* have something working. Im thinking that encoding the 'catchall' feature within the script (based on blacklist checks and accepting/forwarding as appropriate) whilst 'turning off' the gui "CATCHALL" in the domain will be my next test.

I am open to suggestions as long as they are constructive to achieve the initially stated intended goal.

EDIT: Nah. Recipient validity happens before it reaches the various events and '550 Unknown User' rejection gets issued before I can do anything with oMessage in OnSMTPData.

I give up on a generic solution.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-28 23:34

Full success. I have a script and method to acheive the desired results that is suitable for all and will post it all tomorrow.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-02-29 16:16

Done. viewtopic.php?f=20&t=29306 And every bit a replication of the above feature (shown in screenshot)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: blacklisting local addresses for inbound email whilst with CATCHALL enabled.

Post by jimimaseye » 2016-04-13 13:24

I recently was running a test to prove and provide evidence of this issue about CATCHALL attracting spam.

Over 28 days I received only 23 spam emails in total coming in on invalid addresses (being caught by catchall), and they all came in to the same five email addresses:
emailsales@mydomain.com from customer.service@axminster.co.uk"
emailsales@mydomain.com from Murphy.Jimmie7@acttv.in"
emailsales@mydomain.com from tara@charismabathrooms.com"
emailsales@mydomain.com from tara@charismabathrooms.com"
emailsales@mydomain.com from Whitehead.Kathleen46@staffdrum.com.br"
emailsales@mydomain.com from workshop@digitaltachocentre.co.uk"
emailsales@mydomain.com from workshop@digitaltachocentre.co.uk"

fax@mydomain.com from Estes.Rodolfo21@johnvo.ca"
fax@mydomain.com from SmithMindy5054@thepsc.net"
fax@mydomain.com from tara@charismabathrooms.com"
fax@mydomain.com from workshop@digitaltachocentre.co.uk"

salesenquiry@mydomain.com from jialily8@gmail.com"
salesenquiry@mydomain.com from kmtek.led5@gmail.com"
salesenquiry@mydomain.com from midsled.ellen@gmail.com"
salesenquiry@mydomain.com from tyler.cui@showbench.com"

voice.mail@mydomain.com from customer.service@axminster.co.uk"
voice.mail@mydomain.com from Kent.Elvira9@qpress.nl"
voice.mail@mydomain.com from list_reportservices@ukmail.com"

ycygj53q.9247871@mydomain.com from drabbleBobbie488@flammator.ch"
ycygj53q.9247871@mydomain.com from workshop@digitaltachocentre.co.uk"
ycygj53q.9247871@mydomain.com from EdingtonDela45@sbztravels.com"
ycygj53q.9247871@mydomain.com from wildsmithFanny35@sophiemartincatering.co.uk"
That is despite the potentially infinity count of emails that could come in due to catchall, the reality is I only have to manage 5 addresses (by adding them to a blacklist to reject delivery).

The count of messages could have been higher if I was not running any anti-spam system (spamassassin stopped delivery due to being identified as spam before even hitting the blacklisted recipient check) but I know that they would still have only come in to the same 5 addresses (this is why I have these addresses on the blacklist - I add to the blacklist as 'new' abused addresses become apparent).

So, does catchall INVITE spam and serve no other purpose? Categorically no. And as proven with a small blacklist it is perfectly manageable and useful to have.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply