spam problem with empty sender address

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
supercsd
New user
New user
Posts: 3
Joined: 2011-03-29 10:31

spam problem with empty sender address

Postby supercsd » 2011-03-29 10:55

I have a windows server 2003 host with hmailserver 5.3.3-B1879.
I have the external to external check disabled in hmailserver ip ranges properties. I had to uncheck the "Allow empty sender address" in SMTP properties because of spam attacks.
With empty sender allowed I had hundreds of email like this:

"SMTPC" 3224 70554 "2011-03-28 01:46:27.792" "some.external.ip.xx" "RECEIVED: 220 some.external.server XESMTP Postfix (Debian/GNU)"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.792" "some.external.ip.xx" "SENT: HELO my.mail.server"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.839" "some.external.ip.xx" "RECEIVED: 250 some.external.server"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.839" "some.external.ip.xx" "SENT: MAIL FROM:<>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.886" "some.external.ip.xx" "RECEIVED: 250 2.1.0 Ok"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.886" "some.external.ip.xx" "SENT: RCPT TO:<some@external.account>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.948" "some.external.ip.xx" "RECEIVED: 250 2.1.5 Ok"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.948" "some.external.ip.xx" "SENT: DATA"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.995" "some.external.ip.xx" "RECEIVED: 354 End data with <CR><LF>.<CR><LF>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.995" "some.external.ip.xx" "SENT: [nl]."
"SMTPC" 3224 70554 "2011-03-28 01:46:28.495" "some.external.ip.xx" "RECEIVED: 250 2.0.0 Ok: queued as 4265E1072CB"
"SMTPC" 3224 70554 "2011-03-28 01:46:28.495" "some.external.ip.xx" "SENT: QUIT"
"SMTPC" 3224 70554 "2011-03-28 01:46:28.542" "some.external.ip.xx" "RECEIVED: 221 2.0.0 Bye"

If I have external to external send disabled, why permits hmailserver to send null sender to external mails without authetication ?
How can avoid this ?

Regards

^DooM^
Site Admin
Posts: 13853
Joined: 2005-07-29 16:18
Location: UK

Re: spam problem with empty sender address

Postby ^DooM^ » 2011-03-29 11:25

Please post screenshots of your ip ranges.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: spam problem with empty sender address

Postby dzekas » 2011-03-29 18:02

supercsd wrote:If I have external to external send disabled, why permits hmailserver to send null sender to external mails without authetication ?

You have misconfigured your IP ranges or you confused external with internal.

Default hMailServer configuration does not relay emails to external accounts without authentication.

Emails with null sender are not always spam. It can be valid DSN bounces.

topper
Normal user
Normal user
Posts: 30
Joined: 2009-10-15 09:23

Re: spam problem with empty sender address

Postby topper » 2011-03-30 07:42

I have the same issue, and I add a rule, like this

one for those spam "date" not 2011
second for those "to" field is empty

screenshot.gif
screenshot.gif (10.38 KiB) Viewed 1196 times


you can change the "to" to "from" :)
Vmware -> Win2003 + hmail.v5.5B + ClamAV.v0.98.4

supercsd
New user
New user
Posts: 3
Joined: 2011-03-29 10:31

Re: spam problem with empty sender address

Postby supercsd » 2011-03-30 10:44

I have two IP ranges, one local and one for the rest.

IP_Range_Internet.JPG


IP_Range_Local.JPG

supercsd
New user
New user
Posts: 3
Joined: 2011-03-29 10:31

Re: spam problem with empty sender address

Postby supercsd » 2011-03-30 13:26

I've been checking my logs and I think the "MAIL FROM: <>" are not the cause but the effect of spam. I discovered two compromised accounts so I am changing passwords on affected accounts. I hope this wil solve my spam problem.

One question, I want localhost to send mails only to local accounts. Are ok my ip ranges definitions (see my last reply)?
It process first higher priority ip range (127.0.0.1) and stops seeeking the rest of ip ranges (0.0.0.0-255.255.255.255)?

User avatar
mattg
Moderator
Moderator
Posts: 13825
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: spam problem with empty sender address

Postby mattg » 2011-03-30 15:00

supercsd wrote:Are ok my ip ranges definitions (see my last reply)?
It process first higher priority ip range (127.0.0.1) and stops seeeking the rest of ip ranges (0.0.0.0-255.255.255.255)?

Yes this is what your IP ranges as shown will do.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jun
Normal user
Normal user
Posts: 43
Joined: 2009-09-29 05:14

Re: spam problem with empty sender address

Postby jun » 2011-04-07 11:15

Hi,

I have a question... Could someone tell me where the raw emails if Hmail Server detected a spam emails? Is it save to the database or just the eml files?


JUN

^DooM^
Site Admin
Posts: 13853
Joined: 2005-07-29 16:18
Location: UK

Re: spam problem with empty sender address

Postby ^DooM^ » 2011-04-07 12:33

All email accepted by hmail is stored in the data directory. No emails are stored in the database.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ


Return to “General discussions”



Who is online

Users browsing this forum: No registered users and 4 guests