I just posted the below msg on the R5 forum, but it just occured to me that my SMTP server is R6. Does anyone have any info on this?
I’ve read all the postings about the postmaster account and I have the exact opposite problem of everyone that’s posted. I don’t have a postmaster account set up, yet mail to postmaster@mydomain.com comes into the system and arrives in my mailbox, another admins mailbox and tries to be delivered to the servers.
I also just received some email intended for abuse@mydomain.com. No where in any address book is abuse@mydomain.com defined. It’s not in anyones name, shortname or internet address field, it’s not a mail-in database, it’s not listed in any server or config document - it doesn’t exist.
This isn’t necessarily a bad thing, but it’s driving me crazy that I can find no reference to this behavior anywhere. How does the server know where to send this stuff? Obviously it’s sending it to some list of administrators from somewhere (server doc?). But how do I know what addresses it considers ‘forwardable’ to the admins? (So far I’ve only seen postmaster@mydomain.com and abuse@mydomain.com get through - other ‘bad’ addresses don’t come through - they are rejected as expected. And how do I know what field it’s pulling the admin names from? I really don’t want it to send to the servers too, as that generates a delivery failure.
I could find no references to this on the web, or in the help files.
There are 2 “built-in” accounts/behaviours defined, the “postmaster@domain” and “abuse@domain”.The router first tries to lookup these entries in your Domino Directory to see if they are actually defined and if so delivers them to the mail dbs defined by them, otherwise, as a fallback, it’ll try send them to the administrators of the server, as defined in the server document.
Suppose you have setup your Domino 6 server to check all incoming smtp connections to verify the address is in the Domino Directory…If postmaster or abuse is not setup in the directory as a person doc will the mail still get delivered to the admin or will it get rejected?
A lot of spam comes in addressed to postmaster and I would like the option to not have it get delivered but instead get rejected…
“Suppose you have setup your Domino 6 server to check all incoming smtp connections to verify the address is in the Domino Directory…If postmaster or abuse is not setup in the directory as a person doc will the mail still get delivered to the admin or will it get rejected?”
Just did a test and guess what? You can force your Domino server to be non-RFC compliant this way.
We do verify addresses in the Domino Directory before accepting mail. So I temporarily deleted the mail-in record for abuse@ (never see any mail there anyway, so a pretty harmless test), then used Telnet to connect to my Domino MTA on port 25 and told it I had mail for abuse@…
Got a 550 - no such user 8-<
I guess this is also true for postmaster.
In other words you can bounce messages addressed to postmaster@[your_domino_host] this way if you really want, but I do advise against this. Far better to have, as RFCs require, a working postmaster address and just direct it to a mail-in as I suggested earlier.
Howard,I just found that you can reject mail incoming to those accounts (postmaster and abuse) by listing them in the field labeled “Deny messages intended for the following internet addresses:”. This field is the last one in the configuration record for your server under Router/SMTP->Restrictions and Controls->SMTP Inbound Controls tabs.
I prefer to reject these accounts since the only ones I really feel bound to accept are those listed under domain registration info. If someone wants to get the technical contact at a domain, thats where they are supposed to go get the info.
Beautiful!!!..Did it on my DOM 7 too…I didn’t notice until I got hit by a couple of thousand Viagra spam mails today all sent to postmaster@mydomain
I put the setting in and sent a test message and watched the server concole
13/07/2006 10:00:20 PM SMTP Server [0A90:0008-05B4] Attempt to relay mail to postmaster@mydomain rejected for policy reasons. Relay to recipient’s address denied by your configuration.
CHAMPION mate. I should have thought of that. I’ve just checked and this works in Dom 7 too. I don’t like the concept of delivering to a mail in database because that implies that someone is going to LOOK at it. If not, then where is the point in using a MIDB just to comply with an obsolete RFC. Yep - obsolete in my opinion - because any ‘standardised’ address is going to be a spam magnet, which I’m sure wasn’t considered by the RFC authors! I’m with you - if you want to email me, check my SoA and find the valid contact address.
“If postmaster or abuse is not setup in the directory as a person doc will the mail still get delivered to the admin or will it get rejected?”
Like Thomas said, it will be delivered to the server administrator(s) in the absence of any explicit destination like a mail-in.
You cannot reject mail addressed to postmaster. It is an RFC requirement that any Internet host that accepts SMTP will accept a message addressed to postmaster@[whereever].
Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox “postmaster” as a case-insensitive local name … The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of “RCPT TO:” (with no domain specification), MUST be supported.
If you get a lot of spam at your postmaster address, set up a mail-in database named postmaster so all the spam goes there, keep the messages in native MIME and right there you have a nice little collection of spam samples to:
feed spamcop
tune your local list of blocked IP ranges
identify persistent spam sources and find which public blocklists might help you
We used this template from the LDD Sandbox to create postmaster and webmaster mailboxes. I didn’t know about the abuse address. Thanks for the information.
I just tested this, and it appears that it’s looking at the Server document in the Security tab. I sent a message to postmaster and it was delivered to each member of the “Administrators”. However, when I sent a message to abuse the server didn’t receive the message - just the people from the above group. I must add that my “Database Administrators” and “System Administrator” contain the same list of names as well, but I wouldn’t think they would receive the message.
It would be interesting to find out how this is done.