H
huck
Guest
This may be elsewhere on the forums,and I know it was discussed when people were patching qmail in earlier plesk versions. But here is a synopsis of an issue we've been looking to resolve and a temporary workaround.
Plesk 8 does implement recipient checking via chkrcptto. However, domain aliases are not added to the rejectnonexist file.
As a result, dictionary attacks and spoof reply-to's sent to unknown users will generate a bounce.
Spamcop now treats backscatter as spam, and we've seen several people listed after either a dictionary attacks or large volumes of spam with spoofed header information.
Workaround
=========================================
You can add the aliased domain to the rejectnonexist file in /var/qmail/control but this will fail because the virtual domain does not exist in the mailnames directory.
Right now, we've created a symlink from the virtual domain name to the real domain name within the /var/qmail/mailnames folder.
This allows the chkrcptto to verify the user.
The chkrcptto plugin will have to be re-coded to allow checking of domain aliases.
I knew there was a hole in this somewhere after setting all domains to reject email and still seeing 1000's of failure notices in the mail queue.
Locals Issue
------
I've seen a few post where people add something like drop or devnull to the doublebounceto control file. In some limited testing, we found that this will fail unless you add the server's hostname to the locals control file.
Plesk 8 does implement recipient checking via chkrcptto. However, domain aliases are not added to the rejectnonexist file.
As a result, dictionary attacks and spoof reply-to's sent to unknown users will generate a bounce.
Spamcop now treats backscatter as spam, and we've seen several people listed after either a dictionary attacks or large volumes of spam with spoofed header information.
Workaround
=========================================
You can add the aliased domain to the rejectnonexist file in /var/qmail/control but this will fail because the virtual domain does not exist in the mailnames directory.
Right now, we've created a symlink from the virtual domain name to the real domain name within the /var/qmail/mailnames folder.
This allows the chkrcptto to verify the user.
The chkrcptto plugin will have to be re-coded to allow checking of domain aliases.
I knew there was a hole in this somewhere after setting all domains to reject email and still seeing 1000's of failure notices in the mail queue.
Locals Issue
------
I've seen a few post where people add something like drop or devnull to the doublebounceto control file. In some limited testing, we found that this will fail unless you add the server's hostname to the locals control file.