SPF Record And Catch-all Emails
Jan 29, 2008
how good is adding SPF to a host with catch-all emails in preventing spams. Web hosts suggest to turn off the catch-all emails. But what if there is need to turn catch-all emails, then does SPF record do a good job in preventing hacker from sending out emails that appear to originate our web host?
View 3 Replies
Jul 4, 2008
I have many domains on my mail servers using catch-all accounts. Due to this they receive a large number of spam and also the mail queue is always high. As a result, I have been thinking of disabling the catch-all account entirely on all the mail servers. I am however, not sure whether to do it or not. Are there any other companies which have disabled the catch-all facility in their mail servers? Shall I proceed towards disabling the catch-all facility?
View 6 Replies
View Related
May 16, 2007
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
--------------
MESSAGE NUMBER 3261696
--------------
Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500
Received: from axicom.net (HELO User) (67.112.176.250)
by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500
Reply-To: <notice@boamilitary.com>
From: "Bank of America Military Bank"<notice@boamilitary.com>
Subject: Notification from Bank of America Military Bank
Date: Wed, 16 May 2007 04:44:51 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
<title>Military Bank Online and Bill Payer Deactivation</title>
<FONT face=Arial size=2> </FONT>
<DIV>
<p><font face="Arial" size="2" color="#FFFFFF"> ...<img border="0" src="http://power-web43.net/images/boa.bmp"></font></p>
<p><font face="Arial" size="2"> Dear
Member,</font></p>
<DIV><font face="Arial" size="2"> This is your official notification
from Bank of America Military Bank that the service(s) listed below<BR>
will be deactivated and deleted if not renewed immediately. Previous
notifications have<BR>
been sent to the Billing Contact assigned to this account. As
the Primary Contact, you<BR>
must renew the service(s) listed below or it will be deactivated
and deleted. <BR>
<BR>
<BR>
<b> <a target="_blank" href="http://moremail.epicalliance.com/america.php"><FONT color=#003399>Renew
Now</FONT></a> </b>your <b>Military Bank Online </b>and<b> Bill Payer </b>
services.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
SERVICE: <b>Military Bank Online </b>and<b> Bill Payer</b>.<BR>
EXPIRATION: <b>May, 18 2007</b></font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
Thank you for using Military Bank Online.
<br> We appreciate your business and the opportunity to serve you.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Bank of America Military Bank
Member Service</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
*****************************************************************************<BR>
IMPORTANT MEMBER SERVICE INFORMATION<BR>
*****************************************************************************</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Please do not reply to this message.
For any inquiries, contact Member Service.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> <BR>
Copyright © 2007 Bank of America Corporation. All rights reserved.</font></DIV>
</DIV>
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
View 10 Replies
View Related
Sep 29, 2007
Going through [url] Installing_Moodle I came to see the thumb rule of 1GB RAM for 50 concurrent users. While I do not think it is mentioned for VPS, it may imply around 15 concurrent users for 256 MB RAM. A cheap shared hosting can handle that easily without moodle chat. I have heard that VPS is more powerful than typical shared hosting. But, if it is only powerful for the root access but not for handling larger users then it looks like a dilemma situation.
View 5 Replies
View Related
May 28, 2008
My client currently have news website that gets around 2.5 million average hits (number of requests) per day. Currently the site is hosted on single enterprise class server in a local data center (in Asia). Some days with breaking news the traffic peaks up and the website become unresponsive for several hours. 60% of the traffic is local and the other 40% is mostly from US and Europe.
My client is on a best available server on his local IDC and the IDC doesn't have anything further to offer, hardware or technology wise. In the same time client doesn't want to drop the local IDC as the 60% of his traffic is local.
What are my options?
1. I'm looking for a multi processor server with 8GB ram/10K 2X400GB SAS HDD's. In general, do I really need this type of server to serve 1 million hits?
2. What type of providers that you recommend for the above requirement?
3. I mainly need to route the US/Europe traffic to a US server or at least blindly route 50% of the traffic to a US server. How do I do this?
-- 3.a. Can this be done with software load balancing or something like Round Robin world work? Or how do we do this?
-- 3.b. What type server Admin's or management providers who can help clients with similar service (see 3.a)?
-- 3.c. Does Cloaking type of thing helps?
View 14 Replies
View Related
May 21, 2009
existing account have enabled catch all account automatically & i don't know how?
Main >> Server Configuration >> Tweak Settings
Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
currently it is tick marked on fail
And forwarders has been set to e.g jeetu@jeetu.info to domain automatically & also i don't how?
when i try to delete this forwarder its shown deleted successfully
Code:
Email Forwarding Maintenance
jeetu@jeetu.info's mail will no longer be redirected to jeetu.
then again i checked forwarder & found that forwarder is not deleted why?
what could be the problem?
due to this our clients are facing out of disk space running problem & they are not able to get future emails
1. now i want to disable catch all account for all existing accounts at one go
2. also i want to terminate forwarders for all existing users at one go
Let me know how to do this
Check attachment for further reference
View 0 Replies
View Related
Sep 27, 2007
i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting.
Here it is noteworthy catcth all used to attract a lot of spam.
View 3 Replies
View Related
Sep 4, 2007
Since Jan 07, one of our servers has been sending thousands of emails to ne.jp hosts.
Eg from logs:
Code:
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9ME016602: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7d016734: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9A4016629: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9la016616: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCkO016807: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7B016730: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCO0016757: to=, ctladdr= (2001/2001), delay=01:36:59, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDjq016819: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYBhL016751: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDPw016811: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
We're absolutely unable to track or find out who is sending it or how to stop this.
So I'm wondering if it is possible to prevent sendmail from sending to:
lsean.ezweb.ne.jp, OR
docomo.ne.jp, OR
softbank.ne.jp
/var/mail/vhostswww logs are not showing helpful info at all. Eg:
Code:
--l84GRnX5029819.1188924137/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041410.l84EA0Fh007971@debian>
Date: Tue, 4 Sep 2007 16:10:00 +0200
Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Submit) id l84EA0Fh007971;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EA0jk007973
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX5029819.1188924137/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:16 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:10:00 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX5029819.1188924137/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:10:00 +0200
--l84GRnX5029819.1188924137/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX5029819.1188924137/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX5029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:17 +0200
Tue, 4 Sep 2007 18:42:17 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX5029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:17 2007
--l84GRnX4029819.1188924135/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041411.l84EB8CS011861@debian>
Date: Tue, 4 Sep 2007 16:11:08 +0200
Tue, 4 Sep 2007 16:11:08 +0200
by debian (8.13.4/8.13.4/Submit) id l84EB8CS011861;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:11:09 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EB8f6011862
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX4029819.1188924135/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:15 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:11:09 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX4029819.1188924135/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:11:09 +0200
--l84GRnX4029819.1188924135/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX4029819.1188924135/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX4029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:15 +0200
Tue, 4 Sep 2007 18:42:15 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX4029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:15 2007
--l84GRnX3029819.1188924134/debian--
How would I solve this problem as it's making our server load skyhigh 24/7.
Additional info about system:
> Debian Linux, latest kernel
> Sendmail (we've tried postfix, exim, with same results)
> Non cPanel system.
View 6 Replies
View Related
Mar 30, 2009
i have a simple reseller account to give my clients some hosting space. one specific client keeps the domain registered with his current domain registrar. to point the domain name at his new hosting account (provided by me) he's saying that he just needs the "a-record", not the nameservers that i gave him originally. i can not seem to find an a-record for my hosting accounts anywhere ...
my hosting support is saying the client will just need the IP address. but afaik ip address is not == a-record
can anyone clarify what an a-record is exactly and whether or not it can be interchanged with an ip address?
this is for a .co.uk domain name and my reseller account is with hostgator
View 3 Replies
View Related
Oct 30, 2009
Common scenario; email sent from our server to Yahoo does not arrive. It is so bad that we have a 23% order completion rate for Yahoo users. To compare, Gmail is 83%.
We send emails to confirm registration, and also to remind users to complete their invoices.
Our setup is like so:
User registers at registration.domain.com, a different server to domain.com.
Upon registering an email is sent to the user using the registration.domain.com web server but with a from address of info@domain.com
Our info@domain.com email address is hooked up to Google Apps as this is who we use to manage our inbox.
how to construct our SPF records? I am slightly confused as we have a mail server, a different reply to domain and MX records with Google..
View 3 Replies
View Related
Dec 6, 2008
I would like to setup SPF record for my domain. I am using Google Apps for the domain.
But I will also be sending mail from my vps server. Hence what should I use?
Quote:
v=spf1 a include:aspmx.googlemail.com ~all
or
Quote:
v=spf1 a mx ~all
If both works, which one is better? I will be sending emails from subdomains of my main site too, so do I need to anything special for that?
I am using ~all instead of -all, because I sometimes send emails from my development server(which is having dynamic ip). Hence I don't want those emails to rejected, even if they are marked as spam.[url]
View 5 Replies
View Related
Jun 27, 2008
I need to update the TTL for the domain as i will need to migrate it to another IP. In my DNS record, there is a domain level TTL and also a record level (MX, A, CNAME) TTL. Which one should i change?
View 1 Replies
View Related
Feb 22, 2008
If my SPF record would be the following: domain.com. 14400 IN TXT "v=spf1 ip4:78.129.143.155 a mx a:.mail.saunalahti.fi -all"
Would mail sent from whatever@domain.com get sent through gw01.mail.saunalahti.fi (Would the SPF record allow it?) or would I have to specify a:gw01.mail.saunalahti.fi in the SPF record?
View 2 Replies
View Related
Jan 5, 2007
Currently we use a short SPF record that is inserted to the customers DNS file when the account is created....
"v=spf1 a mx ~all"
I was wondering do you guys/gals have a standard SPF record, one that is tested and works or do you think the above entry is sufficent?
View 8 Replies
View Related
Oct 10, 2007
Here is my SPF record, but sending email I get this in the header
@ 86400 IN txt v=spf1 a mx ptr ~all
Received-SPF: neutral (google.com: 75.126.62.147 is neither permitted nor denied by domain of gr******ardt@gmail.com) client-ip=75.126.62.147;
Authentication-Results: mx.google.com; spf=neutral (google.com: 75.126.62.147 is neither permitted nor denied by domain of gr******ardt@gmail.com) smtp.mail=gr******ardt@gmail.com
View 6 Replies
View Related
Jul 25, 2007
how to add an SPF record to my web hosting company's domain? The thing I'm scared of is blocking or messing up what works fine now.
My server (say myhostingcompany.com) is a mix of all kinds of services, some customers send mail through my server, some through they're ISP (so they're domain's DNS is with me) and all kinds of strange things.
How can I add a "risk free" SPF record?
View 2 Replies
View Related