Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Help: keep site, kill email

  1. #1
    Join Date
    Jun 2007
    Posts
    25

    Default Help: keep site, kill email

    I have a domain that gets too much spam. So much I want to kill that domain. But just email, I want to keep the Web site.

    Note that I do have a very good anti-spam filter, and I know how to turn the domain off in the MTA level. But I don't want the MTA receiving and bouncing messages sent to that domain. That would be a waste of resources. I don't even want the mail to reach my MTA. I want to create a "black hole" that tells the sender that the domain doesn't even exist here. At the same time, keep the Web site running.

    How do I that? I wonder if just deleting the MX record would be enough.

    TIA.

  2. #2
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    Quote Originally Posted by lucth View Post
    How do I that? I wonder if just deleting the MX record would be enough.
    Bingo. I'd also modify the appropriate confs for your mail daemon (remove the domain).

    -Guy

  3. #3
    Join Date
    Jun 2007
    Posts
    25

    Default

    Well, but I already deleted the MX record, more than 5 hours ago. And the domain still gets mail. I just tested. Shouldn't the change be effective immediately?

  4. #4
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    If deleting the MX records doesn't work, try pointing the MX records to localhost.localdomain or 127.0.0.1?

    I use GoogleApps for my domains so mail administration isn't my strongest point.

    --edit--

    Which mail daemon are you using?
    Last edited by GuyPatterson; 08-23-2009 at 04:08 PM.

  5. #5
    Join Date
    Jun 2007
    Posts
    25

    Default

    What difference does it make which MTA I use? If the mail is reaching my mailboxes, deleting the MX record clearly is not enough.

    It's qmail, but that doesn't matter. I want to prevent all messages from reaching the MTA at all.

  6. #6

    Default

    Well, you have to wait for the MX record changes to propagate.

  7. #7
    Join Date
    Jun 2007
    Posts
    25

    Default

    It's been more than 24 hours, and mail sent to that domain still reaches my mailbox.

    I understand that a *location* needs to propagate. But the location didn't change. It's still here, at VPSLink and my domain. So MTAs from all over the world should head my way. But, once they get here and find no MX record, mail should bounce, shouldn't it?

  8. #8
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by lucth View Post
    So MTAs from all over the world should head my way. But, once they get here and find no MX record, mail should bounce, shouldn't it?
    No.
    If I recall the mail RFC's correctly, (legitimate) MTA's must respect MX records, but fall back to A records if none exist. So it's not enough just to drop your MX's and be done.

    Since your problem originates from spammers' (non-legitimate) MTA's, the rules don't actually apply anyway.

    If you continue to run an MTA on the host configured with the A record of the domain, it will continue to receive email for the domain. Simply stop the mail daemon process and configure it not to start.

    I'd like to say that after a few days/weeks/months/years without an MTA answering, the spammers will give up and leave you alone, but that's not been my experience. Once a domain finds its way onto those lists, it seems impossible to get it off.

  9. #9
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by lucth View Post
    At the same time, keep the Web site running.

    How do I that?
    The correct solution depends on your configuration and your expectations.

    If you have a config like this:
    Code:
    domain.dom A 1.2.3.4
    then I suspect stopping the MTA or running it on a non-standard port are your only options. The expectation here is that you do not want to receive any email whatsoever.

    However, if you have a config like this:
    Code:
    domain.dom A 1.2.3.4
    www.domain.dom A 1.2.3.4
    then you can remove the first domain entry, leaving the second one with the 'www' host portion intact.
    With such a configuration www.domain.dom will resolve, but domain.dom by itself will not. If you continue to run an MTA on that box, the expectation is that it will receive mail for the host www.domain.dom.
    Last edited by chriss; 08-24-2009 at 07:16 PM. Reason: Don't parse the links.

  10. #10
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    Quote Originally Posted by lucth View Post
    I want to prevent all messages from reaching the MTA at all.
    Not sure if you got your initial request resolved or not, but if the DNS changes aren't working, and you must leave the MTA on/open, just start sh**listing...

    This should get you started:
    Code:
    -A INPUT -s 10.0.0.0/8 -j DROP
    -A INPUT -s 38.99.0.0/16 -j DROP
    -A INPUT -s 38.100.0.0/16 -j DROP
    -A INPUT -s 38.105.244.0/24 -j DROP
    -A INPUT -s 38.112.21.0/24 -j DROP
    -A INPUT -s 38.118.25.0/24 -j DROP
    -A INPUT -s 38.118.42.0/24 -j DROP
    -A INPUT -s 58.60.0.0/14 -j DROP
    -A INPUT -s 58.240.0.0/15 -j DROP
    -A INPUT -s 60.14.0.0/15 -j DROP
    -A INPUT -s 60.166.0.0/15 -j DROP
    -A INPUT -s 60.168.0.0/13 -j DROP
    -A INPUT -s 60.190.216.0/20 -j DROP
    -A INPUT -s 61.135.0.0/16 -j DROP
    -A INPUT -s 61.139.0.0/16 -j DROP
    -A INPUT -s 61.140.0.0/14 -j DROP
    -A INPUT -s 61.144.0.0/15 -j DROP
    -A INPUT -s 61.146.0.0/16 -j DROP
    -A INPUT -s 61.160.0.0/16 -j DROP
    -A INPUT -s 61.176.0.0/16 -j DROP
    -A INPUT -s 62.75.240.0/22 -j DROP
    -A INPUT -s 62.75.244.0/23 -j DROP
    -A INPUT -s 63.100.163.0/24 -j DROP
    -A INPUT -s 63.148.99.0/24 -j DROP
    -A INPUT -s 64.17.0.0/20 -j DROP
    -A INPUT -s 64.59.64.0/18 -j DROP
    -A INPUT -s 65.118.41.0/24 -j DROP
    -A INPUT -s 65.222.176.0/24 -j DROP
    -A INPUT -s 65.222.185.0/24 -j DROP
    -A INPUT -s 66.67.224.0/20 -j DROP
    -A INPUT -s 66.90.64.0/18 -j DROP
    -A INPUT -s 66.112.55.168/29 -j DROP
    -A INPUT -s 66.197.128.0/17 -j DROP
    -A INPUT -s 67.21.64.0/19 -j DROP
    -A INPUT -s 67.159.0.0/18 -j DROP
    -A INPUT -s 67.223.204.0/24 -j DROP
    -A INPUT -s 67.228.0.0/16 -j DROP
    -A INPUT -s 68.48.24.0/24 -j DROP
    -A INPUT -s 72.55.128.0/18 -j DROP
    -A INPUT -s 72.167.0.0/16 -j DROP
    -A INPUT -s 74.52.0.0/14 -j DROP
    -A INPUT -s 74.63.192.0/18 -j DROP
    -A INPUT -s 74.86.0.0/16 -j DROP
    -A INPUT -s 74.208.0.0/16 -j DROP
    -A INPUT -s 74.222.0.0/19 -j DROP
    -A INPUT -s 75.101.128.0/17 -j DROP
    -A INPUT -s 76.73.0.0/17 -j DROP
    -A INPUT -s 77.37.168.0/17 -j DROP
    -A INPUT -s 77.41.0.0/17 -j DROP
    -A INPUT -s 77.73.8.64/26 -j DROP
    -A INPUT -s 89.149.236.0/24 -j DROP
    -A INPUT -s 91.209.70.0/24 -j DROP
    -A INPUT -s 91.214.44.0/22 -j DROP
    -A INPUT -s 94.222.0.0/16 -j DROP
    -A INPUT -s 94.223.0.0/16 -j DROP
    -A INPUT -s 97.53.154.29 -j DROP
    -A INPUT -s 114.44.0.0/16 -j DROP
    -A INPUT -s 118.160.0.0/13 -j DROP
    -A INPUT -s 118.168.0.0/14 -j DROP
    -A INPUT -s 119.0.0.0/8 -j DROP
    -A INPUT -s 121.8.0.0/13 -j DROP
    -A INPUT -s 121.32.0.0/14 -j DROP
    -A INPUT -s 122.203.0.0/16 -j DROP
    -A INPUT -s 122.227.128.0/18 -j DROP
    -A INPUT -s 123.128.0.0/13 -j DROP
    -A INPUT -s 124.114.0.0/15 -j DROP
    -A INPUT -s 124.232.0.0/15 -j DROP
    -A INPUT -s 127.110.0.0/16 -j DROP
    -A INPUT -s 151.173.221.0/24 -j DROP
    -A INPUT -s 153.26.0.0/16 -j DROP
    -A INPUT -s 169.254.0.0/16 -j DROP
    -A INPUT -s 172.16.0.0/12 -j DROP
    -A INPUT -s 173.45.64.0/18 -j DROP
    -A INPUT -s 174.36.0.0/15 -j DROP
    -A INPUT -s 174.129.0.0/16 -j DROP
    -A INPUT -s 192.168.0.0/16 -j DROP
    -A INPUT -s 194.8.74.0/23 -j DROP
    -A INPUT -s 195.47.247.0/24 -j DROP
    -A INPUT -s 195.88.32.0/23 -j DROP
    -A INPUT -s 200.63.40.0/22 -j DROP
    -A INPUT -s 202.108.0.0/16 -j DROP
    -A INPUT -s 202.114.0.0/19 -j DROP
    -A INPUT -s 202.126.96.0/20 -j DROP
    -A INPUT -s 202.181.160.0/19 -j DROP
    -A INPUT -s 205.209.128.0/18 -j DROP
    -A INPUT -s 206.51.224.0/20 -j DROP
    -A INPUT -s 207.87.178.0/24 -j DROP
    -A INPUT -s 208.53.128.0/18 -j DROP
    -A INPUT -s 210.114.224.0/21 -j DROP
    -A INPUT -s 211.143.48.0/20 -j DROP
    -A INPUT -s 211.143.64.0/18 -j DROP
    -A INPUT -s 211.143.128.0/20 -j DROP
    -A INPUT -s 212.117.160.0/19 -j DROP
    -A INPUT -s 216.17.96.0/20 -j DROP
    -A INPUT -s 216.32.64.0/24 -j DROP
    -A INPUT -s 216.104.0.0/19 -j DROP
    -A INPUT -s 216.147.0.0/17 -j DROP
    -A INPUT -s 216.183.93.160/27 -j DROP
    -A INPUT -s 218.13.0.0/16 -j DROP
    -A INPUT -s 218.14.0.0/15 -j DROP
    -A INPUT -s 218.16.0.0/15 -j DROP
    -A INPUT -s 218.18.0.0/16 -j DROP
    -A INPUT -s 219.151.128.0/17 -j DROP
    -A INPUT -s 219.152.0.0/15 -j DROP
    -A INPUT -s 220.116.0.0/14 -j DROP
    -A INPUT -s 220.120.0.0/13 -j DROP
    -A INPUT -s 220.181.0.0/16 -j DROP
    -A INPUT -s 221.0.0.0/15 -j DROP
    -A INPUT -s 221.194.132.0/24 -j DROP
    -A INPUT -s 222.32.0.0/11 -j DROP
    -A INPUT -s 222.184.0.0/13 -j DROP
    -A INPUT -s 222.208.0.0/13 -j DROP
    -A INPUT -s 224.0.0.0/4 -j DROP
    -A INPUT -s 240.0.0.0/5 -j DROP
    Just start adding to it... I'm sure there are all kinds of ways to accomplish your request, but iptables seems like the easiest. The inbound mail gateways at the day-job have an "access.reject" file that I'd be willing to share. Last I heard some 67 million IPs were being dropped, but delivery failure (reject) notifications are sent using that method.

    -Guy

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •