fetchmail not fetchaing spam - Suse

This is a discussion on fetchmail not fetchaing spam - Suse ; I am using fetchmail to retrieve my mail from my hosting. They arrive there, but can not be retrieved by fetchmail. This means they stay at the provider, slowly filling up my mailbox and giving errors on my box. 1) ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: fetchmail not fetchaing spam

  1. fetchmail not fetchaing spam

    I am using fetchmail to retrieve my mail from my hosting. They arrive
    there, but can not be retrieved by fetchmail. This means they stay at
    the provider, slowly filling up my mailbox and giving errors on my box.

    1) Header of a spam mail:
    Return-Path:
    Delivered-To: 311-houghi@houghi.org
    Received: (qmail 24138 invoked from network); 28 Jul 2008 17:59:42 +0200
    Received: from dslb-092-075-237-044.pools.arcor-ip.net (92.75.237.44)
    by vz01.stone-is.net with SMTP; 28 Jul 2008 17:59:42 +0200
    Received-SPF: none (vz01.stone-is.net: domain at does not designate
    permitted sender hosts)
    Message-ID:
    Date: Mon, 28 Jul 2008 18:02:00 +0200
    From: Mate
    User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
    MIME-Version: 1.0
    To: houghi@houghi.org
    Subject: Get longer naturally with 2 pills a day
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit

    2) log error:
    Jul 28 20:17:42 penne postfix/smtpd[8750]: warning: Illegal address
    syntax from localhost[127.0.0.1] in MAIL command:


    Is there anything I can do to retrieve that mail with fetchmail so that
    it will be killed?

    houghi
    --
    Always listen to experts. They'll tell you what can't be done,
    and why. Then do it.
    -- Heinlein : Time Enough For Love

  2. Re: fetchmail not fetchaing spam

    On Mon, 28 Jul 2008, houghi wrote:-

    >I am using fetchmail to retrieve my mail from my hosting. They arrive
    >there, but can not be retrieved by fetchmail. This means they stay at
    >the provider, slowly filling up my mailbox and giving errors on my box.
    >
    >1) Header of a spam mail:
    >Return-Path:


    How did That's not good. That address should never have been accepted as
    it's missing a host name. As you can guess, the sender is probably a bot
    with broken spamware. The other broken bit of software is at the
    receiver. It is broken as mail with such a broken sender shouldn't be
    accepted. As an example of what should have happened with a properly
    configured server is this:

    davjam@adder:/local2/possible-viruses> telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220-adder.davjam.org; ESMTP
    220-By sending mail to this server
    220-you consent to being scanned for
    220-open proxies or be tested to
    220-ensure you arent an open relay.
    220-If this is not acceptable, disconnect now.
    220-This server has a no UBE/UCE policy.
    220-The sending of UBE/UCE to this
    220-server will result in your server
    220-being added to the local
    220-blocklist and could also
    220-result in a short recital of Vogon poetry.
    220-For your information, the local time is now
    220 Mon, 28 Jul 2008 19:53:35 +0100'
    EHLO localhost
    250-adder.davjam.org Hello localhost [127.0.0.1], pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-AUTH DIGEST-MD5 CRAM-MD5
    250-DELIVERBY
    250 HELP
    mail from:
    553 5.1.3 ... Hostname required
    rset
    250 2.0.0 Reset state
    quit
    221 2.0.0 adder.davjam.org closing connection
    Connection closed by foreign host.



    >2) log error:
    >Jul 28 20:17:42 penne postfix/smtpd[8750]: warning: Illegal address
    >syntax from localhost[127.0.0.1] in MAIL command:


    And here's the log entry produced by your local server doing the Right
    Thing (TM) and rejecting the broken mail sender address.

    >Is there anything I can do to retrieve that mail with fetchmail so that
    >it will be killed?


    I don't know about using fetchmail to retrieve it. Your local server is
    correctly rejecting the mail as the return path should be valid but, for
    this mail, it isn't. Unfortunately, because they are rejected, fetchmail
    doesn't mark them as received and so they sit there "forever", or until
    you either manually delete the bad mail, or your host deletes them.

    As a temporary measure, what you could do with is something that will
    log in to the mailbox, delete the bad mails and then let fetchmail do
    its job.

    What you could really do with is for your mail host to fix their
    server(s) so it/they reject such obviously bad mail.


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32 | | openSUSE 10.3 32bit | openSUSE 11.0 32bit
    | openSUSE 10.2 64bit | openSUSE 10.3 64bit | openSUSE 11.0 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  3. Re: fetchmail not fetchaing spam

    David Bolt wrote:
    >>1) Header of a spam mail:
    >>Return-Path:

    >
    > How did That's not good.


    I know. Others will be interested in how it should look. I am aware of
    that already. ;-)

    >>2) log error:
    >>Jul 28 20:17:42 penne postfix/smtpd[8750]: warning: Illegal address
    >>syntax from localhost[127.0.0.1] in MAIL command:

    >
    > And here's the log entry produced by your local server doing the Right
    > Thing (TM) and rejecting the broken mail sender address.


    Yes and no. What if I WANT to recieve it? Could I edit postfix that way
    that it accepts enything from localhost?

    >>Is there anything I can do to retrieve that mail with fetchmail so that
    >>it will be killed?

    >
    > I don't know about using fetchmail to retrieve it. Your local server is
    > correctly rejecting the mail as the return path should be valid but, for
    > this mail, it isn't. Unfortunately, because they are rejected, fetchmail
    > doesn't mark them as received and so they sit there "forever", or until
    > you either manually delete the bad mail, or your host deletes them.


    And that is my problem.

    > As a temporary measure, what you could do with is something that will
    > log in to the mailbox, delete the bad mails and then let fetchmail do
    > its job.


    That is what I do now, but that is not an option.

    > What you could really do with is for your mail host to fix their
    > server(s) so it/they reject such obviously bad mail.


    As that is out of my hands, I would love to see if there is an option on
    my side.

    houghi
    --
    Remind me to write an article on the compulsive reading of news. The
    theme will be that most neuroses can be traced to the unhealthy habit
    of wallowing in the troubles of five billion strangers. -- Heinlein

  4. Re: fetchmail not fetching spam with invalid email address

    houghi wrote:

    ....
    > As that is out of my hands, I would love to see if there is an option on
    > my side.


    There is opensuse@opensuse.org and opensuse-de@opensuse.org mail lists and
    few guys that know a lot about mail servers. The subject as above may
    attract their attention.

    --
    Regards, Rajko
    http://en.opensuse.org/Portal needs helpful hands.

  5. Re: fetchmail not fetching spam with invalid email address

    Rajko M. wrote:
    >> As that is out of my hands, I would love to see if there is an option on
    >> my side.

    >
    > There is opensuse@opensuse.org and opensuse-de@opensuse.org mail lists and
    > few guys that know a lot about mail servers. The subject as above may
    > attract their attention.


    I am aware of those lists. However I do not see how this is a mail
    server issue, unless the only option on my side is to change the
    settings for postfix on localhost to accept everything.

    The rest is basicaly bad configuration at my hoster.

    houghi
    --
    Remind me to write an article on the compulsive reading of news. The
    theme will be that most neuroses can be traced to the unhealthy habit
    of wallowing in the troubles of five billion strangers. -- Heinlein

  6. Re: fetchmail not fetchaing spam

    On Tue, 29 Jul 2008, houghi wrote:-

    >David Bolt wrote:


    >> How did That's not good.

    ^
    There's supposed to be a few more words here, namely "that get there?"

    >I know. Others will be interested in how it should look. I am aware of
    >that already. ;-)


    I know. :-)

    >> And here's the log entry produced by your local server doing the Right
    >> Thing (TM) and rejecting the broken mail sender address.

    >
    >Yes and no. What if I WANT to recieve it?


    You ask the sender to fix their set-up and send it again?

    >Could I edit postfix that way
    >that it accepts enything from localhost?


    That could break Postfix, and I don't know if it's actually possible. A
    better place to ask would probably be comp.mail.postfix, although they'd
    possibly just tell you to tell your mail host that their server is
    broken.

    >> I don't know about using fetchmail to retrieve it. Your local server is
    >> correctly rejecting the mail as the return path should be valid but, for
    >> this mail, it isn't. Unfortunately, because they are rejected, fetchmail
    >> doesn't mark them as received and so they sit there "forever", or until
    >> you either manually delete the bad mail, or your host deletes them.

    >
    >And that is my problem.


    Let me guess, they're accepting more of these broken mails and it's
    slowly building up?

    >> As a temporary measure, what you could do with is something that will
    >> log in to the mailbox, delete the bad mails and then let fetchmail do
    >> its job.

    >
    >That is what I do now, but that is not an option.


    I was actually thinking about a script to do the job rather than doing
    it manually, as I guess you're doing right now. That could be your only
    option.

    >> What you could really do with is for your mail host to fix their
    >> server(s) so it/they reject such obviously bad mail.

    >
    >As that is out of my hands, I would love to see if there is an option on
    >my side.


    Doesn't stop you pointing out that their server is configured wrong and
    that it's causing some minor inconvenience to their customer


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32 | | openSUSE 10.3 32bit | openSUSE 11.0 32bit
    | openSUSE 10.2 64bit | openSUSE 10.3 64bit | openSUSE 11.0 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  7. Re: fetchmail not fetchaing spam

    David Bolt wrote:
    >
    >
    > On Tue, 29 Jul 2008, houghi wrote:-
    >
    >>David Bolt wrote:

    >
    >>> How did That's not good.

    > ^
    > There's supposed to be a few more words here, namely "that get there?"


    So how did those NOT get there. ;-)

    >>Yes and no. What if I WANT to recieve it?

    >
    > You ask the sender to fix their set-up and send it again?


    That woudl be me, or better fetchmail that delivers it to postfix.

    >>Could I edit postfix that way
    >>that it accepts enything from localhost?

    >
    > That could break Postfix, and I don't know if it's actually possible. A
    > better place to ask would probably be comp.mail.postfix, although they'd
    > possibly just tell you to tell your mail host that their server is
    > broken.


    yes, it is. That is the reason I was looking if fetchmail could do
    anything.

    >>And that is my problem.

    >
    > Let me guess, they're accepting more of these broken mails and it's
    > slowly building up?


    Not yet, but I am sure it will in the future. At this moment I only have
    recieved 5 of those kind of mails over a 3 day period.

    > I was actually thinking about a script to do the job rather than doing
    > it manually, as I guess you're doing right now. That could be your only
    > option.


    I could pipe the logfile. The risk of loosing emails that way however is
    pretty big.
    fetchmail tries to retrieve the mail and generates an error
    I set up a telnet and do a `dele 1` on port 110
    Somehow the mauil is not the first mail anymore.

    >>As that is out of my hands, I would love to see if there is an option on
    >>my side.

    >
    > Doesn't stop you pointing out that their server is configured wrong and
    > that it's causing some minor inconvenience to their customer


    I know, I just first want to find a solution on my side. That way when
    they solve it, I had time to test the solution on my side. That way I
    would have learned something.

    houghi
    --
    Remind me to write an article on the compulsive reading of news. The
    theme will be that most neuroses can be traced to the unhealthy habit
    of wallowing in the troubles of five billion strangers. -- Heinlein

  8. Re: fetchmail not fetching spam with invalid email address

    houghi wrote:

    > Rajko M. wrote:
    >>> As that is out of my hands, I would love to see if there is an option on
    >>> my side.

    >>
    >> There is opensuse@opensuse.org and opensuse-de@opensuse.org mail lists
    >> and few guys that know a lot about mail servers. The subject as above may
    >> attract their attention.

    >
    > I am aware of those lists.


    I know that you are aware of them, but just to remind you that they can be
    used too ;-)

    > However I do not see how this is a mail
    > server issue, unless the only option on my side is to change the
    > settings for postfix on localhost to accept everything.


    Some of the guys on the lists are professional administrators and may have
    solution.

    > The rest is basicaly bad configuration at my hoster.


    According to
    http://www.openspf.org/SPF_Received_Header and
    http://www.openspf.org/SPF_Record_Syntax
    their configuration seems to be OK.

    Someone obviously found flaw in SPF that allows to send spam.

    --
    Regards, Rajko
    http://en.opensuse.org/Portal needs helpful hands.

  9. Re: fetchmail not fetchaing spam

    On Tue, 29 Jul 2008, houghi wrote:-

    >David Bolt wrote:
    >>
    >>
    >> On Tue, 29 Jul 2008, houghi wrote:-
    >>
    >>>David Bolt wrote:

    >>
    >>>> How did That's not good.

    >> ^
    >> There's supposed to be a few more words here, namely "that get there?"

    >
    >So how did those NOT get there. ;-)


    Either I forgot to include the words, or my fingers didn't get the
    message to type them. Don't know which of those really happened.

    >> You ask the sender to fix their set-up and send it again?

    >
    >That woudl be me, or better fetchmail that delivers it to postfix.


    No, I meant the real sender as in the one that delivered it to your mail
    host.

    >> That could break Postfix, and I don't know if it's actually possible. A
    >> better place to ask would probably be comp.mail.postfix, although they'd
    >> possibly just tell you to tell your mail host that their server is
    >> broken.

    >
    >yes, it is. That is the reason I was looking if fetchmail could do
    >anything.


    I don't know for certain, but I don't think so. From reading the
    available information, Fetchmail recreates[0] the MAIL FROM: and TO:
    from the mail it downloads and then tries to pass it on to the SMTP
    server using those as the envelope From: and To: headers.

    >>>And that is my problem.

    >>
    >> Let me guess, they're accepting more of these broken mails and it's
    >> slowly building up?

    >
    >Not yet, but I am sure it will in the future. At this moment I only have
    >recieved 5 of those kind of mails over a 3 day period.


    So it'll be a while before it becomes a problem rather than just a minor
    annoyance.

    >> I was actually thinking about a script to do the job rather than doing
    >> it manually, as I guess you're doing right now. That could be your only
    >> option.

    >
    >I could pipe the logfile. The risk of loosing emails that way however is
    >pretty big.
    >fetchmail tries to retrieve the mail and generates an error
    >I set up a telnet and do a `dele 1` on port 110
    >Somehow the mauil is not the first mail anymore.


    You need to check before doing that. Using the "stat" command and then
    the "top $message 0" you can see which ones to delete.

    >>>As that is out of my hands, I would love to see if there is an option on
    >>>my side.

    >>
    >> Doesn't stop you pointing out that their server is configured wrong and
    >> that it's causing some minor inconvenience to their customer

    >
    >I know, I just first want to find a solution on my side. That way when
    >they solve it, I had time to test the solution on my side. That way I
    >would have learned something.


    True. I just don't think it's possible to do it without writing your own
    script to do it.


    [0] I'm lucky in that my ISP implemented an extra command on its POP3
    system and, as far as I know, is also about the only ISP that has
    implemented it. I can use the "*ENV" command to retrieve the original
    SMTP envelope and so with a little effort could filter out these broken
    mails. However, they also don't accept such broken mails so I don't need
    to do so

    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32 | | openSUSE 10.3 32bit | openSUSE 11.0 32bit
    | openSUSE 10.2 64bit | openSUSE 10.3 64bit | openSUSE 11.0 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  10. Re: fetchmail not fetching spam with invalid email address

    On Tue, 29 Jul 2008, Rajko M. wrote:-

    >According to
    >http://www.openspf.org/SPF_Received_Header and
    >http://www.openspf.org/SPF_Record_Syntax
    >their configuration seems to be OK.


    It's not the SPF configuration that's broken, but the mail server
    itself. They accepted mail with a MAIL FROM that was non-compliant[0]
    and should have been rejected. It's the acceptance of mail with broken
    sender addresses that is their problem.

    Basically, the senders address should have been either a NULL sender
    (<>) or in the format:

    username@domain

    They accepted mail that didn't have the domain part when they shouldn't
    have done.

    >Someone obviously found flaw in SPF that allows to send spam.


    No, the spamware is broken as it didn't include a sender domain, and the
    host was/is broken because they accepted it.


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32 | | openSUSE 10.3 32bit | openSUSE 11.0 32bit
    | openSUSE 10.2 64bit | openSUSE 10.3 64bit | openSUSE 11.0 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  11. Re: fetchmail not fetchaing spam

    David Bolt wrote:
    >>I could pipe the logfile. The risk of loosing emails that way however is
    >>pretty big.
    >>fetchmail tries to retrieve the mail and generates an error
    >>I set up a telnet and do a `dele 1` on port 110
    >>Somehow the mauil is not the first mail anymore.

    >
    > You need to check before doing that. Using the "stat" command and then
    > the "top $message 0" you can see which ones to delete.


    I know what to do. It is just that I first of all do not trust my own
    scripting abilities.


    houghi
    --
    Remind me to write an article on the compulsive reading of news. The
    theme will be that most neuroses can be traced to the unhealthy habit
    of wallowing in the troubles of five billion strangers. -- Heinlein

  12. Re: fetchmail not fetching spam with invalid email address

    David Bolt wrote:
    >>Someone obviously found flaw in SPF that allows to send spam.

    >
    > No, the spamware is broken as it didn't include a sender domain, and the
    > host was/is broken because they accepted it.


    For all we know, the spamware acted as expected.

    houghi
    --
    Remind me to write an article on the compulsive reading of news. The
    theme will be that most neuroses can be traced to the unhealthy habit
    of wallowing in the troubles of five billion strangers. -- Heinlein

  13. SPF Re: fetchmail not fetching spam with invalid email address

    David Bolt wrote:

    > It's not the SPF configuration that's broken, but the mail server
    > itself. They accepted mail with a MAIL FROM that was non-compliant[0]
    > and should have been rejected. It's the acceptance of mail with broken
    > sender addresses that is their problem.
    >
    > Basically, the senders address should have been either a NULL sender
    > (<>) or in the format:
    >
    > username@domain
    >
    > They accepted mail that didn't have the domain part when they shouldn't
    > have done.


    I never configured mail server successfully to work with my ISP, which
    should tell how much I know about, but if email server has another rules to
    follow, like the one above, what is the purpose of SPF?
    Reading articles http://www.openspf.org/ doesn't help me.

    I checked few email headers in my mailbox and I don't see many with
    Received-SPF: part, so it seems that many people that know how to configure
    mail servers don't find it useful.

    --
    Regards, Rajko
    http://en.opensuse.org/Portal needs helpful hands.

  14. Re: SPF Re: fetchmail not fetching spam with invalid email address

    On Thu, 31 Jul 2008, Rajko M. wrote:-

    >I never configured mail server successfully to work with my ISP, which
    >should tell how much I know about, but if email server has another rules to
    >follow, like the one above, what is the purpose of SPF?
    >Reading articles http://www.openspf.org/ doesn't help me.


    The idea is that the receiver does a DNS check the domain of the sender
    and looks at the contents of the TXT record. This will contain the SPF
    details which are supposed to specify which servers are actually allowed
    to send mail supposedly from that domain name, and what to do where the
    sender isn't authorized. The receiver then compares the IP address that
    is trying to send the mail to those allowed and, if it's not from an
    authorized IP address, should reject the mail with a permanent error
    (5xx) if the SPF record says to hard-fail, reject with a transient error
    (4xx) if the SPF record says to soft-fail, or otherwise behave as the
    receiver admin defines.

    >I checked few email headers in my mailbox and I don't see many with
    >Received-SPF: part, so it seems that many people that know how to configure
    >mail servers don't find it useful.


    From my understanding, it's supposed to help prevent forgeries[0] but,
    since a lot of places don't check the SPF records, few places specify
    that you should hard-fail mail from unauthorized addresses with most
    saying that mail can come from anywhere besides the listed addresses,
    it's not really that much of a large help.


    [0] When it was first devised, it was originally claimed that it would
    help to prevent spam. It now seems to have been toned down to just
    helping to prevent forgeries, which it could do.

    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32 | | openSUSE 10.3 32bit | openSUSE 11.0 32bit
    | openSUSE 10.2 64bit | openSUSE 10.3 64bit | openSUSE 11.0 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  15. Re: SPF

    David Bolt wrote:

    Thanks David.

    > From my understanding, it's supposed to help prevent forgeries[0] but,
    > since a lot of places don't check the SPF records, few places specify
    > that you should hard-fail mail from unauthorized addresses with most
    > saying that mail can come from anywhere besides the listed addresses,
    > it's not really that much of a large help.


    Yes.
    It will blacklist only servers that domain owner tells to blacklist, but not
    those that suppose to send messages. It makes spammer life a bit more
    complicated, but as it is not widely adopted there is plenty of IPs that
    can be misused.

    I was focused on a table with default actions, that I find too loose to
    prevent much, but some admins use harder rules which prevents legitimate
    emails to go trough. See:
    https://bugzilla.novell.com/show_bug.cgi?id=414666

    > [0] When it was first devised, it was originally claimed that it would
    > help to prevent spam. It now seems to have been toned down to just
    > helping to prevent forgeries, which it could do.


    That much about how thorough understanding of mail protocol(s) and practices
    was by those that initiated idea.

    --
    Regards, Rajko
    http://en.opensuse.org/Portal needs helpful hands.

+ Reply to Thread