Emails to webmaster/postmaster skipping spam check

Problem Description

Recently I’ve noticed more spam coming through on several webmaster@ and postmaster@ email addresses. Looking at the email headers they appear to be skipping the spam assassin spam detection as there’s no spam headers that I get on others.

Any Error Messages

None

replace this text with messages or log entries

Environment

  • Sympl Version: latest
  • Sympl Testing Version: No, production
  • Debian Version: latest
  • Hardware Type: VM 6GB RAM
  • Hosted With: Mythic Beasts

A user with several domains that I configured forwarding the postmaster → to an admin account also was also getting a nasty rash of such emails for several days. I ratcheted up the anti spam but this didn’t work.

Looking through the nasties it was clear they all originated through various .ru domains and senders. As there is no interest in receiving email from .ru I put all .ru into /etc/exim4/blacklist and that dried them up.

Be interested in what others are doing optimally to manage this on Sympl as cutting an entire ccTLD on the RSS out is sub optimal.

C

1 Like

I think postmaster@ and webmaster@ are deliberately configured to bypass the spam filter.
I’ve had a lot of those emails in recent months.

See /etc/exim4/sympl.d/10-acl/50-acl-check-rcpt/30-accept-postmaster

1 Like

That might be a better way.
If you are suggesting deleting

/etc/exim4/sympl.d/10-acl/50-acl-check-rcpt/30-accept-postmaster

as necessary to filter out emails from .countrycode addressed to postmaster@adomain.cctld

?

$man sympl could be helpful :slight_smile:

Yes, that’s correct, and it’s by design. Both addresses are ‘official’ ‘service’ addresses, so ‘should’ accept all mail.

If you need to filter them for spam, I’d suggest doing it directly on the mail client.

1 Like

In two decades of hosting websites, I have never had a legitimate email sent to any of these addresses. What are they supposed to be used for?

1 Like

I get bounce emails which are sometimes useful. Though most of them are where my server isn’t catching them as spam, but the server the mails are forwarded to does see it as spam and then bounces the email.

I don’t follow. What bounce messages are useful? If you are not sending emails from these addresses, they should not be getting bounce messages 'back". All a bounce can tell you is that someone is spoofing your address.
Not something you have control over.

I’m this case I think it’s due to the way the email forwarding is setup that means it’s coming back there rather than the info@ address. Could get into a circle if doing it that way.

admin@
info@
office@
sales@
webmaster@
postmaster@

All addresses that are such spam magnets that I generally advise against using them.