Emails to webmaster/postmaster skipping spam check

smsm1 · 5 September 2024 22:40

Problem Description

Recently I’ve noticed more spam coming through on several webmaster@ and postmaster@ email addresses. Looking at the email headers they appear to be skipping the spam assassin spam detection as there’s no spam headers that I get on others.

Any Error Messages

None

replace this text with messages or log entries

Environment

Sympl Version: latest
Sympl Testing Version: No, production
Debian Version: latest
Hardware Type: VM 6GB RAM
Hosted With: Mythic Beasts

crislar · 6 September 2024 11:38

A user with several domains that I configured forwarding the postmaster → to an admin account also was also getting a nasty rash of such emails for several days. I ratcheted up the anti spam but this didn’t work.

Looking through the nasties it was clear they all originated through various .ru domains and senders. As there is no interest in receiving email from .ru I put all .ru into /etc/exim4/blacklist and that dried them up.

Be interested in what others are doing optimally to manage this on Sympl as cutting an entire ccTLD on the RSS out is sub optimal.

C

Anahata · 6 September 2024 22:38

I think postmaster@ and webmaster@ are deliberately configured to bypass the spam filter.
I’ve had a lot of those emails in recent months.

See /etc/exim4/sympl.d/10-acl/50-acl-check-rcpt/30-accept-postmaster

crislar · 9 September 2024 09:55

That might be a better way.
If you are suggesting deleting

/etc/exim4/sympl.d/10-acl/50-acl-check-rcpt/30-accept-postmaster

as necessary to filter out emails from .countrycode addressed to postmaster@adomain.cctld

?

$man sympl could be helpful

Kelduum · 10 September 2024 10:06

Yes, that’s correct, and it’s by design. Both addresses are ‘official’ ‘service’ addresses, so ‘should’ accept all mail.

If you need to filter them for spam, I’d suggest doing it directly on the mail client.

hairydog · 12 February 2025 12:12

In two decades of hosting websites, I have never had a legitimate email sent to any of these addresses. What are they supposed to be used for?

smsm1 · 12 February 2025 13:28

I get bounce emails which are sometimes useful. Though most of them are where my server isn’t catching them as spam, but the server the mails are forwarded to does see it as spam and then bounces the email.

hairydog · 12 February 2025 13:43

I don’t follow. What bounce messages are useful? If you are not sending emails from these addresses, they should not be getting bounce messages 'back". All a bounce can tell you is that someone is spoofing your address.
Not something you have control over.

smsm1 · 12 February 2025 13:55

I’m this case I think it’s due to the way the email forwarding is setup that means it’s coming back there rather than the info@ address. Could get into a circle if doing it that way.

hairydog · 12 February 2025 14:17

admin@
info@
office@
sales@
webmaster@
postmaster@

All addresses that are such spam magnets that I generally advise against using them.