Back to Community Threads
postermaster@ messages in SmarterMail 14.x
Idea shared by Employee - 9/4/2015 at 3:31 PM
Completed
Employee Post
I am looking for comments / suggestions / concerns from the community users (particularly system and domain administrators) regarding a recent change in SmarterMail 14.2.5703 (13 Aug 2015).
 
  • Changed: Messages sent over SMTP to postmaster@[domain] will now deliver to the primary domain admin and the global postmaster address if a postmaster account has not been created for the target domain.
Previously, if a system administrator did not specify a global postmaster mailbox under Settings | General Settings | Server Info | Postmaster Mailbox and there was no domain level postmaster mailbox/alias, the message just "disappeared."  This was a loose interpretation of the RFC: it was technically accepted but it was not delivered.
In SM 14.2, we changed the code to deliver to the primary domain admin (and attempt to send to the global postmaster) if the domain does not have a postmaster mailbox/alias.  We felt that this better satisfied the requirements of the RFC for handling postmaster messages.
Recently, we have been notified that because of this change some primary domain administrators are getting inundated with spam sent to postmaster.  They may not want to create a postmaster account that counts against their mailbox limits; they may not want to create a postmaster alias for similar reasons.  Additionally, for servers with hundreds even thousands of domains, the system/domain admins may not want to create postmaster mailboxes for all of those domains.
What we are proposing is to add a system administrator option in Settings | General Settings | Server Info under/beside the Postmaster Mailbox entry that basically says: "Deliver postmaster@[domain] messages to primary domain admin if the postmaster account is not setup."  This setting could then be propagated to the domains.
Does this seem a potential solution?  If so, should the setting to defaulted to on or off?  We really look forward to your comments / suggestions / concerns.
Thanks,
I would be very careful with this for several reasons:
 
1. There is a very popular NO POSTMASTER antispam database, "postmaster.rfc-ignorant.org" which many now poll and, if the domain is not found to have a postmaster@domain.tld address, will block or weight their spam according to the results returned.
 
2. YAHOO! demands a POSTMASTER@ e-mail address for every domain and, if someone complains about spam from a domain, actually begins checking all e-mail arriving from the domain for postmaster@
 
3. When setting up feedback loops, many of the domains now check, and verify, that a postmaster@ e-mail address exists for the domains for which feedback loops have been setup.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
We have never setup or used postmaster@ accounts. Never heard a peep from our clients about their mail being rejected or not being delivered as a result either. However with the latest spam issue I have heard plenty from my clients. I would prefer you went back to the technically it is accepted but not delivered method. If I really need a postmaster@ box for a domain then I can set that up and then SM could deliver to that box for that domain but for all the other domains it would go to the server admin account. If we propagate a postmaster account to each domain admin then I will immediately start getting complaints from my clients about all the new postmaster@ spam they are getting. They won't care about RFC :)

Ideal situation for us would be silently discard postmaster@ emails unless the box actually exists but it still looks like the postmaster@ account exists for anyone that checks.
My opinion is that ALL postmaster@ and abuse@ messages should be sent to the global postmaster and nowhere else unless a user or alias is specifically created in the domain.  Even if the domain creates a postmaster@ and/or abuse@ user or alias the global postmaster should receive a copy of the message.
 
I would NOT want a postmaster@ message delivered to the domain admin account unless they specifically create the user or alias.  The domain admin will simply receive a lot of spam and other messages that they don't know what do do about, and in many cases there's nothing they can do about the issues anyway.
 
-Joe
 
Thanks,
-Joe
I concur, Joe.

This is the way all of our hosted domains are setup.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
We setup aliases for this presently for all of our managed accounts where it goes to us and the domains that want to can change it to go to them. We setup postmaster, webmaster, spam, and abuse aliases. This is tedious upon setup of new accounts but we believe is the best (right now) as it allows those that can address be able to address it and our clients that have the expertise are able to handle it themselves.
We are struggling with an steep increase in spam lately and I was wondering if it's somehow related to the postmaster@ account issue (or lack there of) detailed above.
 
We were redirected to this thread but I don't know if it's somehow related.
 
My own account is flagged as a domain administrator account (FirstNameLastName@domain.com with one alias FirstName@domain.com) and up until yesterday I had never created a postmaster@ account.
 
I created this account based on the info above but I don't know if it's related to the problem.  So far nothing has been delivered to the new account, SPAM or otherwise and my normal account is still getting hit regularly.
 
The issue we are having relates to SPAM originating from some of these new suffixes like .win, .racing, .date and .faith.
 
The thread with more details is here
http://portal.smartertools.com/community/a86865/local-delivery-spam-getting-through.aspx
 
Has anyone seen this type of increase?
 
Thoughts or suggestions?
 
 
 
 
I also concur with Joe.

We setup postmaster@ and abuse@ aliases for every newly created domain that sends to our Global postmaster accounts. Occasionally a Domain Admin will delete these aliases, and as such we would prefer that the Global Admin still receives them. (We've even had some customers with questionable ethics over the years purposefully delete these aliases to hide the fact that they were using their email accounts to send Spam.)

And its not just Anti-Spam mechanisms that use the postmaster@ anymore. Domain Renewals and annual ICANN WHOIS Verifications when the contact address is no longer valid, and the issuing of SSL Certificates or Certificate Renewals all now verify with postmaster@ or the transaction will not complete (or in the case of the ICANN WHOIS Verfications the domain will be disabled by the Registrar until a valid contact is updated).

Obviously if a Domain Admin deletes the postmaster@ alias, someone should still be getting them. Defaulting to the Global postmaster@ is a good way to ensure that they are received by someone actively monitoring the account who can either take immediate action or forward it to an authoritative individual for that domain.
Employee Replied
9/9/2015 at 4:04 PM
Employee Post
Everyone, we have made the following changes to have we're handling postmaster e-mails:
 
  • If the system administrator has specified a global postmaster address, ALL postmaster messages will be delivered to that address.
  • If a domain has a postmaster account / alias / mailing list then the e-mail will be delivered to that account.
  • If a domain does not have a postmaster account configured, the message will be sent to the primary domain administrator IF that option is enabled by the system administrator.
 
This new option is available to system administrators.  If you edit a domain and go to the Technical tab, the checkbox is at the bottom: "Use primary domain admin as postmaster address if there is no postmaster account".  It is disabled by default.
 
Giving the system admin to option to specify whether or not postmaster messages are delivered to the primary domain admin should help the recent increases in spam associated with the postmaster changes.  If any of you would like to a custom build with these changes, please contact sales@smartertools.com.
 
 
Excellent addition/change, Robert.
 
If this could also be extended to ABUSE@, that would make the product even better . . .
 
Will the POSTMASTER@ changes be included in the release tentatively scheduled for tomorrow evening?
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Question :
Robbert, when you say "primary domain admin"
Are you referring to what is showing up in the user list as "Primary Administrator" ? 
With the smarter mail version we are using, all of our domains when created are getting "Primary Administrator" accounts that look like this : "KHd0zlD0uwz7" as the account name. I remember in an older version of smarter mail that the account was called "_primaryadmin_"   So all of the postmaster mail will be going to that random collage of characters email account ?
 

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
Employee Replied
9/10/2015 at 6:59 AM
Employee Post
Yes, the POSTMASTER@ changes will be included in the next minor release.
Employee Replied
9/10/2015 at 8:13 AM
Employee Post
If you are using a client management system control panel, like WHMCS, it is very likely they are generating the primary administrator account with randomly alphanumerics. Unless you specify differently the account to use a primary domain administrator it would use the auto-generated account.

Please be advised that the primary domain administrator will only receive postmaster@ messages if this in enabled by the system administrator for that particular domain. Also, if that domain has a postmaster@ account, the domain admin would not receive the message.
We are using plesk

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
SmarterTools Licensing InformationGeneral Topics
Remote Server returned: '602' errorSmarterMail > Troubleshooting
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Message Archiving in SmarterMailSmarterMail > Installation and Configuration