Hello all, A shared hosting web server of a customer (running a Postfix with local e-mail addresses and mailboxes) was blacklisted on backscatterer. The relevant information from the backscatterer page pointed me to a moment in time and I was able to check the logs from that given moment (+- 2mins). I read through some backscatterer descriptions I found and verified that Postfix does not send NDR for non-existing addresses/mailboxes.
But this scenario is slightly different. An e-mail was sent to destination e-mail address on that shared hosting server. The shared hosting customer decided to forward received e-mails to two external addresses. sen...@sender.example.com -> recipi...@hosting.example.com -> exter...@gmail.com sen...@sender.example.com -> recipi...@hosting.example.com -> exter...@protonmail.ch The received mail was (probably) identified as spam on the external servers and both refused to accept it, sending it back to Postfix on the shared hosting server. This triggered the NDR to the sender which was (probably) a backscatterer trap. Jun 23 19:29:09 server postfix/smtp[15870]: 409C11084BCF: to=< exter...@gmail.com>, orig_to=<recipi...@hosting.example.com>, relay= gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b]:25, delay=0.56, delays=0.04/0/0.26/0.26, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b] said: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.1 information. t127si5908730wmg.169 - gsmtp (in reply to end of DATA command)) Jun 23 19:29:10 server postfix/smtp[15871]: 409C11084BCF: to=< exter...@protonmail.ch>, orig_to=<recipi...@hosting.example.com>, relay= mail.protonmail.ch[185.70.40.103]:25, delay=1.4, delays=0.04/0/0.18/1.2, dsn=5.7.1, status=bounced (host mail.protonmail.ch[185.70.40.103] said: 550 5.7.1 Blocked by SpamAssassin (in reply to end of DATA command)) Jun 23 19:29:10 server postfix/bounce[15878]: 409C11084BCF: sender non-delivery notification: B6C9E1084BD0 My question now is: What is the correct/expected behaviour in such a situation? The destination e-mail address exists but the mail didn't arrive at the external final destination(s), so sending a NDR to the sender seems legit. Are there proper ways/configurations to deal with this situation? thanks!
