On 28.06.19 10:10, Claudio Kuenzler wrote:
A shared hosting web server of a customer (running a Postfix with local
e-mail addresses and mailboxes) was blacklisted on backscatterer. The
relevant information from the backscatterer page pointed me to a moment in
time and I was able to check the logs from that given moment (+- 2mins).
I read through some backscatterer descriptions I found and verified that
Postfix does not send NDR for non-existing addresses/mailboxes.
But this scenario is slightly different.
An e-mail was sent to destination e-mail address on that shared hosting
server. The shared hosting customer decided to forward received e-mails to
two external addresses.
sen...@sender.example.com -> recipi...@hosting.example.com ->
exter...@gmail.com
sen...@sender.example.com -> recipi...@hosting.example.com ->
exter...@protonmail.ch
The received mail was (probably) identified as spam on the external servers
and both refused to accept it, sending it back to Postfix on the shared
hosting server. This triggered the NDR to the sender which was (probably) a
backscatterer trap.
Jun 23 19:29:09 server postfix/smtp[15870]: 409C11084BCF: to=<
exter...@gmail.com>, orig_to=<recipi...@hosting.example.com>, relay=
gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b]:25, delay=0.56,
delays=0.04/0/0.26/0.26, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b] said: 550-5.7.1 This
message does not have authentication information or fails to pass 550-5.7.1
authentication checks. To best protect our users from spam, the 550-5.7.1
message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for more 550
5.7.1 information. t127si5908730wmg.169 - gsmtp (in reply to end of DATA
command))
Jun 23 19:29:10 server postfix/smtp[15871]: 409C11084BCF: to=<
exter...@protonmail.ch>, orig_to=<recipi...@hosting.example.com>, relay=
mail.protonmail.ch[185.70.40.103]:25, delay=1.4, delays=0.04/0/0.18/1.2,
dsn=5.7.1, status=bounced (host mail.protonmail.ch[185.70.40.103] said: 550
5.7.1 Blocked by SpamAssassin (in reply to end of DATA command))
Jun 23 19:29:10 server postfix/bounce[15878]: 409C11084BCF: sender
non-delivery notification: B6C9E1084BD0
My question now is: What is the correct/expected behaviour in such a
situation?
you apparently should use SRS when forwarding mail. That will change sender
to your domain so the mail will pass SPF and should not be refused by google.
Also, you won't send backscater because any errors will be sent to
hosting.example.com postmaster (you?) which may know what to with them (e.g.
remove the forwarding)
The destination e-mail address exists but the mail didn't arrive at the
external final destination(s), so sending a NDR to the sender seems legit.
Are there proper ways/configurations to deal with this situation?
thanks!
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
