"badmailfrom list"?

[DavidT]

Here's the situation:

Spammer sends to one of my non-SC addresses (which is at my own domain) that I have forwarded into my SC mailbox. Instead of winding up in my Held Mail, the SC server is actually rejecting the message during the SMTP session with the following error:

... while talking to mx.cesmail.net.:

>>> DATA

<<< 554 sorry, your envelope sender is in my badmailfrom list (#5.7.1)

554 5.0.0 Service unavailable

451 4.4.1 reply: read error from mx.cesmail.net.

This is being sent back to the spammer's bogus address, which is at the "hongkong.com" domain. The "hongkong.com" server bounces the SC rejection transcript to my own "postmaster" address, which then is in turn forwarded back to my SC address (by design...I want all messages sent to my "postmaster" address to be filtered). So, the entire results, including the original spam and the whole path that it's bounced around over get's to my regular SC INBOX and I receive it.

Here's my question:

Why in the world is the SC mail server doing the bounce-back in the first place? If the orignal message is spam, and the system is functioning properly, there's a strong likelihood that it would simply get absorbed into my Held Mail and then I'd report it. But becase the SC server is doing this "your envelope sender is in my badmailfrom list" 500-level rejection on the message, it's bouncing all around and I actually receive the darn thing....and I'm receiving a number of them every day.

Thanks for any clues.

Here are the headers from the orignal spam, with the sensitive items XXX'ed out:

Return-Path: <dekiwigpvcbdtb[at]hongkong.com>

Received: from dial-194.gwy.ncbldw.infoave.net (sdevi19erm[at]dial-194.gwy.ncbldw.infoave.net [64.53.54.194])

by XXXXX.com (8.12.9/8.11.0) with SMTP id i11LHGFJ013849

for <XXXXX[at]XXXXX.com>; Sun, 1 Feb 2004 16:17:26 -0500

Received: from [64.53.54.194] by 3003hosting.comIP with HTTP;

Mon, 02 Feb 2004 00:12:22 +0300

From: "Selena Hurst" <dekiwigpvcbdtb[at]hongkong.com>

To: XXXXX[at]XXXXX.com

Subject: Re: MMUDQ, he began looking

Mime-Version: 1.0

X-Mailer: mPOP Web-Mail 2.19

X-Originating-IP: [3003hosting.comIP]

Date: Sun, 01 Feb 2004 17:10:23 -0400

Reply-To: "Hurst" <dekiwigpvcbdtb[at]hongkong.com>

[jefft]

For historical reasons, there are a small number of domain which are rejected outright. These are all old and have been there a couple of years and are, as far as I know, 100% spam.

The old reason is that these domains don't accept bounces. So, they send only spam, but don't allow any bounces back to their servers. This is just so broken that we don't even allow email from them. At one time, their not accepting bounces caused problems here because the outgoing email queues would fill up with bounce messages they don't accept and all of these messages would eventually double-bounce to the postmaster here. It isn't actually a problem any more, but nobody has ever complained about these domains before, so we've just left it that way.

JT

[jefft]

Oh, and incidentally, we don't send bounces back to spammers. Instead, we reject the email entirely during the SMTP session. There's a big difference, because we don't send bounces back to innocent users forged into spam. Instead, the spammer's computer just sees that the email was rejected and they move on to the next spam.

JT

[DavidT]

OK, I'm complaining. Is there a way to remove that "hongkong.com" from the (qmail, I assume?) "badmailfrom" list? It's causing me to receive spam that I otherwise wouldn't receive.

And yes, I understand the difference between actually sending back an email error message vs. a rejection during the SMTP, but in my situation, in which both my own address and that of my postmaster are actually being handled by SC, it's a distinction without a difference, because there are indeed bounces being produced.

I suppose I could add a filter of some sort that would catch these as they come in by way of my "postmaster" forward, so I'll look into that.

DavidT

[DavidT]

Although I've been a longtime SpamCop web reporting user, I've only recently started using "spamcop.net" email addresses, so I need a tip on how to best filter out the messages I've described at the beginning of this thread.

I just applied a new filter rule in the webmail interface to discard any messages with "hongkong.com" in the body. Is that good enough? And will that happen even if I POP my SC mailbox, as opposed to accessing it via webmail? I don't have a clear picture of all the various blocking/filtering steps yet.

DT

[DavidT]

Update: I guess the filters DON'T work unless you actually log into the webmail interface? I POP'ed mail from my SC.net mailbox this morning and one of the "hongkong.com" messages came right through, despite the filter I mentioned above. How can I stop these messages?

[Jeff G.]

I guess the filters DON'T work unless you actually log into the webmail interface?

That's right, "the filters DON'T work unless you actually log into the webmail interface".

I POP'ed mail from my SC.net mailbox this morning and one of the "hongkong.com" messages came right through, despite the filter I mentioned above. How can I stop these messages?

I would suggest client-side filters to get rid of the "hongkong.com" messages.