Blacklisted because of misdirected bounces

[f.vanniere]

Hello,

My mailserver "212.37.221.46" is beeing blacklisted because of "Misdirected bounces".

The server (Exim4) rejects email at SMTP time most of the time (no such user, blacklisted, ...) but for email redirections or autoresponders the message is accepted if the email address exists and a bounce message can be send to the sender if :

• The target of the redirection can't receive the email
  
• There is a auto-responder on the email address
  

I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered.

[Miss Betsy]

I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered.

Then you will have to warn your customers that occasionally they will be blocked by spamcop (and perhaps other blocklists) because the results of autoresponders that are not configured properly are that 'innocent' people are bombarded with spam - undeliverable messages that they didn't send.

I don't know how other admins resolve the problem. I do know that autoresponders can be configured to be sent only to a 'whitelist' of regular correspondents.

I am not sure what 'email redirection' means and why it also cannot be rejected at the server. However, the number of legitimate senders who would not be warned that the email was not received is miniscule compared to the number of people who are getting email that has nothing to do with them.

Even AOL stopped accepting email and then rejecting when they saw what a problem it was to others on the internet.

Miss Betsy

[f.vanniere]

I've seen another issue. In the default configuration exim always accept webmaster[at]xxxx.com as recipient even if the addess doesn't exist.

It could be the cause of the blacklisting

[agsteele]

I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered.

I understand your problem. You clearly have an educational challenge

You do not say what mail programs your users are working with although I see your server is Exim. I'm not an expert in these things but I know that some mail server managers have configured their systems so that auto-responders and vacation messages are only sent to known senders. I guess some form of check is performed and if the sender's Email address is known to the recipient mailbox then, and only then, is an auto-response sent.

Vacation/out-of-office messages are major source of this kind of listing (Take a look at this link for more information - http://www.spamcop.net/fom-serve/cache/329.html )

But if your users send automatic replies to spamtraps which have had their addresses captured and misused by spammers then listings will arise.

One option you have, of course, is to install or toughen your own incoming spam filtering and try and capture spam arriving on your system so that these messages do not trigger a reply. You could then educate your users to check the incoming spam folder and check for any messages which are not spam.

As for bounces, these really can be handled at the SMTP level. Non-delivery bounces are not necessary since the SMTP reject will also tell them their mail has not been delivered but will avoid the problem you describe.

That will reduce the problem and may avoid you getting listed but your best option is to stop auto-responders.

I've seen another issue. In the default configuration exim always accept webmaster[at]xxxx.com as recipient even if the addess doesn't exist.

In that case, if you cannot reconfigure Exim to reject webmaster[at] Email then create an account for the webmaster and send anything addressed to it to /dev/null

Andrew

[StevenUnderwood]

Report History:

Don't Display UUBE

--------------------------------------------------------------------------------

Submitted: Monday, September 04, 2006 4:25:48 PM -0400:

Mail delivery failed: returning message to sender

1906826753 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, September 04, 2006 4:00:43 AM -0400:

Warning: message 1GJ3bk-00045e-TK delayed 72 hours

1905837872 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Sunday, September 03, 2006 5:01:39 AM -0400:

Warning: message 1GJ3bk-00045e-TK delayed 48 hours

1904446084 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Saturday, September 02, 2006 7:06:40 AM -0400:

Mail delivery failed: returning message to sender

1903258346 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Saturday, September 02, 2006 4:15:22 AM -0400:

Warning: message 1GJ3bk-00045e-TK delayed 24 hours

1903098059 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, September 01, 2006 10:25:16 PM -0400:

Mail delivery failed: returning message to sender

1902814027 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, September 01, 2006 2:14:22 PM -0400:

Mail delivery failed: returning message to sender

1902362989 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 29, 2006 12:46:27 PM -0400:

Mail delivery failed: returning message to sender

1897506499 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net

[f.vanniere]

Thanks Steven, it was several mails sent to postmaster[at]xxxx.com

[GraemeL]

Thanks Steven, it was several mails sent to postmaster[at]xxxx.com

Tut, tut. To quote RFC2821:

"Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case-insensitive local name. This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in section 3.1). The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO:<Postmaster>" (with no domain specification), MUST be supported.

SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases (such as to contain a denial of service attack or other breach of security) an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks."

[Wazoo]

Stepping on stage and filling the part of 'dumb guy not quite understanding the plot thus far' .....

http://www.spamcop.net/w3m?action=checkblo...p=212.37.221.46

212.37.221.46 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 2 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week

http://www.senderbase.org/?searchBy=ipaddr...g=212.37.221.46

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day .......... 3.8 .. -2%

Last 30 days .... 3.2 .. -79%

Average .......... 3.8

http://forum.spamcop.net/forums/index.php?showtopic=4556

3.2 -3.8 says to me something around say 5 to 12,000 e-mails a day 'seen' ...

http://www.senderbase.org/?sb=1&search...ing=Planet-Work

# Domains controlled by this network owner 9

# IPs used by this network owner 3

# IPs controlled by this network owner 64

Addresses in Planet-Work used to send email

address hostname

212.37.215.215 supermailing2.superbonplan.com

212.37.221.46 mistral.planet-work.net

212.37.221.47 zola.planet-work.net

Just trying to work out the "webmaster[at]xxx" 'suspected issue and the self-described "postmaster[at]xxx" as being "the" problem .... never mind just how a "not accepted" e-mail to eiher a webmaster or postmaster account was somehow 'rejected' and sent to a spamtrap address that fed the SpamCopDNSBL in sufficient quantities to get an IP address listed. And just what does "xxx" signify here ... a hosted Domain, another non-associated Domain, "the" Domain ...?????

I'm in full agreement with GraemeL, that Postmaster is a required working address (webmaster would be a nicety, assuming that at least one of the Domains being handled had a web-page or two) ... but having also been on the other side of things .. running a hosted web-site .. the usual issue is that the hosting ISP won't allow a "postmaster" address to be used, usually because that's reserved for the ISP itself (going back to the "shared server" situation) ... but this doesn't directly feed into that an e-mail addressed with a postmaster at a hosted Domain would be bounced to a spamtrap address, in and of itself

There's still a detail or two missing for this whole thing to come together ... for me anyway ...