f.vanniere Posted September 5, 2006 Share Posted September 5, 2006 Hello, My mailserver "212.37.221.46" is beeing blacklisted because of "Misdirected bounces". The server (Exim4) rejects email at SMTP time most of the time (no such user, blacklisted, ...) but for email redirections or autoresponders the message is accepted if the email address exists and a bounce message can be send to the sender if : The target of the redirection can't receive the email There is a auto-responder on the email address I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered. Link to comment Share on other sites More sharing options...
Miss Betsy Posted September 5, 2006 Share Posted September 5, 2006 I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered. Then you will have to warn your customers that occasionally they will be blocked by spamcop (and perhaps other blocklists) because the results of autoresponders that are not configured properly are that 'innocent' people are bombarded with spam - undeliverable messages that they didn't send. I don't know how other admins resolve the problem. I do know that autoresponders can be configured to be sent only to a 'whitelist' of regular correspondents. I am not sure what 'email redirection' means and why it also cannot be rejected at the server. However, the number of legitimate senders who would not be warned that the email was not received is miniscule compared to the number of people who are getting email that has nothing to do with them. Even AOL stopped accepting email and then rejecting when they saw what a problem it was to others on the internet. Miss Betsy Link to comment Share on other sites More sharing options...
f.vanniere Posted September 5, 2006 Author Share Posted September 5, 2006 I've seen another issue. In the default configuration exim always accept webmaster[at]xxxx.com as recipient even if the addess doesn't exist. It could be the cause of the blacklisting Link to comment Share on other sites More sharing options...
agsteele Posted September 5, 2006 Share Posted September 5, 2006 I can't remove auto-responder because my users want it (more than 4000 email addresses) and I can't discard bounces after a email redirection because the sender has to be warned is message has not been delivered. I understand your problem. You clearly have an educational challenge You do not say what mail programs your users are working with although I see your server is Exim. I'm not an expert in these things but I know that some mail server managers have configured their systems so that auto-responders and vacation messages are only sent to known senders. I guess some form of check is performed and if the sender's Email address is known to the recipient mailbox then, and only then, is an auto-response sent. Vacation/out-of-office messages are major source of this kind of listing (Take a look at this link for more information - http://www.spamcop.net/fom-serve/cache/329.html ) But if your users send automatic replies to spamtraps which have had their addresses captured and misused by spammers then listings will arise. One option you have, of course, is to install or toughen your own incoming spam filtering and try and capture spam arriving on your system so that these messages do not trigger a reply. You could then educate your users to check the incoming spam folder and check for any messages which are not spam. As for bounces, these really can be handled at the SMTP level. Non-delivery bounces are not necessary since the SMTP reject will also tell them their mail has not been delivered but will avoid the problem you describe. That will reduce the problem and may avoid you getting listed but your best option is to stop auto-responders. I've seen another issue. In the default configuration exim always accept webmaster[at]xxxx.com as recipient even if the addess doesn't exist. In that case, if you cannot reconfigure Exim to reject webmaster[at] Email then create an account for the webmaster and send anything addressed to it to /dev/null Andrew Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 5, 2006 Share Posted September 5, 2006 Report History: Don't Display UUBE -------------------------------------------------------------------------------- Submitted: Monday, September 04, 2006 4:25:48 PM -0400: Mail delivery failed: returning message to sender 1906826753 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday, September 04, 2006 4:00:43 AM -0400: Warning: message 1GJ3bk-00045e-TK delayed 72 hours 1905837872 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Sunday, September 03, 2006 5:01:39 AM -0400: Warning: message 1GJ3bk-00045e-TK delayed 48 hours 1904446084 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Saturday, September 02, 2006 7:06:40 AM -0400: Mail delivery failed: returning message to sender 1903258346 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Saturday, September 02, 2006 4:15:22 AM -0400: Warning: message 1GJ3bk-00045e-TK delayed 24 hours 1903098059 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, September 01, 2006 10:25:16 PM -0400: Mail delivery failed: returning message to sender 1902814027 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, September 01, 2006 2:14:22 PM -0400: Mail delivery failed: returning message to sender 1902362989 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, August 29, 2006 12:46:27 PM -0400: Mail delivery failed: returning message to sender 1897506499 ( 212.37.221.46 ) ( UUBE ) To: uube[at]devnull.spamcop.net Link to comment Share on other sites More sharing options...
f.vanniere Posted September 5, 2006 Author Share Posted September 5, 2006 Thanks Steven, it was several mails sent to postmaster[at]xxxx.com Link to comment Share on other sites More sharing options...
GraemeL Posted September 5, 2006 Share Posted September 5, 2006 Thanks Steven, it was several mails sent to postmaster[at]xxxx.com Tut, tut. To quote RFC2821: "Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case-insensitive local name. This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in section 3.1). The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO:<Postmaster>" (with no domain specification), MUST be supported. SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases (such as to contain a denial of service attack or other breach of security) an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks." Link to comment Share on other sites More sharing options...
Wazoo Posted September 5, 2006 Share Posted September 5, 2006 Stepping on stage and filling the part of 'dumb guy not quite understanding the plot thus far' ..... http://www.spamcop.net/w3m?action=checkblo...p=212.37.221.46 212.37.221.46 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 2 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week http://www.senderbase.org/?searchBy=ipaddr...g=212.37.221.46 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day .......... 3.8 .. -2% Last 30 days .... 3.2 .. -79% Average .......... 3.8 http://forum.spamcop.net/forums/index.php?showtopic=4556 3.2 -3.8 says to me something around say 5 to 12,000 e-mails a day 'seen' ... http://www.senderbase.org/?sb=1&search...ing=Planet-Work # Domains controlled by this network owner 9 # IPs used by this network owner 3 # IPs controlled by this network owner 64 Addresses in Planet-Work used to send email address hostname 212.37.215.215 supermailing2.superbonplan.com 212.37.221.46 mistral.planet-work.net 212.37.221.47 zola.planet-work.net Just trying to work out the "webmaster[at]xxx" 'suspected issue and the self-described "postmaster[at]xxx" as being "the" problem .... never mind just how a "not accepted" e-mail to eiher a webmaster or postmaster account was somehow 'rejected' and sent to a spamtrap address that fed the SpamCopDNSBL in sufficient quantities to get an IP address listed. And just what does "xxx" signify here ... a hosted Domain, another non-associated Domain, "the" Domain ...????? I'm in full agreement with GraemeL, that Postmaster is a required working address (webmaster would be a nicety, assuming that at least one of the Domains being handled had a web-page or two) ... but having also been on the other side of things .. running a hosted web-site .. the usual issue is that the hosting ISP won't allow a "postmaster" address to be used, usually because that's reserved for the ISP itself (going back to the "shared server" situation) ... but this doesn't directly feed into that an e-mail addressed with a postmaster at a hosted Domain would be bounced to a spamtrap address, in and of itself There's still a detail or two missing for this whole thing to come together ... for me anyway ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.