Bounce from "destination server" as SPAM - header/received too short!

Thu Nov 13 09:58:26 GMT 2014

I just re-read your initial post and get what's happening:

You have the watermark feature enabled, to handle all those faked
bounces/NDRs/NDNs (in reality, where the envelope sender is <>), but
when your own mailstore (the server/servers protected by your
MX/MailScanner system) generate a bounce these also lack the watermark
(which is just a specific header with a checksum cryptagraphically
protected...) and thus get handled as "bad". Many systems
implementation of OoO will fall into this category as well. Regular
bounces SHOULD NOT lack the watermark, but this is up to the
mailstore, whether the watermark is present in the NDN or not.

First off:
- Don't mark them as "High scoring spam". Just mark as Spam and they
will actually get delivered, thus making your system RFC compliant (or
at least a tad more so:-).

Second thing to explore:
- Try to make your mailstore system(s) generate or preserve a valid
watermark header for bounces etc. This is a lot less trivial than the
first step, and in many cases close to impossible... In many cases,
just implementing the first step above is the only real option... at
least from a time management perspective:-):-).

So... this problem of yours is mostly a problem outside of
mailScanner, but entirely caused be the use of the watermark feature.
i wouldn't recommend turning it off, without first doing a thorough
analysis of the effectiveness of the feature...;)

Cheers!
-- 
-- Glenn

On 12 November 2014 19:58, Sim <simvirus at gmail.com> wrote:
> Thanks for reply...
> But in other case the bounce is generated for other reasons
> For example if the mailbox for the user is over quota, etc..
> In this case the bounce is "dropped".
> The question is why this "postfix/cleanup - MailScanner" header is too short
> ...and how to extend it :-(
>
> Thanks again
>
> ---
> Sim
>
> 2014-11-10 18:16 GMT+01:00 Glenn Steen <glenn.steen at gmail.com>:
>>
>> Actually... All you need do is configure recipient verification in postfix
>> (this is in-built and documented well several places, like the postfix doc
>> site or the MailScanner wiki). Alternatively maintain a relay recipient map
>> or an access map (both are fairly trivial to set up).
>> Doing any of these will reject instead of bounce, for unknown recipients.
>> Flip side of the coin is that you may expose your recipient "universe", for
>> easy mapping (regardless if you have disabled vrfy), but... That's just how
>> it is:-)
>>
>> Cheers
>> --
>> -- Glenn
>>
>> Den 10 nov 2014 14:03 skrev "Joolee" <mailscanner at joolee.nl>:
>>
>>> Quite an easy solution is to simply don't bounce. E-mail to non-existing
>>> users is probably (uncought) spam and they rarely come from legit e-mail
>>> addresses. You are spamming the actual owners of the e-mail addresses being
>>> abused by sending backscatter to them. It might even get you listed on a
>>> backscatter dnsbl.
>>>
>>> If you want to provide legit mail senders with a "this user doesn't
>>> exist" message, configure all legit users on your edge server so mail to
>>> non-existing users is being blocked on smtp level. (This will also reject
>>> ~90% of spam) The sending party can than implement any backscatter/messages
>>> they want with this information, it's not your problem.
>>>
>>>
>>> On 10 November 2014 12:44, Sim <simvirus at gmail.com> wrote:
>>>>
>>>> Hello to all!
>>>>
>>>> I've a little issue...
>>>>
>>>> SENDER (from test at extenal.com  to  nomail at mydomain) ------> MailScanner
>>>> -----> Mailbox Server (@mydomain)
>>>>
>>>> At this time my internal "Mailbox Server" generate a bounce for not
>>>> exiting "nomail" account.
>>>> This bounce is detected as SPAM from MailScanner.
>>>>
>>>> Note:
>>>> - The IP of Mailbox Server is in "Whitelist"
>>>> - The LAN (/24) of Mailbox Server is in "Trusted Network"
>>>> - The LAN (/24) of Mailbox Server is in "Outbound mail relay"
>>>> - All other email sent from "Mailbox Server" are detected as "white
>>>> list"
>>>>
>>>>
>>>> Checking the log of postfix i've found this:
>>>>
>>>> postfix/cleanup[20872]: C1C2960069: hold: header Received: from
>>>> srv.mydomain.local (unknown [192.168.0.10])??(using TLSv1 with cipher
>>>> AES128-SHA (128/128 bits))??(No client certificate requested)??by
>>>> mail.mydomain.com (Postfix) w from unknown[192.168.0.10]; from=<>
>>>> to=<test at external.com> proto=ESMTP helo=<srv.mydomain.local>
>>>> [..]
>>>> MailScanner[19852]: Spam Checks: Starting
>>>> MailScanner[19852]: Message C1C2960069.AEB15 from 192.168.0.10 has no
>>>> (or invalid) watermark or sender address, marked as high-scoring spam
>>>> MailScanner[19852]: Spam Checks: Found 1 spam messages
>>>>
>>>>
>>>> The header of postifx/cleanup is incomplete!!!!
>>>>
>>>> Looking for full header i've seen:  "(Postfix) with ESMTPS id
>>>> C1C2960069?"    and not only    "(Postfix) w"
>>>>
>>>>
>>>> How to increase this "check of the header limit" in postfix, cleanup or
>>>> MailScanner ?
>>>>
>>>> Thanks
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se