Bounce from "destination server" as SPAM - header/received too short!
Glenn Steen
glenn.steen at gmail.com
Thu Nov 13 10:15:34 GMT 2014
Actually.... You could play around with a ruleset on this:
# Do you want to check watermarks?
# This can also be the filename of a ruleset.
Check Watermarks With No Sender = yes
... And simply avoid checking the watermark on your mailstore systems
IP address.
Probably the simplest fix of all;-).
Cheers!
--
-- Glenn
On 13 November 2014 10:58, Glenn Steen <glenn.steen at gmail.com> wrote:
> I just re-read your initial post and get what's happening:
>
> You have the watermark feature enabled, to handle all those faked
> bounces/NDRs/NDNs (in reality, where the envelope sender is <>), but
> when your own mailstore (the server/servers protected by your
> MX/MailScanner system) generate a bounce these also lack the watermark
> (which is just a specific header with a checksum cryptagraphically
> protected...) and thus get handled as "bad". Many systems
> implementation of OoO will fall into this category as well. Regular
> bounces SHOULD NOT lack the watermark, but this is up to the
> mailstore, whether the watermark is present in the NDN or not.
>
> First off:
> - Don't mark them as "High scoring spam". Just mark as Spam and they
> will actually get delivered, thus making your system RFC compliant (or
> at least a tad more so:-).
>
> Second thing to explore:
> - Try to make your mailstore system(s) generate or preserve a valid
> watermark header for bounces etc. This is a lot less trivial than the
> first step, and in many cases close to impossible... In many cases,
> just implementing the first step above is the only real option... at
> least from a time management perspective:-):-).
>
> So... this problem of yours is mostly a problem outside of
> mailScanner, but entirely caused be the use of the watermark feature.
> i wouldn't recommend turning it off, without first doing a thorough
> analysis of the effectiveness of the feature...;)
>
> Cheers!
> --
> -- Glenn
>
> On 12 November 2014 19:58, Sim <simvirus at gmail.com> wrote:
>> Thanks for reply...
>> But in other case the bounce is generated for other reasons
>> For example if the mailbox for the user is over quota, etc..
>> In this case the bounce is "dropped".
>> The question is why this "postfix/cleanup - MailScanner" header is too short
>> ...and how to extend it :-(
>>
>> Thanks again
>>
>> ---
>> Sim
>>
>> 2014-11-10 18:16 GMT+01:00 Glenn Steen <glenn.steen at gmail.com>:
>>>
>>> Actually... All you need do is configure recipient verification in postfix
>>> (this is in-built and documented well several places, like the postfix doc
>>> site or the MailScanner wiki). Alternatively maintain a relay recipient map
>>> or an access map (both are fairly trivial to set up).
>>> Doing any of these will reject instead of bounce, for unknown recipients.
>>> Flip side of the coin is that you may expose your recipient "universe", for
>>> easy mapping (regardless if you have disabled vrfy), but... That's just how
>>> it is:-)
>>>
>>> Cheers
>>> --
>>> -- Glenn
>>>
>>> Den 10 nov 2014 14:03 skrev "Joolee" <mailscanner at joolee.nl>:
>>>
>>>> Quite an easy solution is to simply don't bounce. E-mail to non-existing
>>>> users is probably (uncought) spam and they rarely come from legit e-mail
>>>> addresses. You are spamming the actual owners of the e-mail addresses being
>>>> abused by sending backscatter to them. It might even get you listed on a
>>>> backscatter dnsbl.
>>>>
>>>> If you want to provide legit mail senders with a "this user doesn't
>>>> exist" message, configure all legit users on your edge server so mail to
>>>> non-existing users is being blocked on smtp level. (This will also reject
>>>> ~90% of spam) The sending party can than implement any backscatter/messages
>>>> they want with this information, it's not your problem.
>>>>
>>>>
>>>> On 10 November 2014 12:44, Sim <simvirus at gmail.com> wrote:
>>>>>
>>>>> Hello to all!
>>>>>
>>>>> I've a little issue...
>>>>>
>>>>> SENDER (from test at extenal.com to nomail at mydomain) ------> MailScanner
>>>>> -----> Mailbox Server (@mydomain)
>>>>>
>>>>> At this time my internal "Mailbox Server" generate a bounce for not
>>>>> exiting "nomail" account.
>>>>> This bounce is detected as SPAM from MailScanner.
>>>>>
>>>>> Note:
>>>>> - The IP of Mailbox Server is in "Whitelist"
>>>>> - The LAN (/24) of Mailbox Server is in "Trusted Network"
>>>>> - The LAN (/24) of Mailbox Server is in "Outbound mail relay"
>>>>> - All other email sent from "Mailbox Server" are detected as "white
>>>>> list"
>>>>>
>>>>>
>>>>> Checking the log of postfix i've found this:
>>>>>
>>>>> postfix/cleanup[20872]: C1C2960069: hold: header Received: from
>>>>> srv.mydomain.local (unknown [192.168.0.10])??(using TLSv1 with cipher
>>>>> AES128-SHA (128/128 bits))??(No client certificate requested)??by
>>>>> mail.mydomain.com (Postfix) w from unknown[192.168.0.10]; from=<>
>>>>> to=<test at external.com> proto=ESMTP helo=<srv.mydomain.local>
>>>>> [..]
>>>>> MailScanner[19852]: Spam Checks: Starting
>>>>> MailScanner[19852]: Message C1C2960069.AEB15 from 192.168.0.10 has no
>>>>> (or invalid) watermark or sender address, marked as high-scoring spam
>>>>> MailScanner[19852]: Spam Checks: Found 1 spam messages
>>>>>
>>>>>
>>>>> The header of postifx/cleanup is incomplete!!!!
>>>>>
>>>>> Looking for full header i've seen: "(Postfix) with ESMTPS id
>>>>> C1C2960069?" and not only "(Postfix) w"
>>>>>
>>>>>
>>>>> How to increase this "check of the header limit" in postfix, cleanup or
>>>>> MailScanner ?
>>>>>
>>>>> Thanks
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list