Fail vs Blackhole (Spamcop Blocking Fail)

**Angel78** · 08-09-2006 07:12 AM

If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces (that is, bounce emails sent after acceptance of the email instead of being rejected by the server during the SMTP phase, which would include emails such as "no such user", "non-existent mailbox", and/or "quota exceeded").

So if you use Fail (instead of Blackhole) you can get blocked by Spamcop if spammer puts some of their spamtrap emails as a reply to addy.

Is there a way to use fail but not to send "no such user", "non-existent mailbox", and/or "quota exceeded" emails?

thank you.

**chirpy** · 08-09-2006 11:25 AM

No, :fail: is done before acceptance of the email (at the RCPT stage) and so isn't affected by this issue at all.

The only thing affected by what you've mentioned are overquota emails.

**chirpy** · 08-09-2006 12:35 PM

Yes, it will definitely happen with autoresponders. That's why thay are, and always have been, an extremely bad idea. The only solution is to not use them.

**Angel78** · 08-09-2006 12:36 PM

tnx, according to SC it was either abounce or a autoresponder that landed on their spamtrap's

Their solutions: Anyone knows how to do this with Exim as MTA?

2) If you are going to reject mail, do it during the smtp conversation
with your mail gateway rather than sending a delayed bounce after the
message has already been queued.

5) If you must bounce then your bounces should be RFC compliant and use
a null < > return-path. See RFC2821 sections 3.7 and 4.5.5

**sparek-3** · 08-09-2006 12:59 PM

Originally Posted by chirpy

The only thing affected by what you've mentioned are overquota emails.

I've never been able to understand a valid reason for having a mailbox quota. They just seem to cause issues such as this when a mailbox goes over its quota. If you are not checking a mailbox, then you should not have it created in the first place.

I would really just prefer if CPanel did away with the mailbox quota concept, or at the very least made mailbox unlimited by default.

I know, this should be an enhancement request, but I just felt like getting on my soapbox for a minute.

**AlexAT** · 08-09-2006 01:20 PM

Originally Posted by chirpy

Yes, it will definitely happen with autoresponders. That's why thay are, and always have been, an extremely bad idea. The only solution is to not use them.

So, problem not gone.
Do you have any ideas how to tune your MTA to reject such emails ("all unroutable mail" in cPanel's terms) on RCPT level?

**sparek-3** · 08-09-2006 01:36 PM

Originally Posted by AlexAT

Do you have any ideas how to tune your MTA to reject such emails ("all unroutable mail" in cPanel's terms) on RCPT level?

This is done by setting the default/catchall account to:

:fail:

In an ideal e-mail set up. Your users would set up e-mail accounts on your server. They would not forward e-mail off of the server (forwarding mail within the server is fine). They would not set up autoresponders. They would not use boxtrapper. They would only setup e-mail accounts for mail address that they are going to check. If they're not going to check a mail account, don't set it up. If you want to redirect mail from multiple addresses into a single mailbox, use e-mail forwarders. Use SpamAssassin to try flag messages that SpamAssassin marks as spam. Only use the spambox if you are checking your mail with webmail or with an IMAP client, otherwise just rewrite the subject of SpamAsssassin marked message and use your e-mail client's filtering to filter those out of your main inbox in your e-mail client. Only set up e-mail accounts or forwarders that you know will receive legitimate mail. Then set your default/catchall account to :fail:.

This would be an ideal set up. This way mail for legitimate addresses that you have advertised will be delivered to your account on the server. Other messages will be rejected before the server even accepts the message. You don't have to deal with the issue of forwarding spam from your server which can blacklist your server. You don't have to worry about spammers spamming an address and an autoresponder or over quota message being bounced back, which can blacklist your server. Basically what you are trying to do is limit the amount of unnecessary messages being sent out from your server. Unnecessary meaning anything that is not explicitly sent from your account (i.e. when you click send to send an e-mail).

**AlexAT** · 08-09-2006 01:42 PM

Originally Posted by sparek-3

This is done by setting the default/catchall account to:

:fail:

<others skipped>

Sparek, "fail" does not help since does not work on RCPT level but work after server recieve message. So it generates bounce email.
And because of this bounce email SpamCop will blocks your relay IP.
For more details read first posting of this thread carefully.

**sparek-3** · 08-09-2006 01:51 PM

:fail: works at the rcpt stage of the e-mail transaction.

The SMTP transaction goes something like:

EHLO <server>
mail from: <who its from>
rcpt to: <to address>
DATA
.
.

When talking about incoming mail into your server, then this same transaction happens, the server connects to your server, introduces itself as server with EHLO <server>.

Then the sending server says this message is from someone with mail form: <address>. I think exim denies messages if the domain part of that address is not routeable or does not have an A record or MX record, but I may be wrong there.

Then the sending server says who this message is intended for rcpt to: <address>. This address has to exist on your server. If it does not exist as a POP/IMAP account or as a forwarder on your domain, then the default box is where it will go. If the default box is set to :fail: then your server says "STOP don't go any further, this recipient does not exist" and the session closes. The message is never accepted. The message never reaches your server. The sending server, it may send a bounce back message to the original sender saying that the recipient does not exist on your server, but that is done by the sending server, not your server.

Its important not to confuse a bounce message which is like an autoresponder and a failed message (which really isn't a message, its more like a response code) which is what :fail: does.

**AlexAT** · 08-09-2006 02:33 PM

Originally Posted by sparek-3

:fail: works at the rcpt stage of the e-mail transaction.

The SMTP transaction goes something like:

EHLO <server>
mail from: <who its from>
rcpt to: <to address>
DATA
.
.

When talking about incoming mail into your server, then this same transaction happens, the server connects to your server, introduces itself as server with EHLO <server>.

Then the sending server says this message is from someone with mail form: <address>. I think exim denies messages if the domain part of that address is not routeable or does not have an A record or MX record, but I may be wrong there.

Then the sending server says who this message is intended for rcpt to: <address>. This address has to exist on your server. If it does not exist as a POP/IMAP account or as a forwarder on your domain, then the default box is where it will go. If the default box is set to :fail: then your server says "STOP don't go any further, this recipient does not exist" and the session closes. The message is never accepted. The message never reaches your server. The sending server, it may send a bounce back message to the original sender saying that the recipient does not exist on your server, but that is done by the sending server, not your server.

Its important not to confuse a bounce message which is like an autoresponder and a failed message (which really isn't a message, its more like a response code) which is what :fail: does.

Then why spamcop blocks such rejection?
SpamCop blocks because it recieve bounce but not SMTP rejection.

**sparek-3** · 08-09-2006 02:46 PM

What message did spamcop go by? If the message spamcop received was an autoresponder or an account or mailbox over quota then it would fall under the category of a bounced message being sent by your server. In which case you would need to find the underlying cause.

Are you saying that spamcop blocked your server because a message was sent to an unrouteable address on your domain, and that your default box was set to :fail: so spam cop blocked your message? The only way this would apply is if the original message was sent from your server (which shouldn't happen because Exim will check to see if an address you are writing is local or remote before sending and if its local it checks to make sure that the address exists).

I really don't know. I would need more information. Having your default box set to :fail: should not cause you to be listed on any blacklist, because the rejection notice is handled by the sending server, not the recipient server.

**chirpy** · 08-09-2006 04:36 PM

We seem to be going round in circles here.

:fail: does not bounce anything. It rejects the mail delivery attempt on the RCPT stage.

If the problem occured because of an autoresponder. Yes, they will definitely get you listed in RBL's. The only solution is to not use them autoresponders.

Was it an autoresponder?

**kistler** · 08-10-2006 02:20 AM

I know this doesnt fit here all the way but would someone running box trapper become an issue of becoming blacklisted or not? i has a guy using this to try and stop spam.