Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Backscatter from bounces? Is there a way to remove the body content?

Discussion in 'General Discussion' started by jols, Sep 19, 2006.

  1. jols

    jols Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    One of our hosted customers brings up a very good point:

    -- Spam is received to a non-existant address on the server.

    -- The reply-to/return path email address is faked but leads to someone's legitimate account.

    -- The spam bounces to the legitimate account.

    -- Our server acts as a spam-relay as a result.

    Is there a way to reconfigure Exim so that the body copy is NOT included in a 550 "The recipient cannot be verified. " bounce?
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    That does not happen if you use :fail: on the Default Address. It doesn't bounce the email, it denies delivery at the SMTP RCPT stage.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sparek-3

    sparek-3 Well-Known Member

    Aug 10, 2002
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    If you use :fail: as chirpy has pointed out, your server will not send a bounce message.

    The from address may receive a bounce message, but this would be generated by the sending server.

    When someone sends an e-mail to your domain, the sending server looks up the MX record for that domain and attempts to connect to that server on port 25. When connected, the server introduces itself usually with EHLO hostname where hostname is the name of the server that is connecting to your server. Then the sending server says MAIL FROM: <fromaddress> where fromaddress it the address the mail is being sent from. Then the sending server says RCPT TO: <toaddress> where toaddress is the e-mail address on your server that the sending server is trying to reach. If this is not a valid e-mail address on your domain and your default box is set to :fail: then the transaction stops there. The receiving server does not allow any further transaction. This goes back to the sending server. Now, the sending server may elect to send a bounce message back to fromaddress which is likely a fake address in the case of a spammer and this may cause some blacklisting issues, but it would only cause the sending server to become blacklisted, since it is the one that is sending the bounced NDR message.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice