The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

blacklisted server because of a single email bounce.

Discussion in 'E-mail Discussions' started by jols, Jan 19, 2015.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I really don't get this at all.

    I just discovered that one of our servers is blacklisted at Lashback due to just one single bounced email.

    Here's the part of the header that they provided as a reason for the bounce. (I have changed the addresses for our protection):

    Code:
    ---------------------
    Received: from our.server.com (HELO our.server.com) (222.222.222.22) by Thunder53 (qpsmtpd/0.84) with ESMTP; Sun, 18 Jan 2015 07:28:34 -0800 Received: from mailnull by our.server.com with local (Exim 4.84) id 1YCrp0-003WNo-6q for [REDACTED]; Sun, 18 Jan 2015 09:31:26 -0600 X-Failed-Recipients: our@customer.com Auto-Submitted: auto-replied From: Mail Delivery System [REDACTED] To: [REDACTED] Subject: Mail delivery failed: returning message to sender Message-Id: <E1YCrp0-003WNo-6q@our.server.com> Date: Sun, 18 Jan 2015 09:31:26 -0600 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - our.server.com X-AntiAbuse: Original Domain - [REDACTED] X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - X-Get-Message-Sender-Via: our.server.com: none  
    ---------------------
    So obviously its a bounce, but why on earth should this incur a blacklisting when:

    - Our customer is NOT using Boxtrapper
    - Our customers have no autoresponders established.
    - EXIM has been tweaked to NOT return the original subject line, nor any of the body copy (in the bounced message).
    - And other routines have been establsihed (e.g. using antivirus.exim, to assure that none of the original spam is bounced back to any address, per backscatter.

    Thus NDR spam is not possible.

    So apparently simply because it's a bounce and hit hits one of their honeypots, we're shot down, at least in so far as having servers which are absolutely clean of any blacklists.

    The only solution I have thought of is to filter out any email with "X-Failed-Recipients", but doesn't this lead to non RFC compliant email servers, e.g. servers that do not allow poorly addressed email to bounce back to the recipient.

    Anyone have a clue about this kind of thing?

    Thanks much!
     
    #1 jols, Jan 19, 2015
    Last edited by a moderator: Jan 19, 2015
  2. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    re: blacklisted server because of a single email bounce.

    By the way, the bounce occurred due to this:

    R=virtual_user_maildir_overquota: Mailbox quota exceeded


    And to reiterate, I have exim configure thus:


    bounce_return_body: false
    bounce_return_message: false


    So the question becomes, I guess we just shut down ALL bounces (period) in order to prevent blacklistings? Huh?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may want to reach out to the third-party blacklist provider to determine if there is a delisting process. In "WHM Home » Service Configuration » Exim Configuration Manager", under the "Mail" tab, you can disable the following option:

    "Bounce email for users over quota"

    This will keep the messages in the queue instead of bouncing it to the sender.

    Thank you.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Lashback requires payment for more than a single delisting per month, which, IMHO is a conflict of interest, of not an outright SCAM if ever there was one. However, we were delisted without having to shell out bucks, which of course we would never do.

    Thanks for pointing out the "Bounce email for users over quota" feature in WHM, somehow I missed that. So I do appreciate your pointing this out.
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Hi,

    "Bounce email for users over quota" has long been switched off, yet we are still getting hit with this for one particular server.

    The core of the header they are showing us is this:

    [REDACTED]; Thu, 30 Apr 2015 21:23:41 -0500 X-Failed-Recipients: user@domain.com Auto-Submitted: auto-replied From: Mail Delivery System [REDACTED] To: [REDACTED] Subject: Mail delivery failed: returning message to sender Message-Id: <E1Yo0c9-002r4o-Cc@serveraddress.com> Date: Thu, 30 Apr 2015 21:23:41 -0500

    I have only replaced the actual email account address with "user@domain.com". and the server address in the above.

    Any other advice, anyone?

    Thanks much.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    What entry do you see in /var/log/exim_mainlog or /var/log/exim_rejectlog for that message? Also, does the message body indicate the reason for the bounce?

    Thank you.
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Lashback is a PITA.
    These people are without doubt crooks in my opinion.

    Their RBL is far too vigorous.
     
Loading...

Share This Page