The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change in :fail: behavior?

Discussion in 'E-mail Discussions' started by BrooksBridges, Oct 11, 2012.

  1. BrooksBridges

    BrooksBridges Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    So I built a separate standalone server to handle my spam scanning requirements about a year ago, and back when I set it up, I specifically configured the "reject_unverified_recipient" option in postfix so that it would query my cPanel system to ensure the user existed prior to spending the cycles processing the email. Everything worked great.

    Over the last couple of months (hard to say a definitive time frame), I've started getting more and more complaints about my server's IPs getting blacklisted. As I've started digging into it, I've discovered that apparently my server is being used to joe-job the hell out of a lot of people. It appears that a change in the :fail: behavior sometime recently is the root cause of this. The cpanel server no longer appears to outright reject the mail with a 550 after the RCPT TO command, but happily replies with a "250 Accepted" in response, and THEN generates a bounce email a few seconds later.

    I've taken packet captures of the transaction between my spam scanning system and my cpanel server for an email address that does not exist, and I have quadruple confirmed that the account is configured with ":fail: No Such Address Here" as the default address.

    What I am seeing is this:

    Code:
    MAIL FROM:<brooks@firestormnetworks.net> SIZE=2539
    RCPT TO:<mrpumba@macfilez.net>
    DATA
    
    250 OK
    250 Accepted
    354 Enter message, ending with "." on a line by itself
    Thoughts anyone? From the amount of searching I've done over the last ~3 hours, I know this was an issue way back in 2004, but it seems that the issue mostly had gone away. My original testing had confirmed that when I had initially built this scanner box. Even the actual Default Address configuration page for the domain seems to imply that the original behavior of returning a 550 *should* be the way it behaves:

    "Discard with error to sender (at SMTP time)"
     
  2. BrooksBridges

    BrooksBridges Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Can anyone comment on this? Has this default behavior changed in a recent version?

    - - - Updated - - -

    Can anyone comment on this? Has this default behavior changed in a recent version?
     
Loading...

Share This Page