Fail vs Blackhole (Spamcop Blocking Fail)

[Angel78]

If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces (that is, bounce emails sent after acceptance of the email instead of being rejected by the server during the SMTP phase, which would include emails such as "no such user", "non-existent mailbox", and/or "quota exceeded").

So if you use Fail (instead of Blackhole) you can get blocked by Spamcop if spammer puts some of their spamtrap emails as a reply to addy.

Is there a way to use fail but not to send "no such user", "non-existent mailbox", and/or "quota exceeded" emails?


thank you.

 

[chirpy]

No, :fail: is done before acceptance of the email (at the RCPT stage) and so isn't affected by this issue at all.

The only thing affected by what you've mentioned are overquota emails.

 

[chirpy]

Yes, it will definitely happen with autoresponders. That's why thay are, and always have been, an extremely bad idea. The only solution is to not use them.

 

[Angel78]

tnx, according to SC it was either abounce or a autoresponder that landed on their spamtrap's


Their solutions: Anyone knows how to do this with Exim as MTA?


2) If you are going to reject mail, do it during the smtp conversation
with your mail gateway rather than sending a delayed bounce after the
message has already been queued.


5) If you must bounce then your bounces should be RFC compliant and use
a null < > return-path. See RFC2821 sections 3.7 and 4.5.5

 

[sparek-3]

The only thing affected by what you've mentioned are overquota emails.

I've never been able to understand a valid reason for having a mailbox quota. They just seem to cause issues such as this when a mailbox goes over its quota. If you are not checking a mailbox, then you should not have it created in the first place.

I would really just prefer if CPanel did away with the mailbox quota concept, or at the very least made mailbox unlimited by default.

I know, this should be an enhancement request, but I just felt like getting on my soapbox for a minute.

 

[AlexAT]

Yes, it will definitely happen with autoresponders. That's why thay are, and always have been, an extremely bad idea. The only solution is to not use them.

So, problem not gone.
Do you have any ideas how to tune your MTA to reject such emails ("all unroutable mail" in cPanel's terms) on RCPT level?

 

[sparek-3]

Do you have any ideas how to tune your MTA to reject such emails ("all unroutable mail" in cPanel's terms) on RCPT level?

This is done by setting the default/catchall account to:

:fail:

In an ideal e-mail set up. Your users would set up e-mail accounts on your server. They would not forward e-mail off of the server (forwarding mail within the server is fine). They would not set up autoresponders. They would not use boxtrapper. They would only setup e-mail accounts for mail address that they are going to check. If they're not going to check a mail account, don't set it up. If you want to redirect mail from multiple addresses into a single mailbox, use e-mail forwarders. Use SpamAssassin to try flag messages that SpamAssassin marks as spam. Only use the spambox if you are checking your mail with webmail or with an IMAP client, otherwise just rewrite the subject of SpamAsssassin marked message and use your e-mail client's filtering to filter those out of your main inbox in your e-mail client. Only set up e-mail accounts or forwarders that you know will receive legitimate mail. Then set your default/catchall account to :fail:.

This would be an ideal set up. This way mail for legitimate addresses that you have advertised will be delivered to your account on the server. Other messages will be rejected before the server even accepts the message. You don't have to deal with the issue of forwarding spam from your server which can blacklist your server. You don't have to worry about spammers spamming an address and an autoresponder or over quota message being bounced back, which can blacklist your server. Basically what you are trying to do is limit the amount of unnecessary messages being sent out from your server. Unnecessary meaning anything that is not explicitly sent from your account (i.e. when you click send to send an e-mail).

 

[AlexAT]

This is done by setting the default/catchall account to:

:fail:

<others skipped>

Sparek, "fail" does not help since does not work on RCPT level but work after server recieve message. So it generates bounce email.
And because of this bounce email SpamCop will blocks your relay IP.
For more details read first posting of this thread carefully.

 

[sparek-3]

:fail: works at the rcpt stage of the e-mail transaction.

The SMTP transaction goes something like:

EHLO <server>
mail from: <who its from>
rcpt to: <to address>
DATA
.
.


When talking about incoming mail into your server, then this same transaction happens, the server connects to your server, introduces itself as server with EHLO <server>.

Then the sending server says this message is from someone with mail form: <address>. I think exim denies messages if the domain part of that address is not routeable or does not have an A record or MX record, but I may be wrong there.

Then the sending server says who this message is intended for rcpt to: <address>. This address has to exist on your server. If it does not exist as a POP/IMAP account or as a forwarder on your domain, then the default box is where it will go. If the default box is set to :fail: then your server says "STOP don't go any further, this recipient does not exist" and the session closes. The message is never accepted. The message never reaches your server. The sending server, it may send a bounce back message to the original sender saying that the recipient does not exist on your server, but that is done by the sending server, not your server.

Its important not to confuse a bounce message which is like an autoresponder and a failed message (which really isn't a message, its more like a response code) which is what :fail: does.

 

[AlexAT]

:fail: works at the rcpt stage of the e-mail transaction.

The SMTP transaction goes something like:

EHLO <server>
mail from: <who its from>
rcpt to: <to address>
DATA
.
.


When talking about incoming mail into your server, then this same transaction happens, the server connects to your server, introduces itself as server with EHLO <server>.

Then the sending server says this message is from someone with mail form: <address>. I think exim denies messages if the domain part of that address is not routeable or does not have an A record or MX record, but I may be wrong there.

Then the sending server says who this message is intended for rcpt to: <address>. This address has to exist on your server. If it does not exist as a POP/IMAP account or as a forwarder on your domain, then the default box is where it will go. If the default box is set to :fail: then your server says "STOP don't go any further, this recipient does not exist" and the session closes. The message is never accepted. The message never reaches your server. The sending server, it may send a bounce back message to the original sender saying that the recipient does not exist on your server, but that is done by the sending server, not your server.

Its important not to confuse a bounce message which is like an autoresponder and a failed message (which really isn't a message, its more like a response code) which is what :fail: does.

Then why spamcop blocks such rejection?
SpamCop blocks because it recieve bounce but not SMTP rejection.

 

[sparek-3]

What message did spamcop go by? If the message spamcop received was an autoresponder or an account or mailbox over quota then it would fall under the category of a bounced message being sent by your server. In which case you would need to find the underlying cause.

Are you saying that spamcop blocked your server because a message was sent to an unrouteable address on your domain, and that your default box was set to :fail: so spam cop blocked your message? The only way this would apply is if the original message was sent from your server (which shouldn't happen because Exim will check to see if an address you are writing is local or remote before sending and if its local it checks to make sure that the address exists).

I really don't know. I would need more information. Having your default box set to :fail: should not cause you to be listed on any blacklist, because the rejection notice is handled by the sending server, not the recipient server.

 

[chirpy]

We seem to be going round in circles here.

:fail: does not bounce anything. It rejects the mail delivery attempt on the RCPT stage.

If the problem occured because of an autoresponder. Yes, they will definitely get you listed in RBL's. The only solution is to not use them autoresponders.

Was it an autoresponder?

 

[kistler]

I know this doesnt fit here all the way but would someone running box trapper become an issue of becoming blacklisted or not? i has a guy using this to try and stop spam.

 

[lloyd_tennison]

Yes, because of spoofed return address. I have gotten it even a few times recently with mailman as the subject keeps saying "help" in it.

 

[chirpy]

Indeed. It can and does happen - someone posted a while back who had got their main server IP address on a major RBL for using boxtrapper.

 

[fmalekpour]

Check this link:

http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/

That will prevent delayed bounces including delivery delayed, delivery failed, over quota etc.

 

[chirpy]

That's very handy for those situations you mentioned. It won't help with autoresponders and boxtrapper, though.

 

[fmalekpour]

That's very handy for those situations you mentioned. It won't help with autoresponders and boxtrapper, though.

That's right. Autoresponders and BoxTrapper have to be disabled manually.