The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fail vs Blackhole (Spamcop Blocking Fail)

Discussion in 'General Discussion' started by Angel78, Aug 9, 2006.

  1. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16

    So if you use Fail (instead of Blackhole) you can get blocked by Spamcop if spammer puts some of their spamtrap emails as a reply to addy.

    Is there a way to use fail but not to send "no such user", "non-existent mailbox", and/or "quota exceeded" emails?


    thank you.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, :fail: is done before acceptance of the email (at the RCPT stage) and so isn't affected by this issue at all.

    The only thing affected by what you've mentioned are overquota emails.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, it will definitely happen with autoresponders. That's why thay are, and always have been, an extremely bad idea. The only solution is to not use them.
     
  4. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    tnx, according to SC it was either abounce or a autoresponder that landed on their spamtrap's


    Their solutions: Anyone knows how to do this with Exim as MTA?


    2) If you are going to reject mail, do it during the smtp conversation
    with your mail gateway rather than sending a delayed bounce after the
    message has already been queued.


    5) If you must bounce then your bounces should be RFC compliant and use
    a null < > return-path. See RFC2821 sections 3.7 and 4.5.5
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I've never been able to understand a valid reason for having a mailbox quota. They just seem to cause issues such as this when a mailbox goes over its quota. If you are not checking a mailbox, then you should not have it created in the first place.

    I would really just prefer if CPanel did away with the mailbox quota concept, or at the very least made mailbox unlimited by default.

    I know, this should be an enhancement request, but I just felt like getting on my soapbox for a minute.
     
  6. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    So, problem not gone.
    Do you have any ideas how to tune your MTA to reject such emails ("all unroutable mail" in cPanel's terms) on RCPT level?
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This is done by setting the default/catchall account to:

    :fail:

    In an ideal e-mail set up. Your users would set up e-mail accounts on your server. They would not forward e-mail off of the server (forwarding mail within the server is fine). They would not set up autoresponders. They would not use boxtrapper. They would only setup e-mail accounts for mail address that they are going to check. If they're not going to check a mail account, don't set it up. If you want to redirect mail from multiple addresses into a single mailbox, use e-mail forwarders. Use SpamAssassin to try flag messages that SpamAssassin marks as spam. Only use the spambox if you are checking your mail with webmail or with an IMAP client, otherwise just rewrite the subject of SpamAsssassin marked message and use your e-mail client's filtering to filter those out of your main inbox in your e-mail client. Only set up e-mail accounts or forwarders that you know will receive legitimate mail. Then set your default/catchall account to :fail:.

    This would be an ideal set up. This way mail for legitimate addresses that you have advertised will be delivered to your account on the server. Other messages will be rejected before the server even accepts the message. You don't have to deal with the issue of forwarding spam from your server which can blacklist your server. You don't have to worry about spammers spamming an address and an autoresponder or over quota message being bounced back, which can blacklist your server. Basically what you are trying to do is limit the amount of unnecessary messages being sent out from your server. Unnecessary meaning anything that is not explicitly sent from your account (i.e. when you click send to send an e-mail).
     
  8. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    Sparek, "fail" does not help since does not work on RCPT level but work after server recieve message. So it generates bounce email.
    And because of this bounce email SpamCop will blocks your relay IP.
    For more details read first posting of this thread carefully.
     
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    :fail: works at the rcpt stage of the e-mail transaction.

    The SMTP transaction goes something like:

    EHLO <server>
    mail from: <who its from>
    rcpt to: <to address>
    DATA
    .
    .


    When talking about incoming mail into your server, then this same transaction happens, the server connects to your server, introduces itself as server with EHLO <server>.

    Then the sending server says this message is from someone with mail form: <address>. I think exim denies messages if the domain part of that address is not routeable or does not have an A record or MX record, but I may be wrong there.

    Then the sending server says who this message is intended for rcpt to: <address>. This address has to exist on your server. If it does not exist as a POP/IMAP account or as a forwarder on your domain, then the default box is where it will go. If the default box is set to :fail: then your server says "STOP don't go any further, this recipient does not exist" and the session closes. The message is never accepted. The message never reaches your server. The sending server, it may send a bounce back message to the original sender saying that the recipient does not exist on your server, but that is done by the sending server, not your server.

    Its important not to confuse a bounce message which is like an autoresponder and a failed message (which really isn't a message, its more like a response code) which is what :fail: does.
     
  10. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    Then why spamcop blocks such rejection?
    SpamCop blocks because it recieve bounce but not SMTP rejection.
     
  11. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What message did spamcop go by? If the message spamcop received was an autoresponder or an account or mailbox over quota then it would fall under the category of a bounced message being sent by your server. In which case you would need to find the underlying cause.

    Are you saying that spamcop blocked your server because a message was sent to an unrouteable address on your domain, and that your default box was set to :fail: so spam cop blocked your message? The only way this would apply is if the original message was sent from your server (which shouldn't happen because Exim will check to see if an address you are writing is local or remote before sending and if its local it checks to make sure that the address exists).

    I really don't know. I would need more information. Having your default box set to :fail: should not cause you to be listed on any blacklist, because the rejection notice is handled by the sending server, not the recipient server.
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    We seem to be going round in circles here.

    :fail: does not bounce anything. It rejects the mail delivery attempt on the RCPT stage.

    If the problem occured because of an autoresponder. Yes, they will definitely get you listed in RBL's. The only solution is to not use them autoresponders.

    Was it an autoresponder?
     
  13. kistler

    kistler Well-Known Member

    Joined:
    Jan 27, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    I know this doesnt fit here all the way but would someone running box trapper become an issue of becoming blacklisted or not? i has a guy using this to try and stop spam.
     
  14. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Yes, because of spoofed return address. I have gotten it even a few times recently with mailman as the subject keeps saying "help" in it. :rolleyes:
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. It can and does happen - someone posted a while back who had got their main server IP address on a major RBL for using boxtrapper.
     
  16. fmalekpour

    fmalekpour Well-Known Member
    PartnerNOC

    Joined:
    Dec 4, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's very handy for those situations you mentioned. It won't help with autoresponders and boxtrapper, though.
     
  18. fmalekpour

    fmalekpour Well-Known Member
    PartnerNOC

    Joined:
    Dec 4, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    That's right. Autoresponders and BoxTrapper have to be disabled manually.
     
Loading...

Share This Page