Remove Fail from email filter options - Backscatter

Is this how new feature requests is suppose to work? Make a new feature request and then start a thread on the forums to plug that feature request?

I've made a feature request to request cPanel to remove the Fail With Message option from email filter's in end-user's cPanel:

Remove Fail from email filter options - Backscatter

I would encourage people to read it and vote for it.

 

So you don't talk up your feature request in the forums? How do people find the new feature requests? Seems most people read the forums. I can understand cPanel's development team wanting feature requests in a central location. But I can also see the forums as being a venue to encourage other people to read the feature request and vote and/or give feedback on that feature request.

The setting you are talking about, in Tweak Settings, is for the default address. I agree with this. When Fail is used for the default address, the message is never accepted (never given an exim message id) on the server. But when using filters, end-user filters, those messages are accepted by the server and then the filter tries to bounce it back. Then that bounceback message gets caught in bounceback hell (backscatter).

 

Well, chirpy is right with what he says on that link. But he is referring to the default address. Let's make sure we're differentiating these things correctly:

Default address != ANY filter

I think this is a misunderstanding that most end-users don't get. And it may be a misunderstanding that cPanel is not understanding. Everyone thinks fail is what you should do all the time, but they don't understand the context of where it is being used.

Consider an SMTP transaction, when sending to a non-existant email account:

Code:

# telnet mail.yourmailserver.com 25
Trying XX.XX.XX.XX...
Connected to mail.yourmailserver.com
Escape character is '^]'.
220-mail.yourmailserver.com ESMTP Exim 4.85 #2 Fri, 05 Feb 2016 12:44:12 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO servername
250-mail.yourmailserver.com Hello servername
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: <postmaster@servername.com>
250 OK
rcpt to: <idontexist@yourmailserver.com>
550 No Address Here
DATA
503-All RCPT commands were rejected with this error:
503-No Address Here
503 Valid RCPT command must precede DATA

This is correct. This is the DEFAULT ADDRESS being set to fail.


But an email that has a filter:

Code:

# telnet mail.yourmailserver.com 25
Trying XX.XX.XX.XX...
Connected to mail.yourmailserver.com.
Escape character is '^]'.
220-mail.yourmailserver.com ESMTP Exim 4.85 #2 Fri, 05 Feb 2016 12:48:29 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO servername
250-mail.yourmailserver.com Hello servername
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: <imnotarealemailaddress@servername.com>
250 OK
rcpt to: <iexistbutihaveafiltersettofail@yourmailserver.com>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <imnotarealemailaddress@servername.com>
To: <iexistbutihaveafiltersettofail@yourmailserver.com>
Subject: Test Message

I'm the part of the message that's going to hit the filter.
.
250 OK id=1aRkUo-0004Su-O4
quit
221 mail.yourmailserver.com closing connection
Connection closed by foreign host.

In this example, this message was accepted (note id=1aRkUo-0004Su-O4). But because iexistbutihaveafiltersettofail@yourmailserver.com has a filter set to filter messages that contain "I'm the part of the message that's going to hit the filter." and fail them, then yourmailserver.com is going to try to send that fail message to imnotarealemailaddress@servername.com. But it's not going to work, because imnotarealemailaddress@servername.com isn't a real email address that is accepting messages. This is bounceback hell.

 

Because that's what backscatter is? The message is stuck in queue with no place to go.

Backscatter (email) - Wikipedia, the free encyclopedia

"Backscatter occurs because worms and spam messages often forge their sender address and a misconfigured mail server, which has Delivery Status Notifications enabled sends a bounce message to this address. This normally happens when a mail server is configured to relay a message to an after-queue processing step, for example, an antivirus scan or spam check, which then fails, and at the time the antivirus scan or spam check is done, the client already has disconnected. In those cases, it's normally not possible to reject at the SMTP stage, since a client would time-out while waiting for the antivirus scan or spam check to finish. The best thing to do in this case, is then silently drop the message, e.g., pipe it to /dev/null."

 

End-users keep re-enabling the filter using fail. You can tell them until you're blue in the face, and it doesn't sink in. If the option is there, some users will click on it.

It's not a lot of users. But it is a nuisance when it does happen. And there's been at least one occasion where the user wrote back "why is the option there if we're not suppose to use it?" Because I can't remove it and the only people that can remove it apparently don't want to listen to reason.

 

I tell you what, set up a filter that fails with message on an email account that you own. Let me know what that email address is and what the filter criteria is, and I'll show you.