Remove Fail from email filter options - Backscatter

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
Is this how new feature requests is suppose to work? Make a new feature request and then start a thread on the forums to plug that feature request?

I've made a feature request to request cPanel to remove the Fail With Message option from email filter's in end-user's cPanel:

Remove Fail from email filter options - Backscatter

I would encourage people to read it and vote for it.
 

Infopro

Well-Known Member
May 20, 2003
17,076
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Is this how new feature requests is suppose to work?
No. How Feature Requests work is posted here:
https://forums.cpanel.net/pages/cpfeatures/

Here:
Home »Server Configuration »Tweak Settings, Mail tab, are setting for this I believe.

Initial default/catch-all forwarder destination [?]
Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “Fail” rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. “Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
So you don't talk up your feature request in the forums? How do people find the new feature requests? Seems most people read the forums. I can understand cPanel's development team wanting feature requests in a central location. But I can also see the forums as being a venue to encourage other people to read the feature request and vote and/or give feedback on that feature request.

The setting you are talking about, in Tweak Settings, is for the default address. I agree with this. When Fail is used for the default address, the message is never accepted (never given an exim message id) on the server. But when using filters, end-user filters, those messages are accepted by the server and then the filter tries to bounce it back. Then that bounceback message gets caught in bounceback hell (backscatter).
 

Infopro

Well-Known Member
May 20, 2003
17,076
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
I've never experienced that in over 10 years so can't properly assist you there. I trust this advice:
Why you should use :fail:

The forums is where Feature Requests were posted, and it was a lot of work to maintain:
Feature Requests Have a New Home Starting Today

How do people find the new feature requests?
They visit the Feature Requests site, search for a feature (hopefully) before posting one of their own. The Feature Requests site is very active, people find it.
 
  • Like
Reactions: mtindor

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
Well, chirpy is right with what he says on that link. But he is referring to the default address. Let's make sure we're differentiating these things correctly:

Default address != ANY filter

I think this is a misunderstanding that most end-users don't get. And it may be a misunderstanding that cPanel is not understanding. Everyone thinks fail is what you should do all the time, but they don't understand the context of where it is being used.

Consider an SMTP transaction, when sending to a non-existant email account:

Code:
# telnet mail.yourmailserver.com 25
Trying XX.XX.XX.XX...
Connected to mail.yourmailserver.com
Escape character is '^]'.
220-mail.yourmailserver.com ESMTP Exim 4.85 #2 Fri, 05 Feb 2016 12:44:12 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO servername
250-mail.yourmailserver.com Hello servername
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: <[email protected]>
250 OK
rcpt to: <[email protected]>
550 No Address Here
DATA
503-All RCPT commands were rejected with this error:
503-No Address Here
503 Valid RCPT command must precede DATA
This is correct. This is the DEFAULT ADDRESS being set to fail.


But an email that has a filter:

Code:
# telnet mail.yourmailserver.com 25
Trying XX.XX.XX.XX...
Connected to mail.yourmailserver.com.
Escape character is '^]'.
220-mail.yourmailserver.com ESMTP Exim 4.85 #2 Fri, 05 Feb 2016 12:48:29 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO servername
250-mail.yourmailserver.com Hello servername
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: <[email protected]>
250 OK
rcpt to: <[email protected]>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <[email protected]>
To: <[email protected]>
Subject: Test Message

I'm the part of the message that's going to hit the filter.
.
250 OK id=1aRkUo-0004Su-O4
quit
221 mail.yourmailserver.com closing connection
Connection closed by foreign host.
In this example, this message was accepted (note id=1aRkUo-0004Su-O4). But because [email protected] has a filter set to filter messages that contain "I'm the part of the message that's going to hit the filter." and fail them, then yourmailserver.com is going to try to send that fail message to [email protected]. But it's not going to work, because [email protected] isn't a real email address that is accepting messages. This is bounceback hell.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
Because that's what backscatter is? The message is stuck in queue with no place to go.

Backscatter (email) - Wikipedia, the free encyclopedia

"Backscatter occurs because worms and spam messages often forge their sender address and a misconfigured mail server, which has Delivery Status Notifications enabled sends a bounce message to this address. This normally happens when a mail server is configured to relay a message to an after-queue processing step, for example, an antivirus scan or spam check, which then fails, and at the time the antivirus scan or spam check is done, the client already has disconnected. In those cases, it's normally not possible to reject at the SMTP stage, since a client would time-out while waiting for the antivirus scan or spam check to finish. The best thing to do in this case, is then silently drop the message, e.g., pipe it to /dev/null."
 

Infopro

Well-Known Member
May 20, 2003
17,076
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Yea, I should probably back out of this quietly now I think... :-p

But when using filters, end-user filters, those messages are accepted by the server and then the filter tries to bounce it back.
But I'm curious enough to ask, how big of a problem is this for you? If user sets up a filter you speak of, it causes issues and my mail queue starts filling up. I've been keeping an eye on that for years and the moment I see the issue, I sort it out.

What did I do to sort it out though? Remove the end-users filter? If yes, that's easy enough.

How many users do that though? I assume often enough that you were compelled to post a new Feature Request and start this thread.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
End-users keep re-enabling the filter using fail. You can tell them until you're blue in the face, and it doesn't sink in. If the option is there, some users will click on it.

It's not a lot of users. But it is a nuisance when it does happen. And there's been at least one occasion where the user wrote back "why is the option there if we're not suppose to use it?" Because I can't remove it and the only people that can remove it apparently don't want to listen to reason.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,087
243
368
cPanel Access Level
Root Administrator
I tell you what, set up a filter that fails with message on an email account that you own. Let me know what that email address is and what the filter criteria is, and I'll show you.