1

Topic: Recipient address rejected: Blacklisted

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: CentOS Linux release 7.7.1908
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I have created a blacklist record for my email account blacklisting an email address. When a message from the address comes it is rejected with "Recipient address rejected: Blacklisted" diagnostics in the syslog. And the sender receives a message which contains

host mail.example.com: 554 5.7.1 <my-email@example.com>:
Recipient address rejected: Blacklisted

But it is the sender address that is blacklisted and rejected, not the recipient address. Is it a bug or an intentional feature (like  a kind of political correctness: we do not want to offend the sender saying he/she is rejected and therefore say that recipient is rejected)?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Recipient address rejected: Blacklisted

So you just want to replace the rejection message "Blacklisted" by some other text, right? The temporary solution is updating the text in file /opt/iredapd/libs/__init__.py (search "reject_blacklisted") directly.

3

Re: Recipient address rejected: Blacklisted

ZhangHuangbin wrote:

So you just want to replace the rejection message "Blacklisted" by some other text, right? The temporary solution is updating the text in file /opt/iredapd/libs/__init__.py (search "reject_blacklisted") directly.

The corresponding string is

'reject_blacklisted': 'REJECT Blacklisted',

so there is nothing to update there.

4

Re: Recipient address rejected: Blacklisted

I'm afraid that i don't quite understand what you want to achieve. sad

5

Re: Recipient address rejected: Blacklisted

ZhangHuangbin wrote:

I'm afraid that i don't quite understand what you want to achieve. sad

I want to see in the maillog "Sender address rejected: Blacklisted" instead of "Recipient address rejected: Blacklisted". Is it possible?

6

Re: Recipient address rejected: Blacklisted

Sure. The problem is you created a wrong blacklist record, you should block the sender, not the recipient. Check our tutorial here:
https://docs.iredmail.org/manage.iredap … blacklists

Make sure you use the correct sender / recipient.

7

Re: Recipient address rejected: Blacklisted

ZhangHuangbin wrote:

The problem is you created a wrong blacklist record, you should block the sender, not the recipient.

I use this:

python wblist_admin.py --account user@mydomain.com --add --blacklist baduser@example.com

Here user@mydomain.com is a user of my domain for which blacklist is created or enlarged and baduser@example.com is a sender I want to blacklist. In fact I use a small script which checks that the address after --account belongs to my domain and the address after --blacklist does not. I do not see here a possibility to blacklist a recipient instead of a sender.

8

Re: Recipient address rejected: Blacklisted

You missed "--outbound" argument.

9

Re: Recipient address rejected: Blacklisted

ZhangHuangbin wrote:

You missed "--outbound" argument.

I talk about messages received by my mail server from unwanted senders. These are inbound messages, aren't they? Why should I use "--outbound"?

10

Re: Recipient address rejected: Blacklisted

Well, I tried this:

python wblist_admin.py --outbound --account user@mydomain.com --add --blacklist bad@nasty_guy.com

As a result user@mydomain.com unfortunately receives messages from bad@nasty_guy.com without any problem but when user@mydomain.com tries to send a message to bad@nasty_guy.com, it is denied by the mail client:

An error occurred while sending mail. The mail server responded:
5.7.1 <bad@nasty_guy.com>: Recipient address rejected: Blacklisted.

Now the diagnostics is correct, it is the recipient whose address is blacklisted. But as you understand it is not the result I'd want. I'd like to blacklist a sender from the outer world in order to forbid receiving mail from him.

There is such a phrase in /opt/iredapd/ChangeLog for iRedAPD-2.0: "Return 'DISCARD' instead of 'REJECT' to Postfix so that blacklisted sender won't know it's blacklisted". It is very good! Unfortunately it does not work because the blacklisted address is incorrectly attributed as a recipient address instead of a sender one. Here is how receiving of a message from bad@nasty_guy.com by user@mydomain.com happens (if I don't use "--outbound"):

220 mail.mydomain.com ESMTP Postfix
EHLO <nasty_guy.com>
250-mail.mydomain.com
250-PIPELINING
250-SIZE 524288000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <bad@nasty_guy.com>
250 2.1.0 Ok
RCPT TO: <user@mydomain.com>
554 5.7.1 <user@mydomain.com>: Recipient address rejected: Blacklisted

As we can see here the server says "554 5.7.1" in reply to "RCPT TO:", because the sender address <bad@nasty_guy.com> was blacklisted for only one address <user@mydomain.com> and thus the server cannot know the sender address is blacklisted until it gets the receiver address. Maybe the fact that the server discovers there is blacklisting after getting the receiver address is the reason why it says that the recipient address and not the sender address is blacklisted. Nevertheless it is not correct and hence the message is rejected with the wrong diagnosis instead of being discarded.

11

Re: Recipient address rejected: Blacklisted

I changed "SMTP_ACTIONS['reject_blacklisted']" to "SMTP_ACTIONS['discard']" in /opt/iredapd/plugins/amavisd_wblist.py where sender address id blacklisted:

--- amavisd_wblist.py.bak       2018-12-31 21:17:25.000000000 +0300
+++ amavisd_wblist.py   2019-11-29 13:19:48.316114616 +0300
@@ -205,7 +205,7 @@
 
             if (rid, sid, 'B') in wblists:
                 logger.info("Blacklisted: wblist=(%d, %d, 'B')" % (rid, sid))
-                return SMTP_ACTIONS['reject_blacklisted']
+                return SMTP_ACTIONS['discard']
 
     return SMTP_ACTIONS['default']

Now if a sender is blacklisted, a message from him is discarded without any notice to the sender. From my point of view it is better than telling the sender someone is blacklisted. Recipient address instead of sender address is still mentioned in the log file: "Recipient address Policy discard".

12

Re: Recipient address rejected: Blacklisted

I guess i just made it easier in next iRedAPD release:
https://bitbucket.org/zhb/iredapd/commi … bce8934607

New setting `WBLIST_DISCARD_INSTEAD_OF_REJECT`.

If set to `True`, iRedAPD will discard email instead of rejecting
it with message `Blacklisted`.

Defaults to `False`.

So with next iRedAPD release, you don't need to modify /opt/iredapd/plugins/amavisd_wblist.py, just add below line in /opt/iredapd/settings.py and restart iredapd service:

WBLIST_DISCARD_INSTEAD_OF_REJECT = True

File /opt/iredapd/settings.py will be copied while upgrading iRedAPD, so your custom setting will be kept.