Topic: Bounced SPAM Logics.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? iRedMail Easy
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi All,
i got a question for the bouncing logics.
Everyday there are some mails that are being send to XXX@example.nl (on my mailserver) which are forwarded to yyy@example2.nl (external mailserver). The big problem is that some of mails are being bounced from yyy@example2.nl because of spam, which then will be send back to the (possible) original sender.
mail.log:
Apr 18 19:26:57 mail relay1/smtp[30387]: 494KdW2B5hz2Gb7: to=<xxx@yyyy.nl>, relay=mailfilter.hostnet.nl[91.184.19.251]:25, delay=2.2, delays=0.02/0.02/0.25/1.9, dsn=5.0.0, status=bounced (host mailfilter.hostnet.nl[91.184.19.251] said: 550 High probability of spam (in reply to end of DATA command))
As you can see. The mail that has been send to my mailserver, has been forwarded to xxx@yyy.nl (external server, hostnet.nl) which has been bounced because of the "high probability of spam". The next thing what happens is that this mail has been forwarded to "xxx@yyyy.nl" will be send back to the orginal sender.
mail.log:
Apr 18 19:26:57 mail relay1/smtp[30387]: 494KdY3ZwYz2Gb8: to=<noreply@clar.ca>, relay=ASPMX.L.GOOGLE.COM[173.194.76.27]:25, delay=0.21, delays=0.02/0.01/0.17/0.02, dsn=5.1.1, status=bounced (host ASPMX.L.GOOGLE.COM[173.194.76.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser l17si12575999wrp.0 - gsmtp (in reply to RCPT TO command))
As you can see. The original sender is noreply@clar.ca. Which did send at first to my mailserver and that message has been forwarded to xxx@yyyy.nl. So my mail server is trying to send the "bounced message, with high probability of spam" to noreply@clar.ca. which is a non existing e-mail account. So now Google is saying this e-mail does not exists. Which is fine.
PROBLEM: If you repeat this case situation on a Outlook related acocunt instead of Google. Then Microsoft will block your IP address. Which is terrible, because the whole "belocking process" of microsoft takes hours if everything goes fine. It will take days if they wont apply a mitigation for your IP address. So your whole IP reputations is gone and your e-mail accounts wont be able to send to Outlook, Hotmail and Live users. The most reason for blocking your IP is because of the "same message content", "reply with the original content, with maybe blocked URLs", "to many no existing e-mailaddress has been mailed".
SCALABLE PROBLEM: This problem will be bigger when you forward more and more messages from your own mailsystem In the extreem case you need to contact Microsoft each week to get a mitigation for your IP address. Which is not possible.
QUESTION / SOLUTION: When you forward a message from your mailserver to a external mailserver. The external mailserver says something like "high proability of spam" or DSN=5.0.0 etc. Then the bounced message could be discarded. This prevents that some "crap" e-mails are replied to fake e-mail account. This should not be a problem, because the sended e-mail is already not reaching its user inbox.
In my case, i would like to apply this solution.
1. Only i don't know how to config this logic in postfix.
2. Also i am interested in other opions.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.