XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Xmail Generates Bounce Messages


Posted by: MaartenJB May 22 2007, 10:07 AM
Hello, I've got a problem with bounce messages that are being returned to sender. When the address on the next mailserver does not exist, xmail generates a bounce message.

This is my server.tab:

CODE
"RootDomain"    "mydomain.nl"
"SmtpServerDomain"      "mydomain.nl"
"POP3Domain"    "mydomain.nl"
"HeloDomain"    "mydomain.nl"
"PostMaster"    "postmaster@mydomain.nl"
"ErrorsAdmin"   "postmaster@mydomain.nl"
"RemoveSpoolErrors"     "0"
"NoSenderBounce"        "1"
"NotifyTryPattern"      ""
"MaxMTAOps"     "16"
"ReceivedHdrType"       "0"
"FetchHdrTags"  "+X-Deliver-To,+Received,To,Cc"
"MaxMessageSize"        "6000"
"AllowNullSender"       "0"
"DefaultSmtpPerms"      "MRVZ"


Thanks

Posted by: hschneider May 22 2007, 10:56 AM
"NoSenderBounce" "0"

Posted by: MaartenJB May 23 2007, 08:34 AM
Thanks for the response. I'm going to test this setting, but this is what the manual says:

CODE
[NoSenderBounce]

When building bounce messages, use the null SMTP sender ('MAIL FROM:<>') instead of the 'PostMaster' address. This will affect only the SMTP sender, while the message RFC822 headers will still contain the correct From: header.


I did see the option too, and "NoSenderBounce" is what I want. But when I read the manual, the explanation didn't make sence.

Posted by: MaartenJB Jul 3 2007, 10:31 AM
This is what I find in the XMail Queue Manager. The Senders address is incorrect, probably because of the space after the address. But why is this mail being generated? That shoud not happen right?


CODE
[127.0.0.1]:0;[127.0.0.1]:0;Thu, 28 Jun 2007 04:56:14 +0200
mydomain.com
X12E184
MAIL FROM:<postmaster@mydomain.com>
RCPT TO:<stannous@uymail.com >
<<MAIL-DATA>>
Date:   Thu, 28 Jun 2007 04:56:14 +0200
X-MessageId: <1182999374435.2792213392.5031e.lnxsrv2>
X-SmtpMessageId: <S12E183>
From: mydomain.com PostMaster <postmaster@mydomain.com>
To: stannous@uymail.com
Subject: Error sending message [1182999374435.2792213392.5031e.lnxsrv2] from [mydomain.com]
X-MailerServer: XMail 1.23
X-MailerError: Message = [1182999374435.2792213392.5031e.lnxsrv2] Server = [mydomain.com]

[<00>] XMail bounce: Rcpt=[kqkc@mydomain.com];Error=[501 Address Syntax Error in <stannous@uymail.com > SIZE=1642]


[<01>] Error sending message [1182999374435.2792213392.5031e.lnxsrv2] from [mydomain.com].

ID:        <S12E183>
Mail From: <stannous@uymail.com >
Rcpt To:   <kqkc@mydomain.com>
Server:    <192.168.1.1:25> [192.168.1.1:25]


[<02>] The reason of the delivery failure was:

501 Address Syntax Error in <stannous@uymail.com > SIZE=1642


[<05>] Here is listed the initial part of the message:

Received: from cpe-24-210-144-230.woh.res.rr.com ([24.210.144.230]:1777)
by mydomain.com with [XMail 1.23 ESMTP Server]
id <S12E183> for <kqkc@mydomain.com> from <stannous@uymail.com>;
Thu, 28 Jun 2007 04:56:13 +0200
Received: from yesterdaynowzzz (HELO dementiahost.localleander)
 by nearl7.occurrent.sd.biz with WQMTP; Thu, 28 Jun 2007 08:41:52 +0500
Date: Wed, 27 Jun 2007 21:36:52 -0600
Message-Id: <CFE7.9A8.3019798B8C@mopalinux.com>
From: "Shawn Perez" <stannous@uymail.com >
To: kqkc@mydomain.com
Subject: monogamy, bet and win casino Royal
Reply-To: dirk@complain.zaire.deficient.ac.za
X-Scanner: prone for cyclopean (http://duncanthrax.net/exiscan/)
X-Virus-Scanner: AMaVis 0.2.0-pre6 / Virus Scan
X-Loop: anglo@seeing.fr
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit


this is my server configuration:

CODE
"RootDomain"    "mydomain.com"
"SmtpServerDomain"      "mydomain.com"
"POP3Domain"    "mydomain.com"
"HeloDomain"    "mydomain.com"
"PostMaster"    "postmaster@mydomain.com"
"ErrorsAdmin"   "postmaster@mydomain.com"
"RemoveSpoolErrors"     "0"
"NoSenderBounce"        "0"
"MaxMTAOps"     "16"
"ReceivedHdrType"       "0"
"FetchHdrTags"  "+X-Deliver-To,+Received,To,Cc"
"MaxMessageSize"        "6000"
"AllowNullSender"       "0"
"DefaultSmtpPerms"      "MRVZ"

Posted by: hschneider Jul 3 2007, 12:02 PM

QUOTE

Mail From: <stannous@uymail.com >



Remove the space after the recipient address and check again. XQM's SLOG file to this message would be helpful. Trying this server manually shows that it probes the sender against several antispam rules. So If your domain does not match all criteria, the connection will be dropped:

This gives you the recipient's MX:
http://www.checkdns.net/quickcheck.aspx?domain=uymail.com&detailed=1

This is a telnet session with this server:


CODE

$ telnet uymail-com.mr.outblaze.com 25
Trying 64.62.181.94...
Connected to uymail-com.mr.outblaze.com.
Escape character is '^]'.
220 spf5-4.us4.outblaze.com ESMTP Postfix
helo test
250 spf5-4.us4.outblaze.com
mail from: <test@test.de>
250 Ok
rcpt to: <stannous@uymail.com>
550 <test>: No thank you rejected: Mail refused: See http://spamblock.outblaze.com/HCUX329959
rcpt to: <stannous@uymail.com >
550 <test>: No thank you rejected: Mail refused: See http://spamblock.outblaze.com/HCUX329959
421 spf5-4.us4.outblaze.com Error: timeout exceeded
Connection closed by foreign host.


Please post the SLOG if possible.



Posted by: MaartenJB Jul 3 2007, 01:05 PM
Just to be sure, I don't want this message to be sent, because it is spam. I want to prevent bounce messages from being sent back to the spammer.

This is the SLOG from XQM:

CODE
[PeekTime] 1183453970 : Tue, 3 Jul 2007 11:12:50 +0200
<<
ErrCode   = -40
ErrString = Invalid server address
ErrInfo   = uymail.com
SMAIL SMTP-Send FF = "uymail.com " SMTP = "mydomain.nl" From = "postmaster@mydomain.nl" To = "stannous@uymail.com " Failed !
SMTP-Error = "417 Temporary delivery error"
SMTP-Server = "uymail.com "
>>


Posted by: hschneider Jul 3 2007, 01:12 PM
I see ... clear ErrorsAdmin and TempErrorsAdmin in server.tab.


QUOTE

    [ErrorsAdmin]
        The email address that receives notification messages for every
        message that has had delivery errors. If it is empty (allowed), the
        notification message is sent to the sender only.

    [TempErrorsAdmin]
        The email address that receives notification for temporary delivery
        failures. In case it's empty the notification message is sent to the
        sender only.



Posted by: MaartenJB Jul 3 2007, 01:56 PM
Thanks, I'm going to try that one. But when I read the discription of the two settings, than this is not wat I want. I want no bounce/error message to be sent to anyone. Especially not to the sender. (spammer)

thanks

Posted by: jdsmith Jul 5 2007, 01:48 PM
Hello,

Just so that I understand... what is the problem with 'bounced' messages being returned to the message originator when the recipient address is rejected at the destination mail server?

I would think that this is reasonable behaviour.

But, the reason I ask this question is that I do not understand the reply... which I hope will add to my general knowledge.

The answer was... "NoSenderBounce" "0"

This should mean, when xMail Server creates 'bounced NDR messages' use a NULL Sender Address.

--

So for clarification, what is the problem that you are experiencing??

Posted by: MaartenJB Feb 21 2008, 12:47 PM
Sorry for the VERY late response.

The reason why I don't want the mailserver to send a notification error is because this would let the spammer know the message is received.

This causes the spammer to send even more spam. The second problem is, the spammer can use an address that is valid, but not his own. The "victum" the address belongs to receives all the notification errors. In this case my mailserver is generating a lot of "spam", and this can get me blacklisted.

I tried al the suggestions mentioned, but none seem to work.


Posted by: GGGss Mar 12 2008, 10:25 AM
Any solutions yet regarding this topic?
If there is a flaw in combatting spam the 'absolute no bounce' option would work great.

I see that spammers are using bogus return adresses just to waste bandwidth and processor time.

Regards,
Fredje

Posted by: hschneider Mar 14 2008, 08:09 AM
You could create a custom filter which stops all bouncing messages in filters.out.tab.

Posted by: MaartenJB May 22 2008, 05:35 PM
Hi, I'm willing to give this filter a try. Do you maybe have a small example for me? Or point me in the right direction?

Thanks in advance

Posted by: hschneider May 24 2008, 07:39 AM
Check the presence of "X-MailerServer: XMail" and "X-MailerError:" in each outgoing mail's header. If found, reject the message and stop further filters.

Posted by: sc4vengr Jun 11 2008, 10:14 PM
Today, SpamCop decided to black list my server because it sends out bounce message as it should.

If this can help anyone, I have just finished my script to prevent XMAIL to send any bounce message except when RCPT is 2 addresses that I have specified in the code, it may not be perfect but it works.

filters.out.tab
CODE

"*"[TAB]"*"[TAB]"0.0.0.0/0"[TAB]"0.0.0.0/0"[TAB]"antibounce.tab"[CRLF]


filters/antibounce.tab
CODE

"/mailsrv/MailRoot/filters/antibounce/antibounce.php"[TAB]"@@FILE"[TAB]"@@RCPT"[CRLF]


filters/antibounce/antibounce.php
CODE

#!/usr/local/bin/php
<?php

/**
* MailAntibounce
*
* @author scav
* @copyright Copyright 2008
* @version 1.0
* @access public
*/

class MailAntibounce {
   var $_logDir = '/mailsrv/MailRoot/logs/';
   var $_file;
   var $_mail = '';
   var $_time_start;
   var $_drop_code = 4;
   var $_ok_code = 0;
   var $_writeLog = true;
   var $_filter_bypass = false;
   var $_to = '';

   /**
    * MailAntibounce::MailAntibounce()
    *
    * @param mixed $pArg1 Mail file
    * @param mixed $pArg2 To
    */
   function MailAntibounce($pArg1, $pArg2)
   {
       $mtime = explode(" ", microtime());
       $this->_time_start = $mtime[1] + $mtime[0];

       $this->_file = $pArg1;
       $this->_to = $pArg2;

       if ($this->_filter_bypass == true) {
           $this->printLog("Bypassed", $this->_ok_code);
           exit($this->_ok_code);
       }

       if ($this->_to == "root@mydomain.net") {
           $this->printLog("Whitelisted TO (root@mydomain.net)", $this->_ok_code);
           exit($this->_ok_code);
       }

       if ($this->_to == "postmaster@mydomain.net") {
           $this->printLog("Whitelisted TO (postmaster@mydomain.net)", $this->_ok_code);
           exit($this->_ok_code);
       }

       $this->getMail();

       if ($this->readMailError()) {
           $this->printLog("BOUNCE DETECTED, DROPPING MAIL", $this->_drop_code);
           exit($this->_drop_code);
       } else {
           $this->printLog("OK", $this->_ok_code);
           exit($this->_ok_code);
       }
   }

   /**
    * MailAntibounce::getMail()
    *
    * Charge le mail
    */
   function getMail()
   {
       if (file_exists($this->_file)) {
           $fp = fopen($this->_file, 'r');
           while (!feof($fp)) {
               $this->_mail .= fgets($fp);
           }
           fclose($fp);
       } else {
           $this->printLog("FILE ERROR(2)", $this->_ok_code);
           exit($this->_ok_code);
       }
   }

   function printLog($pStatus = 'OK', $pExitCode = 0)
   {
       if ($this->_writeLog) {
           $filename = $this->_logDir . 'antibounce-' . date('Ymd') . '0000';
           $handle = fopen($filename, 'a+');
           fwrite($handle, date('Y-m-d H:i:s') . "\t"
                . $this->_to . "\t"
                . $pExitCode . "\t"
                . $this->getProcessingTime() . "\t"
                . $pStatus . "\n");
           fclose($handle);
       }
   }

   function readMailError()
   {
       $mailerServer = strpos($this->_mail, 'X-MailerServer:');
       $mailerError = strpos($this->_mail, 'X-MailerError:');
       if ($mailerServer && $mailerError) {
           return true;
       } else {
           return false;
       }
   }

   function getProcessingTime()
   {
       $mtime = explode(" ", microtime());
       $time_stop = $mtime[1] + $mtime[0];
       return round($time_stop - $this->_time_start, 4);
   }
}
// Si ca chi, uncomment this line:
// exit(0);
$mail = new MailAntibounce($argv[1], $argv[2]);
// $mail = new MailAntibounce('mail.txt', 'saf');

?>


Enjoy

Posted by: voigt Jun 12 2008, 12:52 AM
Here's what was working for me until I upgraded to 1.25 (note this probably has nothing to do with my problem with 1.25 and should work there too):
Create a postmaster account called for example postxmaster. Point all postmaster related server.tab entries at it. Create a null file called mailproc.tab in it's mail directory. No more bounce messages.

Why do this? Spammers send spam to my server to a non-existent user with a return address of the target spam victim. If you allow xmail to send out "message undeliverable notifications", the spammers spam will be delivered back to where xmail "thinks" it came from, thus spamming the faked from address.

If there's a better, easier way (filters are not easier and probably generate a lot of unnecessary overhead) I'd love to know. We really need a "never, ever send any postmaster mail off the local lan" flag in server.tab. As been mentioned elsewhere, spamcop will put you in banned lists if you bounce spammers messages for them. They have "honey pots" all over that look for postmaster messages.

Posted by: pepsi Jun 12 2008, 12:43 PM
Just a quistion beside.

at my work we use a mailrelay server. This server does during the handshake if the recipient mail address exists. If not the connection is closed. So the sending mailserver is responsible for sending the NDR.
In this way not my ip address is blacklisted but the server that is sending spam.

Is this an option for Xmailserver ?

Posted by: hschneider Jun 13 2008, 08:52 AM
Voigt, pls forward this feature request direclty to Davidel at xmailserver.org.
Pepsi, this will fail when the recipient has catchall accounts ....

Posted by: voigt Sep 11 2008, 12:31 PM
Further research reveals the following: These e-mails (which originate from my mail server) are created by xmail with a null sender "<>". They are bounce messages. I cannot find any way to be rid of them. Maybe someone has an idea. (I have messaged Davide.)

My server (call it m1) acts as a secondary MX for another domain (m2). The other domain is running xmail 1.24.

domain m2 has the following users: u1, u2 and u3.

Spammer sends mail to fakeuser@m2 with a faked sender address of spamtarget@someotherdomain. This e-mail is sent to my server (m1).
My server attempts to relay it to m2 like a good secondary should. Unfortunately, m2 won't ever accept it because it has no user fakeuser@m2. Eventually m1 gives up trying to relay the message, applys a bounce message from <> to the front and "returns" it to the "sender" spamtarget@someotherdomain. So our clever spammers have found a way to relay their crap through my server.

I'd really like to stop this. I've temporarily removed my backup MX records for my friends domain. I hope there's some other way to fix this.

John


Posted by: voigt Sep 12 2008, 01:35 AM
Here's Davide's reply:

Feed the backup MX with the proper accounts handled by the primary MX.
This is typically done by creating one cmdalias file for every account,
having an "smtprelay" line pointing to the real MTA.
This better be scripted, and done automatically, for your sake.
No, I don't have the scripts (since I have no need for them), and people
that wrote them were not willing to share them.



- Davide


I guess xmail's just not meant to be a reasonable secondary server.

John

Posted by: Sob Sep 12 2008, 08:23 PM
I tried the following and it seems to work just fine:

Primary server: mx1.example.net, XMail, Win32
Secondary server: mx2.example.net, XMail, Linux

Primary server has regular domain example.net with all accounts.
Secondary server has also regular domain example.net (not custom domain) but with no acccounts.

update-accounts.bat goes to primary server, update-accounts.php goes to secondary server.

To synchronize accounts, just to run update-accounts.bat is required.

It doesn't handle disabled acccounts. Getting the list of accounts from XMail would have to be modified for that.


update-accounts.bat:
CODE

CtrlClnt -s mx1.example.net -u ctrluser -p password -f users.txt "userlist"[TAB]"example.net"
CtrlClnt -s mx1.example.net -u ctrluser -p password -f aliases.txt "aliaslist"[TAB]"example.net"
pscp.exe -agent users.txt aliases.txt xmail@mx2.example.net:/tmp/
plink.exe -agent xmail@mx2.example.net update-accounts.php

Replace [TAB] by real tab.
pscp.exe and plink.exe are part of PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/)

update-accounts.php:
CODE

<?php
 $mailroot="/var/MailRoot"; #XMail root
 $dataroot="/tmp"; #where txts are uploaded
 $domain="example.net"; #domain name
 $relayto="mx1.example.net:25"; #where to relay mail to
 #----------------------------------------
 $accounts=Array();
 if($dh=opendir($mailroot.'/cmdaliases/'.$domain)) {
   while(($account=readdir($dh))!==false) {
     if(preg_match("/^([a-z0-9\-\.]+)\.tab$/", $account, $matches)) {
       $accounts[$matches[1]]=0;
     }
   }
   closedir($dh);
 }
 #
 foreach(Array('users.txt', 'aliases.txt') as $file) {
   $data=file($dataroot.'/'.$file);
   foreach($data as $line) {
     $tmp=explode("\t", $line);
     if($tmp[0]=="\"".$domain."\"") {
       $user=substr($tmp[1], 1, strlen($tmp[1])-2);
       $accounts[$user]=1;
     }
   }
 }
 #
 $tabfile="\"SMTPRELAY\"\t\"".$relayto."\"\n";
 foreach($accounts as $account=>$create) {
   $file=$mailroot.'/cmdaliases/'.$domain.'/'.$account.'.tab';
   if($create) {
     file_put_contents($file, $tabfile);
   } else {
     unlink($file);
   }
 }
?>

Posted by: voigt Sep 13 2008, 12:14 AM
Hi:

I really appreciate you going to the trouble of writing those scripts and I hope they help someone. I can't really use them because I was acting as a secondary for 14 different domains (2 of whom also do secondary for domains that I host) and on top of being cumbersome, it's less secure than a simple custom domain. It also requires that additional control ports be opened in the firewall (or at least ssh ports for putty) which is not really an option I'd like to explore.

I'm looking at other solutions for the secondary servers that don't require knowledge of the individual accounts and yet won't relay spam.

Obviously, a "don't ever send e-mail from "<>" or postmaster" feature would solve my problem but I surely won't complain about something that Davide's given us for free. I suspect my situation is pretty unique anyway.

Thanks again,

John

Posted by: RoxXxer Sep 15 2015, 08:21 AM
I want to stop sending bounce mail to Postmaster. It should be sent only to the sender .How can I do that ?

sad.gif mellow.gif

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)