Mailing List Archive: Qmail: users

issues because of forwarded mails : "550 Too many errors from your IP"

Index | Next | Previous | View Threaded

om-lists-qmail at omx

May 1, 2008, 5:49 AM

Post #1 of 5 (397 views)
Permalink

issues because of forwarded mails : "550 Too many errors from your IP"

Hello,

Some of my servers were blacklisted recently not because they were
sending spams, but because there were generating "too many errors".
The one from free.fr is an example (but not the only one):
http://postmaster.free.fr/index_en.html: first a few: "421 Too many
errors from your IP", and then "550 Too many errors from your IP" for
86400 seconds.

The same happened once or twice with http://bsn.borderware.com/ : IP
"reputation" went down, and some recipients using this kind of antispam
device (usually large companies) were not accepting mails anymore for a
defined period of time or until delisting.

After investigation, it came out that it was just because of a few old
mail aliases / forwarding, which the domain owner / customer forgot
to remove.

For example, with "example.com" hosted on my server, and "example.net"
hosted somewhere else.

user[at]example.com is a mail redirection to invalid[at]example.net

Any mail to "user[at]example.com" will be accepted by the server, because
the address is valid (after validrcpt check, cvm, etc.). But then the
server will try to forward the mail to "invalid[at]example.net", and as it
fails, it will want to send a bounce message to the original (and
sometimes fake) sender. Multiply that by 1000 and you will get
blacklisted by both the hoster of "example.net" and the maybe the sender
(because of the excessive bounces)

What would you suggest to do against that kind of issues? I can't check
the validity of all mail forwarding accounts for every user "by
hand" (there are hundreds of domains), and disallowing the use of
forwarding accounts is not really an option...

Most of the mail accounts are managed with vmailmgrd, and some of them
via .qmail-xyz files (&target[at]example.net). Now I guess I should find a
way to detect these kind of "expired" accounts, to then remove/disable
them, or at least get a list to forward to the customer support... :)

And you, what is your solution/suggestion?
regards from Switzerland & happy 1.05.2008,
Olivier

qmail-07 at jeremykister

May 1, 2008, 6:33 AM

Post #2 of 5 (373 views)
Permalink

Re: issues because of forwarded mails : "550 Too many errors from your IP" [In reply to]

On 5/1/2008 8:49 AM, Olivier Mueller wrote:
> After investigation, it came out that it was just because of a few old
> mail aliases / forwarding, which the domain owner / customer forgot
> to remove.
> [...]
> What would you suggest to do against that kind of issues? I can't check

I created code to combat this type of thing on my severs. basically, we
rely on the fact that a spammer will eventually send you email with a
non-deliverable return address that, after the target host denies the
mail from you at smtp time, will generate a bounce message which will
sit in your outbound queue for some period.

i run the code from cron every 10 minutes. less frequently would
probably be fine.

I believe the code is drop-in ready for vpopmail users. modifications
would be needed for vmailmgr.

http://jeremy.kister.net/code/qmail/qmail_nuke_bouncing_addrs.pl

--

Jeremy Kister
http://jeremy.kister.net./

om-lists-qmail at omx

May 1, 2008, 7:05 AM

Post #3 of 5 (372 views)
Permalink

Re: issues because of forwarded mails : "550 Too many errors from your IP" [In reply to]

Hi Jeremy & thanks for your feedback!

On Thu, 2008-05-01 at 09:33 -0400, Jeremy Kister wrote:
> I created code to combat this type of thing on my severs. basically, we
> rely on the fact that a spammer will eventually send you email with a
> non-deliverable return address that, after the target host denies the
> mail from you at smtp time, will generate a bounce message which will
> sit in your outbound queue for some period.

Looks good, I just had a look at your code: interesting concept :)
I was thinking about something looking at the mail logs, but tracking
the bounces directly in the queue also seems to be a solution...

I'll try to make it vmailmgr-compatible... At the moment, it dies at
the beginning because there is no "/var/qmail/users/assign" file.

regards,
Olivier

lists07 at abbacomm

May 1, 2008, 9:14 AM

Post #4 of 5 (372 views)
Permalink

RE: issues because of forwarded mails : "550 Too many errors from your IP" [In reply to]

>
> I believe the code is drop-in ready for vpopmail users. modifications
> would be needed for vmailmgr.
>
> http://jeremy.kister.net/code/qmail/qmail_nuke_bouncing_addrs.pl
>
> --
>
> Jeremy Kister

Jeremy

Would this mainly need to be used on higher number user and volume
systems???

On low volume systems, it appears it would be removing valid forwards unless
I am reading the code wrong...

Our forward bounces are on reject (typically from juno etc) because of
spamminess even though we check for spam before forward

- rh

qmail-07 at jeremykister

May 1, 2008, 3:11 PM

Post #5 of 5 (363 views)
Permalink

Re: issues because of forwarded mails : "550 Too many errors from your IP" [In reply to]

On 5/1/2008 12:14 PM, Robert - elists wrote:
> On low volume systems, it appears it would be removing valid forwards unless
> I am reading the code wrong...

it could remove valid forwards on any volume systems. The code
currently runs on an ISP mail setup, where the rules include a simple
rule - if your forward causes headache, it'll be converted to a mailbox
and we'll give you a phone call about it.

it wouldnt be hard at all to modify the code so that it looked for
keywords in the bounce like 'user not known' or 'invalid mailbox', etc.,
before removing the file.

--

Jeremy Kister
http://jeremy.kister.net./

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com