Hi Ken,
Are you using some sort of MX relay to do email filtering, so
> that by the time your BO server rejects the connection for no valid
> recipients, the outboard solution has already terminated its SMTP
> session and sends a bounce email? Otherwise, I don't see how an SMTP
> reject would be backscatter.
You know, after I wrote my earlier reply to Colin (and had another cup
of coffee to fully wake up) I was wondering about this as well.
What is the actual scenario of bounce generation? If the connection
attempt is *rejected* at the MTA on the BlueOnyx (because the recipient
doesn't exist), then the *sending* mailserver that contacted the
BlueOnyx will create a bounce.
But it's not the BlueOnyx that would create a bounce in that case.
So the sending mailserver (not the BlueOnyx) creates the bounce that
might flip back to an innocent bystander. Still: That bounce might show
the name and/or IP of the BlueOnyx as final destination where the reject
happened.
Someone else's mailserver config isn't something we can do much about.
Yet: This brings us back to SPF and the stricter sender checks that
Postfix on a BlueOnyx does. Might these have helped? The strict checks
in Postfix might have rejected the connection if the sender had no
reverse records and/or no valid domain name for the sending IP.
SPF might have detected that the sender address has SPF enabled and that
the sender IP and didn't conform with the published SPF records for the
domain name in the email address.
Still: This would have caused a reject on the BlueOnyx (not a bounce). A
bounce could only happen if the sender was an MTA and created the bounce
itself, because the BlueOnyx didn't want to "play" with it.
Try it out on one of your servers: Send an email to
nonexist...@yourserver.com and *your* *own* mailserver replies back to
you with a bounce, because the recipient doesn't exist.
And we can also simulate what happens by using Telnet, if the email is
from an external source and the spoken to mailserver is a BlueOnyx:
This is in a shell on my workstation:
mstauber@beast:~$ telnet mail.blueonyx.it 25
Trying 208.77.151.199...
Connected to mail.blueonyx.it.
Escape character is '^]'.
220 lists.blueonyx.it ESMTP Sendmail Ready; Sun, 2 Jul 2023 13:52:24 -0500
HELO sol.smd.net
250 lists.blueonyx.it Hello Dinamic-Tigo-191-89-131-84.tigo.com.co
[191.89.131.84] (may be forged), pleased to meet you
MAIL FROM: m...@blueonyx.it
250 2.1.0 m...@blueonyx.it... Sender ok
RCPT TO: nonexist...@blueonyx.it
553 5.3.0 nonexist...@blueonyx.it... No such user here
DATA
503 5.0.0 Need RCPT (recipient)
I faked to be sending email from the domain name "sol.smd.net" (which is
another server of mine), specified an existing sender email address of
mine and specified as RCTP TO an nonexisting email address.
Server answer:
553 5.3.0 nonexist...@blueonyx.it... No such user here
After that reject I could NOT specify a message body, as a valid
recipient is required. So no actual bounce was created.
Colin: Do you by chance have a mail relay in front of your BlueOnyx that
forwards the inbound emails to the BlueOnyx. Because *that* could be the
problem.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
