[qmailtoaster] Re: Mailer -daemon failure notice

[Eric Shubert]

This has to be the most thorough reply to a post I've seen in quite a 
while. Kudos to Dan for his work on this one! His post would make a nice 
addition to a mail administrator guide.

I'd like to comment on just two things.
First, note that SaneSecurity is not included in the stock QMT. You need 
to run the qtp-install-sanesecurity script (formerly some other name) in 
order to activate it. I don't know whether or not we'll include it in 
the stock QMT at some point. Perhaps we will, with an easy way to turn 
it on and off. I've personally been using it for quite a while now. They 
do occasionally get a false positive, but usually get it corrected in a 
timely manner. The only other problem I've had is with phishing 
signatures. The forgers out there have gotten very good at forging 
emails from Chase and AmEx (and perhaps other big financial companies), 
to the point where Sane's filters occasionally reject legitimate 
messages such as statement notifications. To get around this I've added 
entries to my tcp.smtp file for Chase and AmEx outbound mail servers to 
bypass simscan entirely. This was fairly easy to do by interrogating 
their SPF (DNS TXT) record. This can change periodically though, 
requiring revisitation of

What would be really nice would be for a way to bypass scanning when SPF 
passes, perhaps only for certain senders. This can't be done presently, 
but I'm hopeful that an updated spamdyke together with amavisd-new 
(simscan replacement) might provide that capability in the future. 
That's a ways off though.

Second, a note regarding invalid email addresses. While Dan's 
recommendation to delete email sent to invalid addresses is certainly 
appropriate in some situations, and is preferred to rejecting them 
(which is required according to RFC2821 section 3.7 - a bad rule IMO), I 
prefer to take a more personal approach and use a catchall account 
(postmaster works fine in my case).

Using a catchall allows me to receive messages with misspelled accounts. 
When this happens, I forward the message to the recipient, and add a 
forward for the misspelled name at the same time, so any further 
messages with the misspelling go straight to the recipient. I wouldn't 
recommend doing this with a domain which has many accounts, but for SMB 
or family-sized domains, it's a nice touch.

I also do something a bit unconventional with my domain's email 
addresses. I use forwards a LOT. When a retail establishment (or any 
business or maybe a web site for that matter) asks for my email address, 
I make one up just for them (I'm *such* a nice guy!). For instance, if 
Target asked for my email address, I'd use targetsto...@mydomain.com as 
my email address. If I forget to add a forward for that name (which 
happens most of the time), I get the first email in the catchall 
account, at which time I'll add a forward to the appropriate account. In 
addition to helping to protect my 'real' email account, I can easily 
tell where this name originated should I start getting spam to that 
address. It's easy to block that name using the badmailto file should 
the need arise. I've thought that if I ever get a ton of spam to that 
address, I could forward it on to the place I originally gave that 
address to, but this thankfully hasn't actually happened yet.

Many email admins fear getting a ton of email to a catchall account. 
That hasn't happened in my case. In fact I get very close to none, 
largely due I expect to the effectiveness of spamdyke. I do also use a 
few rules in the badmailto file which probably helps in this regard. For 
instance, I don't have a '.' in any account names, so I can tell 
badmailto to reject any message with '.' in the account part of the 
address. Some numbers can be used in this manner as well. The regex 
capability of the badmailto file is very powerful.

Anyhow, those are my thoughts for now. Comments are welcome.

Again, nice post, Dan.

Thanks!

--
-Eric 'shubes'

On 08/29/2013 05:47 AM, Dan McAllister wrote:
You list several messages -- each a different reason for failure... see
embedded below:

On 8/29/2013 12:14 AM, ChandranManikandan wrote:
Hi All,
Again i received below message when we send email to any one and
getting bounce with unwanted emails are showing also.
I have to mention other thing. Am using outgoing server other smtp
server. Is any problem occur from outgoing smtp server. Please help
me. Below All ip and email address is not ours.

Hi. This is the qmail-send program at mail.panasiagroup.net
<http://mail.panasiagroup.net>.
I tried to deliver a bounce message to this address, but the bounce
bounced!

<jk...@stsinspect.com <mailto:jk...@stsinspect.com>>:
User and password not set, continuing without authentication.
<jk...@stsinspect.com <mailto:jk...@stsinspect.com>> 72.167.238.29
failed after I sent the message.
Remote host said: 552 5.2.0 H1Dm1m00r2XfecZ011DoK1 IB212 msg rejected
as spam
Remote host determined AFTER receiving the message that the contents
were SPAM and then rejected it. Check your reputation -- or maybe even
try to contact postmas...@stsinspect.com to see why it thought your
message was SPAM.

<harms...@supanet.com <mailto:harms...@supanet.com>>:
User and password not set, continuing without authentication.
<harms...@supanet.com <mailto:harms...@supanet.com>> 213.40.180.222
failed after I sent the message.
Remote host said: 550-This message contains a virus or other harmful
content
550 (Sanesecurity.Spam.ldb.59.UNOFFICIAL)
The recipient mail server is using SaneSecurity (perhaps even a QMT host
using simscan, because it uses SaneSecurity as well!) and it detected a
virus in your message. SaneSecurity just recently had a problem with a
virus pattern file that essentially matched any URL (any occurrence of
:// was marked as viral)... but this is another example (as the previous
one) where you cannot control how the recipient deals with your message.
If they have a bad virus pattern file, there isn't much YOU can do about
it except TRY to bring it to their attention.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 21062 invoked for bounce); 28 Aug 2013 15:27:45 -0000
Date: 28 Aug 2013 15:27:45 -0000
From: mailer-dae...@mail.panasiagroup.net
<mailto:mailer-dae...@mail.panasiagroup.net>
To: ravindran.recruiter+caf_=ravi=panasiagroup....@gmail.com
<mailto:panasiagroup....@gmail.com>
Subject: failure notice

Hi. This is the qmail-send program at mail.panasiagroup.net
<http://mail.panasiagroup.net>.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<ear...@familyaccess.net <mailto:ear...@familyaccess.net>>:
Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4)
familyaccess.net is likely a local domain -- either way, using the DNS
services you've configured, there is no familyaccess.net, or if there
is, it has no MX record.

<itcpubli...@flashmail.com <mailto:itcpubli...@flashmail.com>>:
User and password not set, continuing without authentication.
173.194.79.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach
does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596
hb3si7063498pac.65 - gsmtp Giving up on 173.194.79.27.
Just as it says -- there is no such mailbox as itcpubli...@flashmail.com
-- no mailbox = no delivery. BE WARNED -- repeated attempts to send mail
to the same "bad address" can get you blacklisted... either publicly,
privately, or both!

<cmo...@filmgraphics.com <mailto:cmo...@filmgraphics.com>>:
User and password not set, continuing without authentication.
173.194.79.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach
does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596
bo2si6500759pbb.44 - gsmtp Giving up on 173.194.79.27.
Just as it says -- there is no such mailbox as cmo...@filmgraphics.com
-- no mailbox = no delivery. BE WARNED -- repeated attempts to send mail
to the same "bad address" can get you blacklisted... either publicly,
privately, or both! NOTE: THIS IS THE SECOND GMAIL HOSTED ACCOUNT THAT
HAS FAILED -- _*STRIKE TWO!*_

<c...@farbeduciel.com <mailto:c...@farbeduciel.com>>:
User and password not set, continuing without authentication.
66.39.2.47 does not like recipient.
Remote host said: 554 5.7.1 <c...@farbeduciel.com
<mailto:c...@farbeduciel.com>>: Recipient address rejected: Access
denied Giving up on 66.39.2.47.
Not as verbose as GMAIL's failure, but the cause is the same --
c...@farbeduciel.com does not appear to be a valid email address...

<home...@fastwebnet.it <mailto:home...@fastwebnet.it>>:
User and password not set, continuing without authentication.
<home...@fastwebnet.it <mailto:home...@fastwebnet.it>> 85.18.95.16
failed after I sent the message.
Remote host said: 554 Message refused
OK, now this one is more interesting... AFTER receiving the message, the
recipient host said "no thanks" and gave no reason why. You may be on a
blacklist (private, subscription, or even public -- but public ones are
easier to detect), or you may have been detected as SPAM, or you may
even have been detected as a virus with the same bogus pattern as
above... you have no way to tell unless you contact the postmaster
account and inquire.... of course, what percentage of postmaster
accounts actually READ their messages? (I'm guessing a single-digit
percentage....)

<hannu.sydanm...@fi.abb.com <mailto:hannu.sydanm...@fi.abb.com>>:
User and password not set, continuing without authentication.
129.35.204.80 does not like recipient.
Remote host said: 550 Denied by policy.
Giving up on 129.35.204.80.
Again, more interesting -- denied by policy could be anything from the
user (hannu.sydanm...@fi.abb.com) having a personal black-list that
you're on, to them perhaps being over-quota. Sadly, this is another
example of a mail host that seems to think "deny without revealing the
cause" is useful in any way... You just want to slap them... I know!

<joshcot...@familyfed.org <mailto:joshcot...@familyfed.org>>:
User and password not set, continuing without authentication.
67.227.135.108 does not like recipient.
Remote host said: 550 No Such User Here"
Giving up on 67.227.135.108.
See GMail examples above -- the user does not exist. (NOTE TO READERS --
as if anyone BUT Chandran has read this far -- I personally do NOT
BOUNCE bad mail addresses... I prefer to DELETE THEM so that senders get
no indication that the message failed.... Why? To prevent address
harvesting on my system! (Spammers will send messages to thousands of
"test" accounts -- those that don't bounce are legitimate addresses....
and get added to SPAM lists!)

Change the settings on YOUR server by manually modifying the
.qmail-default file in each ~vpopmail/domains/* account... the entry (to
delete bad mail) should be:

    | /home/vpopmail/bin/vdelivermail '' delete

(You should only be changing the LAST entry on the line).

<gringo...@fastmail.fm <mailto:gringo...@fastmail.fm>>:
User and password not set, continuing without authentication.
66.111.4.71 does not like recipient.
Remote host said: 552 5.7.1 <gringo...@fastmail.fm
<mailto:gringo...@fastmail.fm>>: Recipient address rejected: User has
been over quota for > 1 week, email rejected Giving up on 66.111.4.71.
Poor GringoJoe -- he's been over quota for so long, the folks at
fastmail.fm have suspended his account.... NEXT!

<leonlthur...@fairview.org <mailto:leonlthur...@fairview.org>>:
User and password not set, continuing without authentication.
<leonlthur...@fairview.org <mailto:leonlthur...@fairview.org>>
208.84.65.44 failed after I sent the message.
Remote host said: 550 5.1.1 User Unknown - Please check the email
address and try again. Otherwise, please contact the person and verify
the address is correct
Yet another bad address...


Delivery to the following recipient failed permanently:

sailen...@astirit.com <mailto:sailen...@astirit.com>

Technical details of permanent failure:=20 Google tried to deliver
your message, but it was rejected by the server for=  the recipient
domain astirit.com <http://astirit.com> by spam4.ihostexchange.net
<http://spam4.ihostexchange.net>. [66.46.182.96= ].

The error that the other server returned was:
550 Invalid recipient
LOL -- conflicting signals on this one: at first glance, it appears to
be a SPAM BLOCK -- but in the end, it turns out that
sailen...@astirit.com is just another bad email address.

I hope this helps!

Dan
IT4SOHO


--

PLEASE TAKE NOTE OF OUR NEW ADDRESS
===================================
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
   877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!





---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com