Discussion:
Bouncing remote reject
(too old to reply)
j***@gmail.com
2014-11-11 17:21:44 UTC
Permalink
Hello,

We are using postfix as an edge MTA to route mail by LDAP lookup. So we have some users that have internal mail account, and other users that have google apps. Everything is routing correctly, but we have an annoying issue. When email is routed to internal users they are then passed to barracuda spam firewalls. The barracuda is actual giving postfix a 554 reject response. Postfix is then bouncing that back to the spammer. This is obviously not idea. besides disabling bounces in postfix I am not sure what to do.

Any help would be appreciated.
Burkhard Ott
2014-11-11 20:23:07 UTC
Permalink
Post by j***@gmail.com
Hello,
We are using postfix as an edge MTA to route mail by LDAP lookup. So we
have some users that have internal mail account, and other users that
have google apps. Everything is routing correctly, but we have an
annoying issue. When email is routed to internal users they are then
passed to barracuda spam firewalls. The barracuda is actual giving
postfix a 554 reject response. Postfix is then bouncing that back to
the spammer. This is obviously not idea. besides disabling bounces in
postfix I am not sure what to do.
Any help would be appreciated.
What about a filter and discard these messages bounced by baracuda?
James Millsap
2014-11-12 01:20:02 UTC
Permalink
Post by Burkhard Ott
Post by j***@gmail.com
Hello,
We are using postfix as an edge MTA to route mail by LDAP lookup. So we
have some users that have internal mail account, and other users that
have google apps. Everything is routing correctly, but we have an
annoying issue. When email is routed to internal users they are then
passed to barracuda spam firewalls. The barracuda is actual giving
postfix a 554 reject response. Postfix is then bouncing that back to
the spammer. This is obviously not idea. besides disabling bounces in
postfix I am not sure what to do.
Any help would be appreciated.
What about a filter and discard these messages bounced by baracuda?
I suppose that is possible, I am reading through the doc now. Since postfix is generating the bounce is this something I can change in the bounce handler? Basically instruct it not to generate bounces from a range of IPs or something.

Here is an example of how the bounce is logged.

Nov 10 11:18:19 edgemta postfix/smtp[29963]: EAC79124ADB: to=<***@int.ourdomain.com>, orig_to=<***@outdomain.com>, relay=barracudafqdn.com[10.1.50.102]:25, delay=526, delays=491/35/0.03/0.16, dsn=5.0.0, status=bounced (host barracudafqdn.com[10.1.50.102] said: 554 rejected due to spam content (in reply to end of DATA command))
Nov 10 11:18:19 edgemta postfix/cleanup[29307]: BBC6512424C: message-id=<***@edgemta>
Nov 10 11:18:19 edgemta postfix/bounce[29993]: EAC79124ADB: sender non-delivery notification: BBC6512424C
Nov 10 11:18:19 edgemta postfix/qmgr[21925]: EAC79124ADB: removed
Nov 10 11:18:19 edgemta postfix/qmgr[21925]: BBC6512424C: from=<>, size=5094, nrcpt=1 (queue active)
Nov 10 11:18:19 edgemta postfix/error[30000]: BBC6512424C: to=<***@spammer.link>, relay=none, delay=0.02, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to spammer.link[spam_ip]:25: No route to host)
Burkhard Ott
2014-11-13 03:56:38 UTC
Permalink
Post by James Millsap
Post by Burkhard Ott
Post by j***@gmail.com
Hello,
We are using postfix as an edge MTA to route mail by LDAP lookup. So
we have some users that have internal mail account, and other users
that have google apps. Everything is routing correctly, but we have
an annoying issue. When email is routed to internal users they are
then passed to barracuda spam firewalls. The barracuda is actual
giving postfix a 554 reject response. Postfix is then bouncing that
back to the spammer. This is obviously not idea. besides disabling
bounces in postfix I am not sure what to do.
Any help would be appreciated.
What about a filter and discard these messages bounced by baracuda?
I suppose that is possible, I am reading through the doc now. Since
postfix is generating the bounce is this something I can change in the
bounce handler? Basically instruct it not to generate bounces from a
range of IPs or something.
Here is an example of how the bounce is logged.
relay=barracudafqdn.com[10.1.50.102]:25, delay=526,
delays=491/35/0.03/0.16, dsn=5.0.0, status=bounced (host
barracudafqdn.com[10.1.50.102] said: 554 rejected due to spam content
(in reply to end of DATA command))
Nov 10 11:18:19 edgemta postfix/bounce[29993]: EAC79124ADB: sender
non-delivery notification: BBC6512424C Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: EAC79124ADB: removed Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: BBC6512424C: from=<>, size=5094, nrcpt=1 (queue
active)
delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily
suspended: connect to spammer.link[spam_ip]:25: No route to host)
http://www.postfix.org/BACKSCATTER_README.html
Woudl be one way. The DSN is generated either way, but you can filter on
that one and remove it from the queue for instance.
James Millsap
2014-11-13 21:31:01 UTC
Permalink
Post by Burkhard Ott
Post by James Millsap
Post by Burkhard Ott
Post by j***@gmail.com
Hello,
We are using postfix as an edge MTA to route mail by LDAP lookup. So
we have some users that have internal mail account, and other users
that have google apps. Everything is routing correctly, but we have
an annoying issue. When email is routed to internal users they are
then passed to barracuda spam firewalls. The barracuda is actual
giving postfix a 554 reject response. Postfix is then bouncing that
back to the spammer. This is obviously not idea. besides disabling
bounces in postfix I am not sure what to do.
Any help would be appreciated.
What about a filter and discard these messages bounced by baracuda?
I suppose that is possible, I am reading through the doc now. Since
postfix is generating the bounce is this something I can change in the
bounce handler? Basically instruct it not to generate bounces from a
range of IPs or something.
Here is an example of how the bounce is logged.
relay=barracudafqdn.com[10.1.50.102]:25, delay=526,
delays=491/35/0.03/0.16, dsn=5.0.0, status=bounced (host
barracudafqdn.com[10.1.50.102] said: 554 rejected due to spam content
(in reply to end of DATA command))
Nov 10 11:18:19 edgemta postfix/bounce[29993]: EAC79124ADB: sender
non-delivery notification: BBC6512424C Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: EAC79124ADB: removed Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: BBC6512424C: from=<>, size=5094, nrcpt=1 (queue
active)
delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily
suspended: connect to spammer.link[spam_ip]:25: No route to host)
http://www.postfix.org/BACKSCATTER_README.html
Woudl be one way. The DSN is generated either way, but you can filter on
that one and remove it from the queue for instance.
I a returning a 550 for invalid recipient addresses already, but I presume you are referring to ..

http://www.postfix.org/BACKSCATTER_README.html#forged_sender
Burkhard Ott
2014-11-14 02:53:25 UTC
Permalink
Post by James Millsap
Post by James Millsap
Post by Burkhard Ott
Post by j***@gmail.com
Hello,
We are using postfix as an edge MTA to route mail by LDAP lookup.
So we have some users that have internal mail account, and other
users that have google apps. Everything is routing correctly, but
we have an annoying issue. When email is routed to internal users
they are then passed to barracuda spam firewalls. The barracuda
is actual giving postfix a 554 reject response. Postfix is then
bouncing that back to the spammer. This is obviously not idea.
besides disabling bounces in postfix I am not sure what to do.
Any help would be appreciated.
What about a filter and discard these messages bounced by baracuda?
I suppose that is possible, I am reading through the doc now. Since
postfix is generating the bounce is this something I can change in
the bounce handler? Basically instruct it not to generate bounces
from a range of IPs or something.
Here is an example of how the bounce is logged.
relay=barracudafqdn.com[10.1.50.102]:25, delay=526,
delays=491/35/0.03/0.16, dsn=5.0.0, status=bounced (host
barracudafqdn.com[10.1.50.102] said: 554 rejected due to spam content
(in reply to end of DATA command))
Nov 10 11:18:19 edgemta postfix/bounce[29993]: EAC79124ADB: sender
non-delivery notification: BBC6512424C Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: EAC79124ADB: removed Nov 10 11:18:19 edgemta
postfix/qmgr[21925]: BBC6512424C: from=<>, size=5094, nrcpt=1 (queue
active)
delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily
suspended: connect to spammer.link[spam_ip]:25: No route to host)
http://www.postfix.org/BACKSCATTER_README.html Woudl be one way. The
DSN is generated either way, but you can filter on that one and remove
it from the queue for instance.
I a returning a 550 for invalid recipient addresses already, but I
presume you are referring to ..
http://www.postfix.org/BACKSCATTER_README.html#forged_sender
That's not what I mean. I understood your issue like you connect to
baracuda and barcuda drops the connection with error 500, therefore you
have a status and an IP you connected to. It's now up to you to send the
bounce to the original sender, or verify the sender address and if it
doesn't exist just discard. In your example above, instead of defer
temporarly, you can kick it.

to=<***@spammer.link>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Post by James Millsap
Post by James Millsap
delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily
suspended: connect to spammer.link[spam_ip]:25: No route to host)
^^^^^^^^^^^^^^^^^

So if there is no MX and no A record present for @spammer.link, you can
delete it. The flipsite is that you would also delete it if somebody just
has issues with his DNS.

Loading...