[BlueOnyx:26340] Re: Backscatter / user not found bounce

Michael Stauber mstauber at blueonyx.it
Sun Jul 2 13:57:52 -05 2023 

Hi Ken,

> Are you using some sort of MX relay to do email filtering, so 
 > that by the time your BO server rejects the connection for no valid
 > recipients, the outboard solution has already terminated its SMTP
 > session and sends a bounce email?  Otherwise, I don't see how an SMTP
 > reject would be backscatter.

You know, after I wrote my earlier reply to Colin (and had another cup 
of coffee to fully wake up) I was wondering about this as well.

What is the actual scenario of bounce generation? If the connection 
attempt is *rejected* at the MTA on the BlueOnyx (because the recipient 
doesn't exist), then the *sending* mailserver that contacted the 
BlueOnyx will create a bounce.

But it's not the BlueOnyx that would create a bounce in that case.

So the sending mailserver (not the BlueOnyx) creates the bounce that 
might flip back to an innocent bystander. Still: That bounce might show 
the name and/or IP of the BlueOnyx as final destination where the reject 
happened.

Someone else's mailserver config isn't something we can do much about.

Yet: This brings us back to SPF and the stricter sender checks that 
Postfix on a BlueOnyx does. Might these have helped? The strict checks 
in Postfix might have rejected the connection if the sender had no 
reverse records and/or no valid domain name for the sending IP.

SPF might have detected that the sender address has SPF enabled and that 
the sender IP and didn't conform with the published SPF records for the 
domain name in the email address.

Still: This would have caused a reject on the BlueOnyx (not a bounce). A 
bounce could only happen if the sender was an MTA and created the bounce 
itself, because the BlueOnyx didn't want to "play" with it.

Try it out on one of your servers: Send an email to 
nonexistant at yourserver.com and *your* *own* mailserver replies back to 
you with a bounce, because the recipient doesn't exist.

And we can also simulate what happens by using Telnet, if the email is 
from an external source and the spoken to mailserver is a BlueOnyx:

This is in a shell on my workstation:

mstauber at beast:~$ telnet mail.blueonyx.it 25
Trying 208.77.151.199...
Connected to mail.blueonyx.it.
Escape character is '^]'.
220 lists.blueonyx.it ESMTP Sendmail Ready; Sun, 2 Jul 2023 13:52:24 -0500
HELO sol.smd.net
250 lists.blueonyx.it Hello Dinamic-Tigo-191-89-131-84.tigo.com.co 
[191.89.131.84] (may be forged), pleased to meet you
MAIL FROM: ms at blueonyx.it
250 2.1.0 ms at blueonyx.it... Sender ok
RCPT TO: nonexistant at blueonyx.it
553 5.3.0 nonexistant at blueonyx.it... No such user here
DATA
503 5.0.0 Need RCPT (recipient)

I faked to be sending email from the domain name "sol.smd.net" (which is 
another server of mine), specified an existing sender email address of 
mine and specified as RCTP TO an nonexisting email address.

Server answer:

553 5.3.0 nonexistant at blueonyx.it... No such user here

After that reject I could NOT specify a message body, as a valid 
recipient is required. So no actual bounce was created.

Colin: Do you by chance have a mail relay in front of your BlueOnyx that 
forwards the inbound emails to the BlueOnyx. Because *that* could be the 
problem.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list