bgware: issues because of forwarded mails : "550 Too many errors from your IP"


Previous by date: 1 May 2008 12:52:10 -0000 Announcing qmail-autoresponder version 0.97, Bruce Guenter
Next by date: 1 May 2008 12:52:10 -0000 mailfront / qmail-qfilter / vmailmgr "spring'08 cleanup" required..., Olivier Mueller
Previous in thread:
Next in thread:

Subject: issues because of forwarded mails : "550 Too many errors from your IP"
From: Olivier Mueller ####@####.####
Date: 1 May 2008 12:52:10 -0000
Message-Id: <1209646327.12738.36.camel@bigapple.omnis.ch>

Hello,

Some of my servers were blacklisted recently not because they were
sending spams, but because there were generating "too many errors".
The one from free.fr is an example (but not the only one): 
http://postmaster.free.fr/index_en.html: first a few: "421 Too many
errors from your IP", and then "550 Too many errors from your IP" for
86400 seconds. 

The same happened once or twice with http://bsn.borderware.com/ : IP
"reputation" went down, and some recipients using this kind of antispam
device (usually large companies) were not accepting mails anymore for a
defined period of time or until delisting. 

After investigation, it came out that it was just because of a few old
mail aliases / forwarding, which the domain owner / customer forgot
to remove. 

For example, with "example.com" hosted on my server, and "example.net"
hosted somewhere else. 

####@####.#### is a mail redirection to ####@####.####

Any mail to ####@####.#### will be accepted by the server, because
the address is valid (after validrcpt check, cvm, etc.). But then the
server will try to forward the mail to ####@####.#### and as it
fails, it will want to send a bounce message to the original (and
sometimes fake) sender.  Multiply that by 1000 and you will get
blacklisted by both the hoster of "example.net" and the maybe the sender
(because of the excessive bounces) 

What would you suggest to do against that kind of issues?  I can't check
the validity of all mail forwarding accounts for every user "by
hand" (there are hundreds of domains), and disallowing the use of
forwarding accounts is not really an option... 

Most of the mail accounts are managed with vmailmgrd, and some of them
via .qmail-xyz files ####@####.####  Now I guess I should find a
way to detect these kind of "expired" accounts, to then remove/disable
them, or at least get a list to forward to the customer support... :)

And you, what is your solution/suggestion? 
regards from Switzerland & happy 1.05.2008,
Olivier




Previous by date: 1 May 2008 12:52:10 -0000 Announcing qmail-autoresponder version 0.97, Bruce Guenter
Next by date: 1 May 2008 12:52:10 -0000 mailfront / qmail-qfilter / vmailmgr "spring'08 cleanup" required..., Olivier Mueller
Previous in thread:
Next in thread:


Powered by ezmlm-browse 0.21.