Saturday 19th April 2014Login | Register
Pages: [1]

Odd bounce error message

« on 22/10/2011, 19:32 »
I just reported 11 spam emails in one go to spamcop and it bounced with the following error:

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<submit.plS4QPJlo4Fy83p2@spam.spamcop.net>: host relay.plus.net[212.159.8.107]
    said: 552 nuQE1h0030mutzo01uQFoe message rejected due to spam or virus. If
    you believe this is in error please login to your portal or contact your
    ISP support team. (in reply to end of DATA command)


--97741A4A5FD.1319307856/tty.org.uk
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; tty.org.uk
X-Postfix-Queue-ID: 97741A4A5FD
X-Postfix-Sender: rfc822; steve@tty.org.uk
Arrival-Date: Sat, 22 Oct 2011 19:24:14 +0100 (BST)

Final-Recipient: rfc822; submit.plS4QPJlo4Fy83p2@spam.spamcop.net
Original-Recipient: rfc822;submit.plS4QPJlo4Fy83p2@spam.spamcop.net
Action: failed
Status: 5.0.0
Remote-MTA: dns; relay.plus.net
Diagnostic-Code: smtp; 552 nuQE1h0030mutzo01uQFoe message rejected due to spam
    or virus. If you believe this is in error please login to your portal or
    contact your ISP support team.

--97741A4A5FD.1319307856/tty.org.uk
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit


So I'm not sure where it got bounced but I suspect its the PN spam system thinking my attached files, which contain spam emails,, which I'm forwarding to Spamcop are in fact spam which would be pretty stupid as it allowed them (about 17 since lunch time) to get through to me in the first place. This happened before with IronPort but someone at PN fixed it.

Edited to add : its PN doing it. I commented out the relay-host line in my postfix config and all the emails went through fine.

« Last Edit: 22/10/2011, 20:22 by SteveA »

Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 6743
  • View Profile
« Reply #1 on 22/10/2011, 23:35 »
Yes, the outbound Cloudmarks are probably marking the messages as spam leading the relays to refuse them so they are returned.

Obviously Cloudmark Authority perceives your server as an originator of spam, but the original source is not seen that way. Sad
Logged
« Reply #2 on 22/10/2011, 23:44 »
But what pees me off is that spam is coming in via PN and is NOT being recognised as spam but when I try to report it as spam PN's wonderful spam system identifies it as spam.

So right now I'm getting spam but have no way of reporting it.....  typical!
Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 6743
  • View Profile
« Reply #3 on 23/10/2011, 00:43 »
I take it from your comments that IronPort regularly let these sort of messages through? I'd hope Cloudmark can be trained to do better.
Logged
« Reply #4 on 23/10/2011, 09:45 »
They had configured Ironport to allow outgoing spam to spamcop, not sure how they did it but it worked.
Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 6743
  • View Profile
« Reply #5 on 23/10/2011, 12:03 »
I expect that can also be set up with Cloudmark. I think the IronPort to Cloudmark migration should now be complete so hopefully attention can be addressed to such requirements.

What isn't clear to me is whether Cloudmark fails to identify these messages as spam on their way in?
Logged
« Reply #6 on 23/10/2011, 12:31 »
I've got SMTP forwarding turned on which might have something to do with it. I'm not sure how things were routed before but I used to get about 1 spam per week, and I've had 9 already today.. actually make that 12. So the wonderful new anti-spam system is obviously not working in the same way IronPort was.
Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 6743
  • View Profile
« Reply #7 on 23/10/2011, 14:37 »
If you've got SMTP forwarding turned on emails bypass Plusnet spam and virus filtering and any checking is down to you. Swapping IronPort for Cloudmark should have had no effect on that path.

Since you use the relays outbound obviously that path is affected and whitelisting of messages to Spamcop is needed on Cloudmark.
Logged
« Reply #8 on 23/10/2011, 14:48 »
I know it wasn't supposed to affect it but it obviously was doing.... some how, and that's one of the reasons why I deactivated DSPAM on my box here because it was not getting enough spam to function properly.
Logged
« Reply #9 on 23/10/2011, 15:02 »
Actually it WAS going through ironport on the incoming:

Received: from relay.ptn-ipout02.plus.net (relay.ptn-ipout02.plus.net [212.159.7.36])
   (using TLSv1 with cipher RC4-SHA (128/128 bits))
   (No client certificate requested)
   by tty.org.uk (Postfix) with ESMTPS id 98476A4A15D
   for <xxx@xxxxxxuid.plus.com>; Fri, 14 Oct 2011 12:15:36 +0100 (BST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtcNAJsZmE7VomGh/2dsb2JhbAApGoJNgiUDnDGBZoRbd4EFgVMBAQQEIB0DAQIIAyMGAQUKFxgTAQkCAjEsCAcEARQEAQMEh10CBiSkJgFngyuBTYx2AQWGWYEUk3uFR4wq
Received: from unknown (HELO mail.just-the-name.co.uk) ([213.162.97.161])
  by relay.ptn-ipout02.plus.net with ESMTP; 14 Oct 2011 12:15:35 +0100
Received: from mail49.us1.mcsv.net (mail49.us1.mcsv.net [204.232.163.49])
   by mail.just-the-name.co.uk (Postfix) with ESMTP id D2393BA458
   for <sxx@xxxxxorg.uk>; Fri, 14 Oct 2011 12:15:32 +0100 (BST)


Now its going:

Received: from relay.pcl-ipout01.plus.net (relay.pcl-ipout01.plus.net [212.159.7.99])
   (using TLSv1 with cipher RC4-SHA (128/128 bits))
   (No client certificate requested)
   by tty.org.uk (Postfix) with ESMTPS id D72BFA4ACE9
   for <x@pexxxxxxxuid.plus.com>; Sun, 23 Oct 2011 12:56:14 +0100 (BST)
Received: from unknown (HELO mail.just-the-name.co.uk) ([213.162.97.161])
  by relay.pcl-ipout01.plus.net with ESMTP; 23 Oct 2011 12:56:14 +0100
Received: from mailc-ba.linkedin.com (mailc-ba.linkedin.com [216.52.242.152])
   by mail.just-the-name.co.uk (Postfix) with ESMTP id 678C4BBEA2
   for <xxxx@xorg.uk>; Sun, 23 Oct 2011 12:56:06 +0100 (BST)
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;



In the first one you can clearly see the ironport check results
Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 6743
  • View Profile
« Reply #10 on 23/10/2011, 20:29 »
Hmm, obviously special routing into the outbound IronPorts to implement JTN forwarding. The same routing is in place now but IronPort filtering has been turned off. Something Plusnet need to review.
Logged
« Reply #11 on 24/10/2011, 11:49 »
Hmm. I've just had an odd bounce as well.

I sent a read receipt for a message that had just arrived - and it bounced!

Now I'm not too well up on computer-speak, could someone please translate?   Cheesy

The following message to <xxxxxxxx@supanet.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Callback setup failed while verifying <yyyyyyy@zzzzzzz.plus.com>\nCalled:   212.159.8.200\nSent:     MAIL FROM:<>\nResponse: 550 IP is DNSBL listed - http://www.spamhaus.org/q...y/bl?ip=213.40.66.38\nThe initial connection, or a HELO or MAIL FROM:<> command was\nrejected. Refusing MAIL FROM:<> does not help fight spam, disregards\nRFC requirements, and stops you from receiving standard bounce\nmessages. This host does not accept mail from domains whose servers\nrefuse bounces.\nYour return address <yyyyyyy@zzzzzzz.plus.com> does not appear to be\nvalid. Sender verify failed.\nMon, 24 Oct 2011 11:26:08 +0100 on host 213.40.66.38'


I am not invalid!!!   Undecided Undecided

Here's the headers off the bounce message:
X-MSK: CML=1.402000
Return-path: <>
Envelope-to: yyyyyyy@zzzzzzz.plus.com
Delivery-date: Mon, 24 Oct 2011 11:26:12 +0100
Received: from [212.159.8.109] (helo=avasin13)
     by inmx19.plus.net with esmtp (PlusNet MXCore v2.00) id 1RIHjM-0004pA-Tw
     for yyyyyyy@zzzzzzz.plus.com; Mon, 24 Oct 2011 11:26:08 +0100
Received: from relay.pcl-ipout02.plus.net ([212.159.7.100])
   by avasin13 with Plusnet Cloudmark Gateway
   id oaS81h00729VYaU01aS8Y2; Mon, 24 Oct 2011 11:26:08 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=O967TWBW c=1 sm=1 a=MOoU6_y5KB8A:10
 a=wPDyFdB5xvgA:10 a=d185jZcJAAAA:8 a=EBOSESyhAAAA:8 a=oxtLoEQ2AAAA:8
 a=BHGZfj7sxUW_McQwjpgA:9 a=9uvm6SlqeZPP25rv8HkA:7 a=CjuIK1q_8ugA:10
 a=Q-yGKnO_R9AA:10 a=uBK8OgW28t_2rpQX:21 a=tTmV_vZD5Pi1On8Q:21
 a=0Bzu9jTXAAAA:8 a=Fy-wCSNV4vN1d1oKViQA:7 a=znHlCSW7yks-vR_v:21
 a=AIoYtGQSql7Cs4UR:21 a=FLMvxEwcbGxyaG4-TV0A:9 a=TFbchNSdzUL2fcWXfy6y5g==:117
Message-Id: <0a85c0$69s0st@pcl-ipout02.plus.net>
Received: from localhost by relay.pcl-ipout02.plus.net;
  24 Oct 2011 11:26:08 +0100
Date: 24 Oct 2011 11:26:08 +0100
To: yyyyyyy@zzzzzzz.plus.com
From: "Mail Delivery System" <MAILER-DAEMON@relay.pcl-ipout02.plus.net>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="CdWDw.4i0ZPuUAz.tzDfn.2Z6ZhMs"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Delivery Status Notification (Failure)

Logged
« Reply #12 on 25/10/2011, 19:52 »
I'd be tempted to raise a ticket on that - it looks very very odd.

Logged
« Reply #13 on 26/10/2011, 16:54 »
But what pees me off is that spam is coming in via PN and is NOT being recognised as spam but when I try to report it as spam PN's wonderful spam system identifies it as spam.

So right now I'm getting spam but have no way of reporting it.....  typical!

Should now be sorted as per my post here.

The following message to <xxxxxxxx@supanet.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Callback setup failed while verifying <yyyyyyy@zzzzzzz.plus.com>\nCalled:   212.159.8.200\nSent:     MAIL FROM:<>\nResponse: 550 IP is DNSBL listed - http://www.spamhaus.org/q...y/bl?ip=213.40.66.38\nThe initial connection, or a HELO or MAIL FROM:<> command was\nrejected. Refusing MAIL FROM:<> does not help fight spam, disregards\nRFC requirements, and stops you from receiving standard bounce\nmessages. This host does not accept mail from domains whose servers\nrefuse bounces.\nYour return address <yyyyyyy@zzzzzzz.plus.com> does not appear to be\nvalid. Sender verify failed.\nMon, 24 Oct 2011 11:26:08 +0100 on host 213.40.66.38'

I may be wrong but I /think/ the read receipt was sent via our servers and the recipient server (Supanet - 213.40.66.38) tried a sender-verify call on your email address <yyyyyyy@zzzzzzz.plus.com>. This involves connecting to the primary MX record for zzzzzzz.plus.com and attempting an SMTP transaction as follows:

Code:
HELO <verifier host name>
MAIL FROM:<>
RCPT TO:<the address to be tested>
QUIT

The primary MX record for zzzzzzz.plus.com is likely to be mx-trial.core.plus.net (cloudmark) at the time of writing. I reckon when Supanet's servers tried connecting to ours cloudmark rejected the attempt because of:

Code:
550 IP is DNSBL listed - http://www.spamhaus.org/query/bl?ip=213.40.66.38

So our inbound mail server failed the sender-verify check because Supanet's server was listed on one of Spanhaus' blacklists (although it doesn't seem to be now). Would be interested to know if this happens again?
Logged
Pages: [1]
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites