cancel
Showing results for 
Search instead for 
Did you mean: 

Odd bounce error message

SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Odd bounce error message

I just reported 11 spam emails in one go to spamcop and it bounced with the following error:
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
                  The mail system
<submit.plS4QPJlo4Fy83p2@spam.spamcop.net>: host relay.plus.net[212.159.8.107]
   said: 552 nuQE1h0030mutzo01uQFoe message rejected due to spam or virus. If
   you believe this is in error please login to your portal or contact your
   ISP support team. (in reply to end of DATA command)

--97741A4A5FD.1319307856/tty.org.uk
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; tty.org.uk
X-Postfix-Queue-ID: 97741A4A5FD
X-Postfix-Sender: rfc822; steve@tty.org.uk
Arrival-Date: Sat, 22 Oct 2011 19:24:14 +0100 (BST)
Final-Recipient: rfc822; submit.plS4QPJlo4Fy83p2@spam.spamcop.net
Original-Recipient: rfc822;submit.plS4QPJlo4Fy83p2@spam.spamcop.net
Action: failed
Status: 5.0.0
Remote-MTA: dns; relay.plus.net
Diagnostic-Code: smtp; 552 nuQE1h0030mutzo01uQFoe message rejected due to spam
   or virus. If you believe this is in error please login to your portal or
   contact your ISP support team.
--97741A4A5FD.1319307856/tty.org.uk
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

So I'm not sure where it got bounced but I suspect its the PN spam system thinking my attached files, which contain spam emails,, which I'm forwarding to Spamcop are in fact spam which would be pretty stupid as it allowed them (about 17 since lunch time) to get through to me in the first place. This happened before with IronPort but someone at PN fixed it.
Edited to add : its PN doing it. I commented out the relay-host line in my postfix config and all the emails went through fine.
13 REPLIES 13
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Odd bounce error message

Yes, the outbound Cloudmarks are probably marking the messages as spam leading the relays to refuse them so they are returned.
Obviously Cloudmark Authority perceives your server as an originator of spam, but the original source is not seen that way. Sad
David
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

But what pees me off is that spam is coming in via PN and is NOT being recognised as spam but when I try to report it as spam PN's wonderful spam system identifies it as spam.
So right now I'm getting spam but have no way of reporting it.....  typical!
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Odd bounce error message

I take it from your comments that IronPort regularly let these sort of messages through? I'd hope Cloudmark can be trained to do better.
David
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

They had configured Ironport to allow outgoing spam to spamcop, not sure how they did it but it worked.
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Odd bounce error message

I expect that can also be set up with Cloudmark. I think the IronPort to Cloudmark migration should now be complete so hopefully attention can be addressed to such requirements.
What isn't clear to me is whether Cloudmark fails to identify these messages as spam on their way in?
David
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

I've got SMTP forwarding turned on which might have something to do with it. I'm not sure how things were routed before but I used to get about 1 spam per week, and I've had 9 already today.. actually make that 12. So the wonderful new anti-spam system is obviously not working in the same way IronPort was.
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Odd bounce error message

If you've got SMTP forwarding turned on emails bypass Plusnet spam and virus filtering and any checking is down to you. Swapping IronPort for Cloudmark should have had no effect on that path.
Since you use the relays outbound obviously that path is affected and whitelisting of messages to Spamcop is needed on Cloudmark.
David
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

I know it wasn't supposed to affect it but it obviously was doing.... some how, and that's one of the reasons why I deactivated DSPAM on my box here because it was not getting enough spam to function properly.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

Actually it WAS going through ironport on the incoming:
[tt]Received: from relay.ptn-ipout02.plus.net (relay.ptn-ipout02.plus.net [212.159.7.36])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by tty.org.uk (Postfix) with ESMTPS id 98476A4A15D
for <xxx@xxxxxxuid.plus.com>; Fri, 14 Oct 2011 12:15:36 +0100 (BST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtcNAJsZmE7VomGh/2dsb2JhbAApGoJNgiUDnDGBZoRbd4EFgVMBAQQEIB0DAQIIAyMGAQUKFxgTAQkCAjEsCAcEARQEAQMEh10CBiSkJgFngyuBTYx2AQWGWYEUk3uFR4wq
Received: from unknown (HELO mail.just-the-name.co.uk) ([213.162.97.161])
 by relay.ptn-ipout02.plus.net with ESMTP; 14 Oct 2011 12:15:35 +0100
Received: from mail49.us1.mcsv.net (mail49.us1.mcsv.net [204.232.163.49])
by mail.just-the-name.co.uk (Postfix) with ESMTP id D2393BA458
for <sxx@xxxxxorg.uk>; Fri, 14 Oct 2011 12:15:32 +0100 (BST)[/tt]
[tt]
Now its going:
Received: from relay.pcl-ipout01.plus.net (relay.pcl-ipout01.plus.net [212.159.7.99])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by tty.org.uk (Postfix) with ESMTPS id D72BFA4ACE9
for <x@pexxxxxxxuid.plus.com>; Sun, 23 Oct 2011 12:56:14 +0100 (BST)
Received: from unknown (HELO mail.just-the-name.co.uk) ([213.162.97.161])
 by relay.pcl-ipout01.plus.net with ESMTP; 23 Oct 2011 12:56:14 +0100
Received: from mailc-ba.linkedin.com (mailc-ba.linkedin.com [216.52.242.152])
by mail.just-the-name.co.uk (Postfix) with ESMTP id 678C4BBEA2
for <xxxx@xorg.uk>; Sun, 23 Oct 2011 12:56:06 +0100 (BST)
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;[/tt]

In the first one you can clearly see the ironport check results
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Odd bounce error message

Hmm, obviously special routing into the outbound IronPorts to implement JTN forwarding. The same routing is in place now but IronPort filtering has been turned off. Something Plusnet need to review.
David
Tigger
Rising Star
Posts: 219
Thanks: 11
Registered: ‎12-06-2007

Re: Odd bounce error message

Hmm. I've just had an odd bounce as well.
I sent a read receipt for a message that had just arrived - and it bounced!
Now I'm not too well up on computer-speak, could someone please translate?  Cheesy
The following message to <xxxxxxxx@supanet.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Callback setup failed while verifying <yyyyyyy@zzzzzzz.plus.com>\nCalled:  212.159.8.200\nSent:    MAIL FROM:<>\nResponse: 550 IP is DNSBL listed - http://www.spamhaus.org/query/bl?ip=213.40.66.38\nThe initial connection, or a HELO or MAIL FROM:<> command was\nrejected. Refusing MAIL FROM:<> does not help fight spam, disregards\nRFC requirements, and stops you from receiving standard bounce\nmessages. This host does not accept mail from domains whose servers\nrefuse bounces.\nYour return address <yyyyyyy@zzzzzzz.plus.com> does not appear to be\nvalid. Sender verify failed.\nMon, 24 Oct 2011 11:26:08 +0100 on host 213.40.66.38'

I am not invalid!!!  Undecided Undecided
Here's the headers off the bounce message:
X-MSK: CML=1.402000
Return-path: <>
Envelope-to: yyyyyyy@zzzzzzz.plus.com
Delivery-date: Mon, 24 Oct 2011 11:26:12 +0100
Received: from [212.159.8.109] (helo=avasin13)
  by inmx19.plus.net with esmtp (PlusNet MXCore v2.00) id 1RIHjM-0004pA-Tw
  for yyyyyyy@zzzzzzz.plus.com; Mon, 24 Oct 2011 11:26:08 +0100
Received: from relay.pcl-ipout02.plus.net ([212.159.7.100])
by avasin13 with Plusnet Cloudmark Gateway
id oaS81h00729VYaU01aS8Y2; Mon, 24 Oct 2011 11:26:08 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=O967TWBW c=1 sm=1 a=MOoU6_y5KB8A:10
a=wPDyFdB5xvgA:10 a=d185jZcJAAAA:8 a=EBOSESyhAAAA:8 a=oxtLoEQ2AAAA:8
a=BHGZfj7sxUW_McQwjpgA:9 a=9uvm6SlqeZPP25rv8HkA:7 a=CjuIK1q_8ugA:10
a=Q-yGKnO_R9AA:10 a=uBK8OgW28t_2rpQX:21 a=tTmV_vZD5Pi1On8Q:21
a=0Bzu9jTXAAAA:8 a=Fy-wCSNV4vN1d1oKViQA:7 a=znHlCSW7yks-vR_v:21
a=AIoYtGQSql7Cs4UR:21 a=FLMvxEwcbGxyaG4-TV0A:9 a=TFbchNSdzUL2fcWXfy6y5g==:117
Message-Id: <0a85c0$69s0st@pcl-ipout02.plus.net>
Received: from localhost by relay.pcl-ipout02.plus.net;
  24 Oct 2011 11:26:08 +0100
Date: 24 Oct 2011 11:26:08 +0100
To: yyyyyyy@zzzzzzz.plus.com
From: "Mail Delivery System" <MAILER-DAEMON@relay.pcl-ipout02.plus.net>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="CdWDw.4i0ZPuUAz.tzDfn.2Z6ZhMs"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Delivery Status Notification (Failure)
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Odd bounce error message

I'd be tempted to raise a ticket on that - it looks very very odd.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Odd bounce error message

Quote from: SteveA
But what pees me off is that spam is coming in via PN and is NOT being recognised as spam but when I try to report it as spam PN's wonderful spam system identifies it as spam.
So right now I'm getting spam but have no way of reporting it.....  typical!

Should now be sorted as per my post here.
Quote from: Tigger
The following message to <xxxxxxxx@supanet.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Callback setup failed while verifying <yyyyyyy@zzzzzzz.plus.com>\nCalled:  212.159.8.200\nSent:    MAIL FROM:<>\nResponse: 550 IP is DNSBL listed - http://www.spamhaus.org/query/bl?ip=213.40.66.38\nThe initial connection, or a HELO or MAIL FROM:<> command was\nrejected. Refusing MAIL FROM:<> does not help fight spam, disregards\nRFC requirements, and stops you from receiving standard bounce\nmessages. This host does not accept mail from domains whose servers\nrefuse bounces.\nYour return address <yyyyyyy@zzzzzzz.plus.com> does not appear to be\nvalid. Sender verify failed.\nMon, 24 Oct 2011 11:26:08 +0100 on host 213.40.66.38'

I may be wrong but I /think/ the read receipt was sent via our servers and the recipient server (Supanet - 213.40.66.38) tried a sender-verify call on your email address <yyyyyyy@zzzzzzz.plus.com>. This involves connecting to the primary MX record for zzzzzzz.plus.com and attempting an SMTP transaction as follows:
HELO <verifier host name>
MAIL FROM:<>
RCPT TO:<the address to be tested>
QUIT

The primary MX record for zzzzzzz.plus.com is likely to be mx-trial.core.plus.net (cloudmark) at the time of writing. I reckon when Supanet's servers tried connecting to ours cloudmark rejected the attempt because of:
550 IP is DNSBL listed - http://www.spamhaus.org/query/bl?ip=213.40.66.38

So our inbound mail server failed the sender-verify check because Supanet's server was listed on one of Spanhaus' blacklists (although it doesn't seem to be now). Would be interested to know if this happens again?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵