Mailing List Archive

Avoiding bounces
Hi list!

My problem: I have an "info@"-address that forwards the E-Mails to other
addresses, some on them outside my servers.

Well, unfortunately this address catches many Spam/junk E-Mails and, of
course, my Exim (4.88) tries to forward them.
Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
it...

Now, some recipient (in this case: Google) refuse some E-Mail if they are
Spam (in the "mind" of Google), so a bounce will generated.
All correct, but...

... sometimes the E-Mail __IS__ spam and the sender cannot be contacted since
his server refuse my bounces.
It results in many bounces in my Exim-queue.

Now the question: can I configure Exim to simply delete these bounces
(identified by refused from Google)?
And of course, how can I mark the E-Mail as "refused from Google"?

Thanks a lot
Luca Bertoncello
(lucabert@lucabert.de)

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
On 26/05/18 08:03, Luca Bertoncello via Exim-users wrote:
> My problem: I have an "info@"-address that forwards the E-Mails to other
> addresses, some on them outside my servers.
>
> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...
>
> Now, some recipient (in this case: Google) refuse some E-Mail if they are
> Spam (in the "mind" of Google), so a bounce will generated.
> All correct, but...

But you're better-off never accepting the message. Consider doing
cutthrough-routing for these; this means that if the site you are
forwarding to (Google) refuses the message even as late as after-data
(which, given they need to analyse the body, is likely) then so do you
(for the originator talking to you).

> ... sometimes the E-Mail __IS__ spam and the sender cannot be contacted since
> his server refuse my bounces.
> It results in many bounces in my Exim-queue.

This is where sender-verify callouts are useful, despite some people
regarding them as bad. But if you're doing cutthrough you don't even
need that.

> Now the question: can I configure Exim to simply delete these bounces
> (identified by refused from Google)?

The trick is to never accept these messages, so that no bounce is
generated.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
> I have an "info@"-address that forwards the E-Mails to other
> addresses, some on them outside my servers.
>
> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...

No, you haven't to forward it. You can deliver to a local mailbox
(or several mailboxes) and configure your mail clients to
download mail from those mailboxes via POP3 or IMAP.

> some recipient (in this case: Google) refuse some E-Mail if they are
> Spam (in the "mind" of Google)

Gmail also can download via POP3.

By forwarding spam to Google, you harm reputation of your server.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
Jeremy Harris via Exim-users <exim-users@exim.org> schrieb:

> But you're better-off never accepting the message. Consider doing
> cutthrough-routing for these; this means that if the site you are
> forwarding to (Google) refuses the message even as late as after-data
> (which, given they need to analyse the body, is likely) then so do you
> (for the originator talking to you).

Well, this "info@"-address is a forward to many recipients, not just one...
I could refuse the message if at least one recipient will refuse it.
This would like me.

Now the very question: how can I do that?

Thank you for your help!

Regards
Luca Bertoncello
(lucabert@lucabert.de)

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
On 26/05/18 15:05, Luca Bertoncello via Exim-users wrote:
> Well, this "info@"-address is a forward to many recipients, not just one...

Oh, a mail-exploder. OK, no cutthrough routing possible. This is
effectively a mailinglist, and you need to put real effort into
curating it. Things like: on the slightest evidence of dodgyness
- including, but not limited to, bad rDNS, bad HELO, bad dnsbl,
bad sender-verify-callout, perhaps even unwhitelisted-senders -
divert to a quarantine queue for manual vetting.

And consider just rejecting on those grounds, too.


Or, as Lena suggests, for Google use a POP-sucker rather than
SMTP forwarding. But that means telling Google some credentials
for your box, and providing POP access (I strongly suggest you
create a/some dedicated account(s) for that, with the credentials not
used for any other purpose). We are, of course, assuming you
have control of the Google account(s) concerned.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
On Sat, 2018-05-26 at 09:03 +0200, Luca Bertoncello wrote:

> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...

I disagree, based on my 9? years of happy, contented and grateful usage
of Exim.

If you reject emails from MTAs having no rDNS or no resolving HELO (or
EHLO) names or having a HELO name that is different from the sending
MTA's host name, most of your spam will not reach your users.

I then take additional Exim-based spam-repulsion activities and only get
ONE spam perhaps every few weeks, despite having 5 incoming MTAs in 3
countries.

Do not do nothing and let yourself become a willing victim of spam.


--
Kind regard,

Paul.
England, EU. England's place is in the European Union.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
I don't reject invalid HELO's or invalid rDNS and get very Little
spam, because I just ban all those shitty TLDs.
I have found out that most spam uses those new shitty TLDs so just
banning these shitty TLDs in the MIME from and MAIL from is a good
solution:

MAIL from stage:

deny
message = Banned TLD
sender_domains =
^(?i).*\\.(study|reise|technology|club|fun|bid|store|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university|shop)\$

then one for Mime from stage:

deny
message = Banned TLD in MIME From ($h_from:)
condition = ${if match
{$h_from:}{^(?i).*\\.(study|reise|technology|club|fun|bid|store|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university|shop)>\$}{yes}{no}}

That solves most current spam problems.

2018-05-26 23:24 GMT+02:00 Always Learning via Exim-users <exim-users@exim.org>:
>
> On Sat, 2018-05-26 at 09:03 +0200, Luca Bertoncello wrote:
>
>> Well, unfortunately this address catches many Spam/junk E-Mails and, of
>> course, my Exim (4.88) tries to forward them.
>> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
>> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
>> it...
>
> I disagree, based on my 9? years of happy, contented and grateful usage
> of Exim.
>
> If you reject emails from MTAs having no rDNS or no resolving HELO (or
> EHLO) names or having a HELO name that is different from the sending
> MTA's host name, most of your spam will not reach your users.
>
> I then take additional Exim-based spam-repulsion activities and only get
> ONE spam perhaps every few weeks, despite having 5 incoming MTAs in 3
> countries.
>
> Do not do nothing and let yourself become a willing victim of spam.
>
>
> --
> Kind regard,
>
> Paul.
> England, EU. England's place is in the European Union.
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
On 2018-05-26, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
> On 26/05/18 15:05, Luca Bertoncello via Exim-users wrote:
>> Well, this "info@"-address is a forward to many recipients, not just one...
>
> Oh, a mail-exploder. OK, no cutthrough routing possible. This is
> effectively a mailinglist, and you need to put real effort into
> curating it. Things like: on the slightest evidence of dodgyness
> - including, but not limited to, bad rDNS, bad HELO, bad dnsbl,
> bad sender-verify-callout, perhaps even unwhitelisted-senders -
> divert to a quarantine queue for manual vetting.
>
> And consider just rejecting on those grounds, too.
>
>
> Or, as Lena suggests, for Google use a POP-sucker rather than
> SMTP forwarding. But that means telling Google some credentials
> for your box, and providing POP access (I strongly suggest you
> create a/some dedicated account(s) for that, with the credentials not
> used for any other purpose). We are, of course, assuming you
> have control of the Google account(s) concerned.

If you do that, (and it will work well) be sure that the mailbox is
cleared regularly. at work we got hit by hundereds of dollars of
excess data chargers on one of our servers due to international
pop data going to google, we had to put an ip firewall in.
(alternatively host the pop3 somewhere that has cheap data charges)

--
?

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
Always Learning via Exim-users <exim-users@exim.org> schrieb:

Hi,

> If you reject emails from MTAs having no rDNS or no resolving HELO (or
> EHLO) names or having a HELO name that is different from the sending
> MTA's host name, most of your spam will not reach your users.

Of course I do that!
But unfortunately I already get tons of spam...
A couple of years ago was better, but now I get many spam per day again... :(

Thanks
Luca Bertoncello
(lucabert@lucabert.de)

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
Am 27. Mai 2018 08:07:37 MESZ schrieb Luca Bertoncello via Exim-users <exim-users@exim.org>:
>Of course I do that!
>But unfortunately I already get tons of spam...
>A couple of years ago was better, but now I get many spam per day
>again... :(

Spam and spam fighting is a evolutionary development. Things worked years ago very well against >90% of real (!) spam are more and more useless while newer spammer strategies emerge which require newer ways. On the other hand - the amount of "self driven" Internet MTAs of many entities / companies was higher years ago - so i.e. reverse DNS or rfc-conformity was not a usable "hard" criteria at that time and white mail / ham from a lot of mailers with somekind "buggy" behaviour was to accept. Today it is possible to "expect more" from a source MTA.

Typical working anti spam solutions (without false positives and a very high recognition rate use multiple stages of different solutions and strategies and more dynamic criteria.

There is no real "one reciept for all" howto, but some things are typically involved by successfull anti-spam solutions today:

- checking "conformity" to typical RFCs
- DKIM, SPF, DMARC (be aware of lists)
- multiple DNS blocking lists
- DCC
- razor
- spamassassin rulesets
- greylisting strategies
- virus filters
- phishing url filters
- bayesian analysis
...

Exim allows to store and work with variables. Such could be used to "count" and "weight" multiple aspects of a Email before to decide about a bounce (bit similiar to spamassassin). I.e. requsting a list of DNSBL and "count" each record by weight is helpful today (instead of just block if in a list...).

Run a "anti-spam" MX with a really high recognition rate of real spam (not legal list mail or newsletters) without (!) producing "false positives" was and is a time consuming job - offen to much for a small company mail system. The current Definition of "false positives" (what really IS spam and has to be blocked) is a important part which has to match expectations of the "Users" ("white" Senders as Recievers)

But it costs traffic, hardware and energy too, so that many free mail providers not want or are not able to go so far with their service.

I'm not a fan of "spam folders" for business users as they do not really save time, because they have to check that folder regularly to avoid lost business email.

I usually avoid Spamfilter "training" by users too as this leads to mis-usage which could result in false positives.

All in one solutions like (standard) Spamassassin could help very wide in "smaller" systems / for "season" admins, but are just a basic barrier in practice.

I know that many admins of smaller mailers block on a list of TLD, domains or a geotarget base as a "quickanddirty spam filter", but the result is not a Internet email service anymore (as it doesnt work for potential / real white and proper email Senders) and it will lead to bounces false positives.

This would not be acceptable for i.e. business users which rely on and "just" expect a reliable email service.

For me, such ugly "hacks" of mailer admins are one reason why many Users today tend to see Email as a "unreliable, outdated messaging" solution.


hth a bit,


niels.
--
Niels Dettenbach
Syndicat IT & Internet
http://www.Syndicat.com

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Avoiding bounces [ In reply to ]
On 05/26/2018 09:03 AM, Luca Bertoncello via Exim-users wrote:
> My problem: I have an "info@"-address that forwards the E-Mails to other
> It results in many bounces in my Exim-queue.

to avoid that issue on my MX I use dovecot as LDA
https://wiki.dovecot.org/LDA/Exim and redirect via sieve with original
recipient.

sieve_redirect_envelope_from = orig_recipient

redirect in sieve is done based on envelope-to header.

lda_original_recipient_header = Envelope-to


to avoid redirection of bounces, add before-filter to directly save in
inbox.

;=== /etc/dovecot/sieve/before/20-Mailer-Daemon.sieve ==
require ["fileinto"];

# rule:[Mailer-Daemon]
if allof (address "From" "Mailer-Daemon@<your mx hostname>")
{
fileinto "INBOX";
}
;===

this is also more or less what Sven describes in
https://groups.google.com/forum/#!msg/de.comm.software.mailserver/JA1tBzqYH1U/B_4GJ4JaCwAJ

btw, due to your homebase is Germany, think of DSGVO and AVV, I'm not
sure if such forwarding is allowed.

gre3tings, Klaus

--
Klaus Maria Pfeiffer
chat: hoedlmoser@jabber.rekmp.net
blog: http://blog.kmp.or.at/
twitter: @hoedlmoser

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/