NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-10

Subject: Re: How did this REJECTED email bounce back?
From: Kevin Cosgrove (kevincdOink.COM)
Date: Thu Oct 26 2000 - 16:59:27 CDT

Next message: Gary Maltzen: "Re: high capacity configuration nightmares"
Previous message: Wietse Venema: "Re: How did this REJECTED email bounce back?"
In reply to: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Next in thread: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Reply: Kevin Cosgrove: "Re: How did this REJECTED email bounce back?"
Reply: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please bear with me as I try to understand this better.

kc> Which caused the original spam message to be rejected.
kc> But, notification of the rejection seems to have been sent
kc> back to the sender. I imagine the sender was spoofed or
kc> malconfigured, because that notification bounced back to me.

wv> This is incorrect. If Postfix rejects the mail header, then Postfix
wv> DOES NOT send a bounce message. If anyone sends a bounce, it is
wv> the SMTP client, or it is the UUXQT program in case of mail that
wv> comes in via UUCP.

        OK, postfix DOES NOT send a bounce message. So, what
        does "status=bounced" mean in the excerpt from my postfix
        log file, below? Does it just mean "could not deliver"?

========== start of /var/log/mail/mail.info excerpt ==========

Oct 26 08:11:55 myhost postfix/pickup[16544]: 9ECC67828: uid=10 from=<msweb1-errors+mydomain+mydomain.combounce.exactis.com>
Oct 26 08:11:55 myhost postfix/cleanup[16573]: warning: 9ECC67828: reject: header To: mydomainmydomain.com
Oct 26 08:11:55 myhost postfix/cleanup[16573]: 9ECC67828: message-id=<5.51.5.0.0.19933.972567273sender37.lodo.exactis.com>
Oct 26 08:11:55 myhost postfix/cleanup[16573]: 9ECC67828: to=<mydomainmydomain.com>, relay=cleanup, delay=0, status=bounced (Message rejected: Message content rejected)
Oct 26 08:11:55 myhost postfix/cleanup[16580]: D25717827: message-id=<20001026151155.D25717827myhost.mydomain.com>
Oct 26 08:11:55 myhost postfix/qmgr[28051]: D25717827: from=<>, size=3503 (queue active)
Oct 26 08:11:56 myhost postfix/pipe[16581]: D25717827: to=<msweb1-errors+mydomain+mydomain.combounce.exactis.com>, relay=uucp, delay=1, status=sent (uucpneighbor)

========== end of /var/log/mail/mail.info excerpt ==========

        Maybe uuxqt bounces email back in the event that rmail
        returns a non-OK exit status? Nope, just looked at the
        rmail script, which just exec's /usr/sbin/sendmail, which
        is part of the postfix package. In fact, I adapted the
        script to report the /usr/sbin/sendmail exit status,
        rather than just exec it. In the case of good email and
        rejected email, the exit status is '0' (zero).

        I tried the experiment of sending email myself to an
        address which I've set up in header_checks to be rejected.
        I tried this self-contained on one machine, so nothing
        ever gets to UUCP. The mail is handled only by postfix,
        /usr/sbin/sendmail (supplied by postfix), and procmail.
        Procmail only get's to touch the email if it passes through
        postfix OK (i.e. procmail shouldn't ever see rejected email).

        So, here's the email that I sent, as I received it back
        after bouncing. Looking at the preamble to the bounced
        email, it sure looks like postfix is claiming that it
        bounced the email. If I'm reading this wrong, please
        correct me.

========== start of bounced email ==========

Return-Path: MAILER-DAEMON
Delivery-Date: Thu Oct 26 14:34:04 2000
Return-Path: <>
Received: by myhost.mydomain.com (Postfix) via BOUNCE
id 2221B7833; Thu, 26 Oct 2000 14:34:04 -0700 (PDT)
Date: Thu, 26 Oct 2000 14:34:04 -0700 (PDT)
From: MAILER-DAEMONmydomain.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: kevincmydomain.COM
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="E75F57828.972596044/myhost.mydomain.com"
Message-Id: <20001026213404.2221B7833myhost.mydomain.com>

This is a MIME-encapsulated message.

--E75F57828.972596044/myhost.mydomain.com
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host myhost.mydomain.com.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please contact <postmastermydomain.com>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

<mydomainmydomain.com>: Message rejected: Message content rejected

--E75F57828.972596044/myhost.mydomain.com
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: by myhost.mydomain.com (Postfix, from userid 1234)
        id E75F57828; Thu, 26 Oct 2000 14:34:03 -0700 (PDT)
Received: from mydomain.COM (localhost [127.0.0.1])
        by myhost.mydomain.com (Postfix) with ESMTP id DAAA62940D
        for <mydomainmydomain.com>; Thu, 26 Oct 2000 14:34:03 -0700 (PDT)
To: mydomainmydomain.com
Subject: test
Date: Thu, 26 Oct 2000 14:34:01 -0700
From: Kevin Cosgrove <kevincmydomain.COM>
Message-Id: <20001026213403.E75F57828myhost.mydomain.com>

--E75F57828.972596044/myhost.mydomain.com--

========== end of bounced email ==========

The postfix log file entries specific to this email are
below.

========== start of /var/log/mail/mail.info excerpt ==========

Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 220 myhost.mydomain.com ESMTP Postfix
Oct 26 14:34:01 myhost postfix/smtpd[18535]: connect from localhost[127.0.0.1]
Oct 26 14:34:01 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: EHLO mydomain.COM
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250-myhost.mydomain.com
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250-PIPELINING
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250-SIZE 10240000
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250-ETRN
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250 8BITMIME
Oct 26 14:34:01 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: ONEX
Oct 26 14:34:01 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 502 Error: command not implemented
Oct 26 14:34:02 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: VERB on
Oct 26 14:34:02 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 502 Error: command not implemented
Oct 26 14:34:03 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: MAIL FROM:<kevincmydomain.COM>
Oct 26 14:34:03 myhost postfix/smtpd[18535]: extract_addr: input: <kevincmydomain.COM>
Oct 26 14:34:03 myhost postfix/smtpd[18535]: extract_addr: result: kevincmydomain.COM
Oct 26 14:34:03 myhost postfix/smtpd[18535]: open maildrop/DAAA62940D
Oct 26 14:34:03 myhost postfix/smtpd[18535]: DAAA62940D: client=localhost[127.0.0.1]
Oct 26 14:34:03 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250 Ok
Oct 26 14:34:03 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: RCPT TO:<mydomainmydomain.com>
Oct 26 14:34:03 myhost postfix/smtpd[18535]: extract_addr: input: <mydomainmydomain.com>
Oct 26 14:34:03 myhost postfix/smtpd[18535]: extract_addr: result: mydomainmydomain.com
Oct 26 14:34:03 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250 Ok
Oct 26 14:34:03 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: DATA
Oct 26 14:34:03 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 354 End data with <CR><LF>.<CR><LF>
Oct 26 14:34:03 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 250 Ok: queued as DAAA62940D
Oct 26 14:34:03 myhost postfix/smtpd[18535]: < localhost[127.0.0.1]: QUIT
Oct 26 14:34:03 myhost postfix/smtpd[18535]: > localhost[127.0.0.1]: 221 Bye
Oct 26 14:34:03 myhost postfix/smtpd[18535]: disconnect from localhost[127.0.0.1]
Oct 26 14:34:03 myhost postfix/pickup[18253]: E75F57828: uid=1234 from=<kevincmydomain.COM>
Oct 26 14:34:04 myhost postfix/cleanup[18536]: warning: E75F57828: reject: header To: mydomainmydomain.com
Oct 26 14:34:04 myhost postfix/cleanup[18536]: E75F57828: message-id=<20001026213403.E75F57828myhost.mydomain.com>
Oct 26 14:34:04 myhost postfix/cleanup[18536]: E75F57828: to=<mydomainmydomain.com>, relay=cleanup, delay=1, status=bounced (Message rejected: Message content rejected)
Oct 26 14:34:04 myhost postfix/cleanup[18541]: 2221B7833: message-id=<20001026213404.2221B7833myhost.mydomain.com>
Oct 26 14:34:04 myhost postfix/qmgr[28051]: 2221B7833: from=<>, size=1646 (queue active)
Oct 26 14:34:04 myhost postfix/local[18542]: 2221B7833: to=<kevincmydomain.COM>, relay=local, delay=0, status=sent ("|/usr/bin/procmail -a "$EXTENSION"")

========== end of /var/log/mail/mail.info excerpt ==========

Thanks [esp. Wietse] for your patience....

Next message: Gary Maltzen: "Re: high capacity configuration nightmares"
Previous message: Wietse Venema: "Re: How did this REJECTED email bounce back?"
In reply to: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Next in thread: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Reply: Kevin Cosgrove: "Re: How did this REJECTED email bounce back?"
Reply: Wietse Venema: "Re: How did this REJECTED email bounce back?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]