[TAG] (forw) Re: [Fwd: Mail delivery failed: returning message to sender]

Rick Moen rick at linuxmafia.com
Sat Jun 14 01:00:57 MSD 2008 

Speaking of my strategy, here's me getting the sharp end of someone
_else_ being awfully militant -- and, in my view, overreacting to _my_ 
system's spam-detection measures.

----- Forwarded message from Keith Burris <burriskm at lanetworks.com> -----

Date: Fri, 13 Jun 2008 12:00:47 -0700 (PDT)
From: Keith Burris <burriskm at lanetworks.com>
To: TAG <tag at lists.linuxgazette.net>
To: rick at linuxmafia.com
Subject: [Fwd: Mail delivery failed: returning message to sender]

Hi,

I'm sending this to let you know, if you're not already aware, that
[198.144.195.186] is listed on the backscatterer.org RBL. We're kind of
aggressive and block rather than increment the message's SA score.

Usually that works OK but this is a case where it doesn't.

I'll whitelist [198.144.195.186] on our end.

I am a little surprised that you're using call backs, though.

Keith

--
Keith M. Burris, Partner
LANETWORKS
O: 415.292.7000
M: 415.505.7494

---------------------------- Original Message ----------------------------
Subject: [Fwd: Mail delivery failed: returning message to sender]
From:    "Lanet Khodabakhsh" <lanet at lanetworks.com>
To: TAG <tag at lists.linuxgazette.net>
Date:    Fri, June 13, 2008 11:29 am
To:      "Keith Burris" <burriskm at lanetworks.com>
--------------------------------------------------------------------------

Can you help?

-------- Original Message --------
Subject: 	Mail delivery failed: returning message to sender
Date: 	Fri, 13 Jun 2008 11:21:28 -0700
From: 	Mail Delivery System <Mailer-Daemon at lanetworks.com>
To: TAG <tag at lists.linuxgazette.net>
To: 	lanet at lanetworks.com



This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  karsten at linuxmafia.com
    SMTP error from remote mail server after RCPT
TO:<karsten at linuxmafia.com>:
    host linuxmafia.com [198.144.195.186]: 550-Verification failed for
<lanet at lanetworks.com>
    550-Called:   69.17.46.3
    550-Sent:     RCPT TO:<lanet at lanetworks.com>
    550-Response: 550-198.144.195.186 is listed by ips.backscatterer.org
    550-550-and this message looks like "backscatter spam".
    550-550-Please e-mail postmaster at lanetworks.com if you wish to appeal
this
    550-550 rejection.
    550-.
    550-[EximConfig-2.0-linuxmafia.com-Sender-Callback]
    550-.
    550-Verify:  verified-karsten at linuxmafia.com
    550-Contact:  postmaster at linuxmafia.com
    550-.
    550-Sorry, your message has been rejected because
    550-your sender address and/or domain name is
    550-invalid or does not exist.
    550-.
    550-This was confirmed by performing a 'callback'
    550-to the mail server that handles mail for the
    550-domain name lanetworks.com
    550-.
    550-Please ensure that the sender and/or reply
    550-to address that you use when sending e-mail
    550-is a valid address that

------ This is a copy of the message, including all the headers. ------

Return-path: <lanet at lanetworks.com>
Received: from dudley.lanetworks.com ([10.1.1.7] helo=[127.0.0.1])
	by mail.lanetworks.com with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <lanet at lanetworks.com>)
	id 1K7Dtq-000GTa-Bf
	for karsten at linuxmafia.com; Fri, 13 Jun 2008 11:21:24 -0700
Message-ID: <4852BA90.10609 at lanetworks.com>
Date: Fri, 13 Jun 2008 11:21:04 -0700
From: Lanet Khodabakhsh <lanet at lanetworks.com>
To: TAG <tag at lists.linuxgazette.net>
Organization: LANETWORKS
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: "Karsten M. Self" <karsten at linuxmafia.com>
Subject: [Fwd: Re: Thank You!]
Content-Type: multipart/alternative;
 boundary="------------090309080101000600010403"
X-Spam-Score: 0.2 (/)
X-Spam-Report: Spam detection software, running on the system
"shaun.lanetworks.com", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	The administrator of that system for details.
	Content preview:  resending mssg -------- Original Message -------- Subject:
	Re: Thank You! Date: Fri, 13 Jun 2008 10:53:00 -0700 From: Lanet Khodabakhsh
	<lanet at lanetworks.com> Organization: LANETWORKS To: Karsten M. Self
<karsten at linuxmafia.com>
	References: <82498.1881.qm at web81203.mail.mud.yahoo.com>
<20080611234804.GY1574 at linuxmafia.com>
	[...]
	Content analysis details:   (0.2 points, 5.0 required)
	pts rule name              description
	---- ----------------------
--------------------------------------------------
	0.0 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
	[score: 0.0000]
	0.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 AWL                    AWL: From: address is in the auto white-list



[snip rejected copy of a message to Karsten M. Self <karsten at linuxmafia.com>]

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Fri, 13 Jun 2008 13:54:54 -0700
From: Rick Moen <rick at linuxmafia.com>
To: TAG <tag at lists.linuxgazette.net>
To: Keith Burris <burriskm at lanetworks.com>
Cc: karsten at linuxmafia.com
Subject: Re: [Fwd: Mail delivery failed: returning message to sender]

Quoting Keith Burris (burriskm at lanetworks.com):

> I'm sending this to let you know, if you're not already aware, that
> [198.144.195.186] is listed on the backscatterer.org RBL. We're kind of
> aggressive and block rather than increment the message's SA score.
> 
> Usually that works OK but this is a case where it doesn't.
> 
> I'll whitelist [198.144.195.186] on our end.
> 
> I am a little surprised that you're using call backs, though.


Hi, Keith.  I do use a particular type of callout, in a way that I have
taken care to make sure is (IMO, and I'm willing to be convinced
otherwise) not abusive.

1.  I recognise backscatter to be a very serious problem, and try to
make sure my systems are not guilty of same.

2.  My Exim4 MTA is configured to callout to the claimed delivering
domain's MX and test using RCPT TO (_not_ VRFY) that the claimed sender
address is deliverable, and that postmaster@ and abuse@ are deliverable.
Claimed delivering domains that fail those tests get told 550.  

It doesn't perform these tests on _every_ attempted delivery; test
results get cached and reused, specifically to avoid abuse.

The guidelines at
http://www.backscatterer.org/index.php?target=sendercallouts seem to
suggest that systems get listed if they do such callouts at all, without
regard to whether the level of such traffic is problematic or not.  I
understand their perspective, but do not concur with the implied "No
level of callouts is permissible" assumption.

I attempt to operate a reputable mail system -- though of course I could
be misguided or be guilty of operating a misconfigured system.  I'll
study the backscatterer.org RBL docs more closely, but my immediate
inclination is that I'm not misguided in this case.

Best Regards,
Rick Moen, owner/sysadmin of 198.144.195.186 (linuxmafia.com,
unixmercenary.net, and lists.linuxgazette.net)
650-283-7902 cellular

----- End forwarded message -----

More information about the TAG mailing list