False-positive alert from Backscatterer.org due to email forwarders
  
Author:

email bugThis server’s Exim is 100% correctly configured, however it regularly trapping into freaking Backscatterer.org (into the list of so-called anti-spam service).

The reason of hitting into spammers list appeared rather stupid.

Because I have specified forwarder from one of my domain, eg support@my-domain.com, into another domain, support@another-my-domain.com. But lately email support@another-my-domain.com has been removed and generated bounceback to anyone who sent email into support@my-domain.com.

So it was accepted by support@my-domain.com (since it’s valid but unused email address, which accepting messages to forward them), but suport@my-another-domain.com was generated bounce back. Into faked address. Bounce back after accepting the message, which is not legal according to some lamers maintainers of freaking Backscatterer.org.

Well, okay, perhaps I need to use cure for sclerosis manage my forwarders and not allow redirection/forwarding into bad address. But what if some another regular user (with less privileges than mine) on another account within my server (within an IP) will use broken forwarders?

What if someone blacklisted in target email (directly blacklisted or because of some strict rules or target server, like non-accepting of greek or chinese encoding) will send a message through my forwarder? Right, target server will produce a bounce back. Imagine, if I forwarding all messages from my domain into @gmail, but @gmail not accepting snder’s messages due to ANY reason and generate bounce-back. Right, I my IP will get into get into freaking Backscatterer list. Damn it.

I’m stopping using forwarders but would prefer if some lamers maintainers of freaking Backcatterer.org will stop their silly worthless lives.

No more email forwarders. Thanks to freaking Backscatterer.org.

UPD. Ok, use internal forwarders (within your localhost), but ONLY if they do not generate any bounce backs(!!)

UPD 2: real EXIM log snipped which demostrates the problem. (@gmail produced bounce back due to suspicious incoming message due to low reputation of my IP)

2019-08-03 01:31:47 1htg5J-0005oT-0H <= JorgeWoods@losaass.it H=jedi-ng.caal.com.br (losaass.it) [201.35.168.194] P=esmtp S=8655 id=43F8999A.ED61C040@losaass.it from <JorgeWoods@losaass.it> for support@mydomainA.com
2019-08-03 01:31:47 1htg5J-0005oT-0H H=gmail-smtp-in.l.google.com [2a00:1450:4010:c0e::1a] Network is unreachable
2019-08-03 01:31:48 1htg5J-0005oT-0H ** myemail@gmail.com (info@mydomain2.com, info@mydomain2.com, support@mydomain2.com, support@mydomain2.com, support@mydomainA.com) <support@mydomainA.com> R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.131.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes DN="/C=US/ST=California/L=Mountain View/O=Google LLC/CN=mx.google.com": SMTP error from remote mail server after end of data: 550-5.7.1 [91.223.223.144      18] Our system has detected that this message is\n550-5.7.1 likely suspicious due to the very low reputation of the sending IP\n550-5.7.1 address. To best protect our users from spam, the message has been\n550-5.7.1 blocked. Please visit\n550 5.7.1  https://support.google.com/mail/answer/188131 for more information. z1si62958669lfc.119 – gsmtp
2019-08-03 01:31:48 1htg5U-0005oc-MO <= <> R=1htg5J-0005oT-0H U=exim P=local S=10830 from <> for JorgeWoods@losaass.it
2019-08-03 01:31:48 1htg5J-0005oT-0H Completed
2019-08-03 01:31:49 1htg5U-0005oc-MO [37.221.193.144] SSL verify error: certificate name mismatch: DN="/CN=mailserver-online.de" H="mail.losaass.it"
2019-08-03 01:31:50 1htg5U-0005oc-MO ** jorgewoods@losaass.it <JorgeWoods@losaass.it> R=dnslookup T=remote_smtp H=mail.losaass.it [37.221.193.144] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/CN=mailserver-online.de": SMTP error from remote mail server after DATA: 554 We don’t take bounces from systems listed at IPS.BACKSCATTERER.ORG
2019-08-03 01:31:50 1htg5U-0005oc-MO Frozen (delivery error message)


Send by E-mailSend by E-mail   Print versionPrint version
Comments(0)

No comments yet… Be the first to leave comment on this topic!

or
You may sign in using:
Enter with Facebook Enter with Google Enter with VK