I was performing some SPAM Testing on an Axigen Server, when I discovered a flaw which I would like to know if it can be disabled.
On the System I was testing, the Server will spit out 550 Error messages whenever an invalid User is passed as an RCPT TO: Argument.
Example:
MAIL FROM: <Test#Mail.com>
250 Sender Accepted
RCPT TO: InvalidUser
550 User Not Found
RCPT TO: ValidUser
250 Recipient Accepted
I would like to know if it is possible to disable the 550 Messages, as this would allow an attacker to discover valid usernames.
Thank you,
Andrew Borg
Yes it is possible - you could configure the 'catch all' option for each domain where you like to have this behavior.
Related
I sent a reply to an email and this is what I got in return, can you translate it for me?
and what should I do?
Mail Delivery System MAILER-DAEMON#mx3.imadiff.net sent :
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
europeanchampion#pfls.fr: host barracuda03.imadiff.net[194.69.195.26] said:
554 rejecting banned content (in reply to end of DATA command)
Reporting-MTA: dns; mx3.imadiff.net
X-Postfix-Queue-ID: 6B26E1A50420
X-Postfix-Sender: rfc822; vermontjf#gmail.com
Arrival-Date: Sun, 4 Apr 2021 10:45:16 +0200 (CEST)
Final-Recipient: rfc822; europeanchampion#pfls.fr
Original-Recipient: rfc822;europeanchampion#pfls.fr
Action: failed
Status: 5.0.0
Remote-MTA: dns; barracuda03.imadiff.net
Diagnostic-Code: smtp; 554 rejecting banned content
Seems pretty clear in the response you received. The message transfer agent, who's Internet address is mx3.imadiff.net flagged your email as having content that it determined was contraband for their system. You need to look at what you sent and figure it out ... maybe it had curse words in it, or it had an attachment that the filter didn't like. You could try contacting the recipient and asking them what their mail filter system looks for as contraband and then look at the message you sent to see if you can figure out why it got flagged. Then remove whatever that is and re-send it.
Currently, almost all mail sent from my server are all saved in receiver junk mail. I am thinking. Is it because my server is sending spam mail? I refer to this post How to check if server is sending out spam?. I can check all email sent from my server by entering this command.
cat /var/log/maillog | grep 'to=<[a-z0-9_\.-]\+#[\da-z\.-]\+\.[a-z\.]\{2,6\}>' -o
I did send a few email by myself but the above command doesn't list out anything. If I cat /var/log/maillog, below is what I got. Not sure how to read this.
...
Jul 3 12:38:32 abcde-id467301 spamd[16679]: spamd: connection from localhost [::1]:37410 to port 783, fd 5
Jul 3 12:38:32 abcde-id467301 spamd[16300]: prefork: child states: I
Jul 3 12:38:32 abcde-id467301 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<XaTr4hBwNNJ/AAAB>
Jul 3 12:38:33 abcde-id467301 dovecot: lmtp(10026): Connect from local
Jul 3 12:38:33 abcde-id467301 dovecot: lmtp(10026): Disconnect from local: Successful quit
...
Any suggestions to check spam mail? Thanks.
EDIT after fix DMARC, DKIM and SPF (They all pass) - Now gmail is ok but hotmail is NOT ok.
Did several tests
https://www.mail-tester.com/
```
SpamAssassin does not like you
-0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
This negative score will become positive if the signature is validated. See immediately below.
0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Great! Your signature is valid
0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
Great! Your signature is valid and it's coming from your domain name
-1.999 FSL_HELO_BARE_IP_2 IP used in the HELO request
The hostname should be a domain name, not an IP address
-1.985 PYZOR_CHECK Similar message reported on Pyzor (http://pyzor.org)
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (http://public.pyzor.org/whitelist/)
-0.865 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
-1.274 RDNS_NONE Delivered to internal network by a host with no rDNS
This may be a false-positive, please check the reverse DNS test below to confirm or not this issue
0.001 SPF_PASS SPF: sender matches SPF record
Great! Your SPF is valid
You're not fully authenticated
We didn't find a server (A Record) behind your hostname .......net.
We check if there is a server (A Record) behind your hostname .......net.
You may want to publish a DNS record (A type) for the hostname .......net or use a different hostname in your mail software.
```
send an email to auth-results#verifier.port25.com
```
"iprev" check: fail
SpamAssassin check: ham
"iprev" check details:
Result: fail (reverse lookup failed (NXDOMAIN))
ID(s) verified: policy.iprev=---.--.---.--
DNS record(s):
---.--.---.--.in-addr.arpa. PTR (NXDOMAIN)
SpamAssassin check details:
SpamAssassin v3.4.0 (2014-02-07)
Result: ham (-0.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5%
[score: 0.0157]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
```
By default, on a cPanel server, emails are sent using EXIM. So the email log (for received and sent emails) is located at /var/log/exim_mainlog. There you can see detailed info about whatever emails were sent to or by your server.
A lot of factors can lead to your emails being delivered to junk. Just to name a few:
- your server's ip address is blacklisted (you can check it using tools like http://mxtoolbox.com/)
- you do not have a proper hostname defined for your server
- you do not have a proper reverse DNS for your server
- SPF and/or DKIM are not configured properly
Try sending an email from your server to a Gmail address for example, a Gmail address that you own. Then go to Gmail and even if the email landed on Junk, please check the email headers. There you get info about what checks have been made, what Spam score you got for your email and so on. That would be a good starting point for you to figure out why the sent emails land in Spam/Junk.
Since you have provided very little information, is hard to guess or provide a proper answer...
I am new to Postfix.... used mostly qMail in the past. This is my config:
I have Postfix SMTP server set up on domain aaa.com
Emails should be sent with "From" and "Reply-to" headers for another domain bbb.com.
bbb.com is on a different dedicated server and not in the list of "mynetworks".
It all works fine, but I am getting "SPF: HELO does not match SPF record (softfail)" when testing emails for spam score. So, I need to add my aaa.com domain into the list of allowed relay hosts (rcmpthosts file for qmail).
How can I do this with Postfix? Should I add aaa.com to relay_domains or relayhost?
Thanks
You should check the dns records of aaa.com , the spf record does not contain the ip op your postix server, this is why you receive the SPF error.
Have a look at http://www.openspf.org/ & http://spfwizard.com/
Br,
E-raser
What's the meaning of "error_subcode" in error information?
Can we make sure the error type by Analyzing "error" and "error_subcode"?
Do facebook has official explanation about the "error_subcode"?
As described in an old stub from Facebook
Along with a human-readable message, error responses include an error_subcode that describes the nature of the error. Although you can generally only respond to these errors by reauthenticating the user, you can use these subcodes for internal logging purposes or to better explain why you're asking the user to log in again. The possible codes and their meaning are below:
`error_subcode` Meaning
456 The session is malformed.
457 The session has an invalid origin.
458 The session is invalid, because the app is no longer installed.
459 The user has been checkpointed. The error_data will contain the URL the user needs to go to to clear the checkpoint.
460 The session is invalid likely because the user changed the password.
461 The session is invalid, because the user has reinstalled the app.
462 The session has a stale version.
463 The session has expired.
464 The session user is not confirmed.
465 The session user is invalid.
466 The session was explicitly invalidated through an API call.
467 The session is invalid, because the user logged out.
468 The session is invalid, because the user has not used the app for a long time.
We are sending hell lot of e-mails to our BREW devices ( in sprint network ) and after a while our mail server queues the messages and gets stuck. When we try to flush them, we get following from the server. Is there a solution to this problem? Is this error 452 from our mail server or sprint's mail server? How to tune up sendmail for faster e-mail processing?
Running /var/spool/mqueue/n7QNOrsZ072192 (sequence 1 of 3)
<6198466914#messaging.sprintpcs.com>... Connecting to mx.messaging.sprintpcs.com. via esmtp...
220 lxnipc6003.nmcc.sprintspectrum.com ESMTP
>>> EHLO smtp.xyz.com
250-lxnipc6003.nmcc.sprintspectrum.com
250-8BITMIME
250 SIZE 20480
>>> MAIL From:<LocateNow#xyz.com> SIZE=1148
250 sender <LocateNow#xyz.com> ok
>>> RCPT To:<6198466914#messaging.sprintpcs.com>
452 Too many recipients received this hour
<6198466914#messaging.sprintpcs.com>... Deferred: 452 Too many recipients received this hour
>>> DATA
503 #5.5.1 RCPT first
>>> RSET
250 reset
This is called grey-listing. When you send too many e-mails (or more often - a certain number of e-mails where a recipient does not exist) a destination mail server does not black list you, but instead they temporarily block access from your mail server (essentially the IP address of your mail server). Usually this block is set for 1 hour but obviously can vary depending on the configuration.
You can do several things:
Contact the admins of the domain in question (e.g. postmaster#messaging.sprintpcs.com) and request your IP address to be whitelisted. (They may refuse)
Check/increase time e-mails can stay in your local queues (to have more chances of them to retry and finally get delivered
Add more public IP addresses to your server
That's from their server. It looks like email flood prevention.
One alternative is to use app-directed SMS's to get data to your BREW application.
It looks like the mx.messaging.sprintpcs.com is throttling you. Perhaps try sending your mail with different IP addresses to beat this. It is probably an attempt at spam control.