Re: Are people trying to relay mail through my system?

To: debian-user@lists.debian.org
Subject: Re: Are people trying to relay mail through my system?
From: Andy Smith <andy@strugglers.net>
Date: Mon, 25 Sep 2023 20:25:48 +0000
Message-id: <[🔎] ZRHszPoNMG9DpYQm@mail.bitfolk.com>
In-reply-to: <[🔎] 013c33c0-b5cc-b08a-fae8-4b9b95a2c72c@shaw.ca>
References: <[🔎] 2ae792b3-61a9-4c04-a225-fa492cac127d@shaw.ca> <[🔎] ZRGvV46UEhzo+9jP@mail.bitfolk.com> <[🔎] 013c33c0-b5cc-b08a-fae8-4b9b95a2c72c@shaw.ca>

Hi Rick,

Your system has rejected a spam email, not because it worked out it
was spam, but because it was syntactically invalid. That's good, but
unfortunately your system decided to helpfully tell the (spam)
sender what had happened, by trying to send this bounce message
back:

On Mon, Sep 25, 2023 at 12:24:52PM -0600, Rick Macdonald wrote:
> # exim4 -Mvb 1qkOYj-001Hnf-2V
> 
> 1qkOYj-001Hnf-2V-D
> --foo-mani-padme-hum-306716-2546159-1695559801
> Content-Type: text/plain
> 
> This message was created automatically by mail delivery software.
> 
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error.
> 
> Reason: General SMTP/ESMTP error.
> 
> The following address(es) failed:
> rickm@localhost
>    SMTP error: 550 header syntax
> 
> --foo-mani-padme-hum-306716-2546159-1695559801
> Content-Type: message/delivery-status
> 
> Reporting-MTA: dns; timshel
> 
> Final-Recipient: rfc822; rickm@localhost
> Last-Attempt-Date: Sun, 24 Sep 2023 06:50:01 -0600 (MDT)
> Action: failed
> Status: 5.0.0
> Diagnostic-Code: 550 header syntax
> 
> --foo-mani-padme-hum-306716-2546159-1695559801
> Content-Type: text/rfc822-headers
> 
> X-Original-To: rickm@timshel.ca
> Delivered-To: x2959223@pdx1-sub0-mail-mx207.dreamhost.com
> Received: from tulsa.turntext.co (unknown [104.234.25.229])
>     by pdx1-sub0-mail-mx207.dreamhost.com (Postfix) with ESMTP id
> 4RtbVJ37KPz6m2v
>     for <rickm@timshel.ca>; Sat, 23 Sep 2023 23:20:56 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=turntext.co;
>  h=Mime-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID;
> i=WornKneeCartilage@turntext.co;
>  bh=CBxd431jRA2owpgtRRwIfhh07HQ=;
>  b=gHSMnk0fIYnLGQMVojCZV3z41dNcSDXALZjYjGOQIeWpdDRnH1sBJQfHSP1kzPxUfJa/crsQxxk0
> EEY0hk6SjSg1YMK0YDqaT3OXZpz67fAgfVqbB+/ZLA7peSq+mggzKwXIfesN5AC+H7c6pFd6rOii
>    E7T+FwmD2FKVnP6z0is=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=turntext.co;
>  b=FZY5bgp2/ypBd4Xc/Efzs345ind+OlkYi2NY3G5/m9tEesrUIeIGeE3JR8wlb2+gDhJDNA2BmzYx
> 53+nwYoiSBgyl/seZvILf1Ojhxg2y0YQWVwzF4LYDunZHfOV8RsiXxhHwL+xjbcTK3zPuKvdOjRF
>    1yRVz4iZe7AkjSr5Veo=;
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="21ceb14ceae19fd582462d70f2ee8d8a"
> Date: Sat, 23 Sep 2023 23:19:41 -0700
> From: "Knee Hurts?" <Worn Knee Cartilage@turntext.co>
> Reply-To: "Knee Hurts?" <Worn Knee Cartilage@turntext.co>

One of those two are probably the headers that your Exim objects to,
since they have spaces in the local parts of the address without
quoting.

The whole emails are of course, unwanted spam.

Your other problem, and the reason you have noticed this, is that
your smarthost does not want to accept these helpful bounce messages
that you are generating. They are using a temporary failure code
(451) but their mention of the "AUP" string leads me to believe that
they may suspect the messages are spam or spam-related and want
nothing to do with them.

Either way, they are useless messages and you should stop trying
to send them.

> If my system is trying to reply tho them, should I stop it from trying to
> reply? (Of course I don't know how to do that!)

You can remove them from your mail queue with:

# eim4 -Mrm <id>

You can get the ids from the "mailq" command or reading your logs.
You can specify multiple ids per command line.

After doing that you may want to look into how you can avoid sending
bounce messages to emails that your system doesn't want to accept.
These bounce messages are happening outside of the original SMTP
connection (which was between the sender and the MX for your
domain) and are generally "too little, too late". Additionally, it
seems like you may be sending them as rickm@localhost, which is not
helpful even when they are justified.

I'm afraid I'm not familiar with your setup so wouldn't know how to
configure that.

> I should explain that my domain and email address are hosted at Dreamhost. I
> use fetchmail to pull it from there to the IMAP server that I run on my
> Linux machine. So I think that means these reply attempts occur when
> fetchmail passes mail to my local machine. I've been adding more and more
> rules to my procmail filtering, but I don't know if these reply attempts are
> before or after procmail processes my rules.

These appear to be because fetchmail attempted to deliver messages
to you that were syntactically invalid, so your Exim rejected them
and generated a bounce message to the sender to be helpful. You
never saw the messages and procmail was not involved as Exim did not
get as far as doing a delivery attempt.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

Follow-Ups:
- Re: Are people trying to relay mail through my system?
  - From: Andy Smith <andy@strugglers.net>
- Re: Are people trying to relay mail through my system?
  - From: Rick Macdonald <rickmacd@shaw.ca>

References:
- Are people trying to relay mail through my system?
  - From: Rick Macdonald <rickmacd@shaw.ca>
- Re: Are people trying to relay mail through my system?
  - From: Andy Smith <andy@strugglers.net>
- Re: Are people trying to relay mail through my system?
  - From: Rick Macdonald <rickmacd@shaw.ca>

Prev by Date: Re: "sudo apt-get install android-tools-adb" ... (then no device listed)
Next by Date: Re: Are people trying to relay mail through my system?
Previous by thread: Re: Are people trying to relay mail through my system?
Next by thread: Re: Are people trying to relay mail through my system?
Index(es):
- Date
- Thread