Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[courier-users] Error code from smtpfilter in maildrop's embedded mode

1 view
Skip to first unread message

Lindsay Haisley

unread,
Apr 6, 2012, 2:05:00 PM4/6/12
to
If I reject an email using ~/.mailfilters/rcptfilter I can include and
error code in the echo'd message and this will be used as the error code
in a rejection notice returned to a corresponding SMTP server. Is there
any way to do this for the content filter, ~/.mailfilters/smtpfilter?
It seems that the error returned is always an error code 558. e.g.:

rcpt to: <FMO...@FMP.COM>
250 Ok.
data
354 Ok.
Date: Fri, 06 Apr 2012 12:37:27 -0500
From: fmo...@whudoo.fmp.com
To: FMO...@FMP.COM
Subject: Test 2

this is a test
.
558-550...@fmp.com:
558 550 5.1.1 User unknown: fmo...@fmp.com (BL-1)

I want to mimic as closely as possible a 550 5.1.1 "User unknown" error
code to the sending server, but the 558 error seems to be hard coded
into courier for rules in smtpfilter. I can't find much information on
an SMTP 558 error, but I assume it's related to content based rejection.
Is there any way to alter this?

I seem to have gotten onto an exceptionally obnoxious spam list which
sends me 5 or 10 spams every hour most of which, for some reason, get by
SpamAssassin. The one characteristic of all of these, for which my
smtpfilter rule tests, is that my email address is always spec'd in all
caps. Few if any legitimate correspondents ever do this, and rejecting
such email with "I don't exist" seems appropriate. I'd like the
rejection message to resemble a standard 550 5.1.1 error as closely as
possible.

--
Lindsay Haisley | "Never expect the people who caused a problem
FMP Computer Services | to solve it." - Albert Einstein
512-259-1190 |
http://www.fmp.com |


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
courier-users mailing list
courie...@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Sam Varshavchik

unread,
Apr 6, 2012, 6:01:27 PM4/6/12
to
Lindsay Haisley writes:

> If I reject an email using ~/.mailfilters/rcptfilter I can include and
> error code in the echo'd message and this will be used as the error code
> in a rejection notice returned to a corresponding SMTP server. Is there
> any way to do this for the content filter, ~/.mailfilters/smtpfilter?
> It seems that the error returned is always an error code 558. e.g.:

Yes. The problem is that the smtpfilter is, like rcptfilter, is per-
recipient. But this SMTP transaction error code is for the entire message.
You can only return a single error code. And if different recipients'
smtpfilters return different error codes, then what?

So, Courier returns this "compound" 558 error code. Only Courier really
understands what it means, all other mail servers just see it as any other
5xx error code in response to a SMTP DATA.

Several years after I struggled with this hole in the SMTP specification,
and, by trial and error, chose to deal with it in such manner – I recall
reading some boring IETF draft allegedly addressing the same issue. Of
course, it had some other way of dealing with this, because, predictably, an
existing working implementation just wouldn't cut it, because it's NIH.

> I want to mimic as closely as possible a 550 5.1.1 "User unknown" error

That's in response to a RCPT TO, to smtpfilter.

> I seem to have gotten onto an exceptionally obnoxious spam list which
> sends me 5 or 10 spams every hour most of which, for some reason, get by
> SpamAssassin. The one characteristic of all of these, for which my
> smtpfilter rule tests, is that my email address is always spec'd in all
> caps. Few if any legitimate correspondents ever do this, and rejecting
> such email with "I don't exist" seems appropriate. I'd like the
> rejection message to resemble a standard 550 5.1.1 error as closely as
> possible.

Spamware will not pay attention to this. Spamware will generally interpret
any rejection to a SMTP DATA as coming from a content filter of a valid
email address.

Unless this is rising to a level of a DOS attack, and 5-10 an hour is not
quite there yet, just let it beat its head against your wall, like that, and
ignore it.

Matus UHLAR - fantomas

unread,
Apr 10, 2012, 9:02:46 AM4/10/12
to
>Lindsay Haisley writes:
>>If I reject an email using ~/.mailfilters/rcptfilter I can include and
>>error code in the echo'd message and this will be used as the error code
>>in a rejection notice returned to a corresponding SMTP server. Is there
>>any way to do this for the content filter, ~/.mailfilters/smtpfilter?
>>It seems that the error returned is always an error code 558. e.g.:

On 06.04.12 18:01, Sam Varshavchik wrote:
>Yes. The problem is that the smtpfilter is, like rcptfilter, is per-
>recipient. But this SMTP transaction error code is for the entire
>message. You can only return a single error code. And if different
>recipients' smtpfilters return different error codes, then what?

Using pre-data filter could solve this issue. However courier does not
support such filter and such filter would of course not see the data,
only connecting IP, helo string and mail from:.

>>I want to mimic as closely as possible a 550 5.1.1 "User unknown" error
>
>That's in response to a RCPT TO, to smtpfilter.
>
>>I seem to have gotten onto an exceptionally obnoxious spam list which
>>sends me 5 or 10 spams every hour most of which, for some reason, get by
>>SpamAssassin. The one characteristic of all of these, for which my
>>smtpfilter rule tests, is that my email address is always spec'd in all
>>caps. Few if any legitimate correspondents ever do this, and rejecting
>>such email with "I don't exist" seems appropriate. I'd like the
>>rejection message to resemble a standard 550 5.1.1 error as closely as
>>possible.
>
>Spamware will not pay attention to this. Spamware will generally
>interpret any rejection to a SMTP DATA as coming from a content
>filter of a valid email address.
>
>Unless this is rising to a level of a DOS attack, and 5-10 an hour is
>not quite there yet, just let it beat its head against your wall,
>like that, and ignore it.

and when you could answer '550 5.1.1 "User unknown"' to sender just
after rcpt to:, it could cause you troubles if you have MX backup
server running courier, with BOFHSUPPRESSBACKSCATTER set. Such mail
server would reject further messages for you, because you do not exist
:-)

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev

Sam Varshavchik

unread,
Apr 10, 2012, 8:08:20 PM4/10/12
to
Matus UHLAR - fantomas writes:

> Using pre-data filter could solve this issue. However courier does not
> support such filter and such filter would of course not see the data,
> only connecting IP, helo string and mail from:.

Of course it supports this filter. You've just described rcptfilter.

0 new messages