recepient address wrongly formatted.

Problems/questiong regarding daily usage of MailCleaner

Moderators: FlorianB, mentor, Pascal, bourgeois

m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

recepient address wrongly formatted.

Postby m.tiggelaar » Sat Oct 26, 2013 9:16 pm

Hello,

I am currently testing our MC Cluster for the past week on one of our active domains.
I have noticed atleast a couple of times that some times the recepient address is simply wrongly formatted by MC

For example the most recent case:
JetBrains Bug & Issue Tracker
----------------
Always worked on our current mailserver and anti-spam gateways.

--------------
On the domain with MC it creates a bounce like this:

Code: Select all

m.tiggelaar@key4ce.eu
filter1.mail4ce.com #<filter1.mail4ce.com #5.0.0 smtp; 550-Verification failed for <prvs=0011e2d5df=m.tiggelaar@mydomain.com> 550-User unknown 550 Sender verify failed> #SMTP#

Oorspronkelijke berichtkoppen:

Return-Path: <m.tiggelaar@mydomain.com>
Date: Sat, 26 Oct 2013 16:00:48 -0400
From: Marco Tiggelaar <m.tiggelaar@mydomain.com>
To: Marco Tiggelaar <m.tiggelaar@mydomain.com>
Message-ID: <69-133@Serverdomain.com>
Subject: [YouTrack, Tagged] Issue wsp-10093: Move WebsitePanel Scheduler
 Service to Windows Service
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_Part_1412_11305338.1382817648396"
X-Charisma: Tagged


Now incase you missed it please check how mailcleaner noted the recipeint mail:
prvs=0011e2d5df=m.tiggelaar@mydomain.com

I have had a few more issues logged like this this week.
i am not sure why MC does this for a few emails..
i am just very sure that this is a coding issue AND a serious bug.

Any help on this will be great.. else we simply bin MC as this sort of bug is something i can't live with.
Rejecting SPF: none to a greylist loop is already poor enough to live with :-)

Regards,
Marco
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: recepient address wrongly formatted.

Postby olivier » Mon Oct 28, 2013 9:20 am

http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
This is the real sender address. MailCleaner do not modify it at all.
The sender simply use BATV to validate bounce messages,
m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

Re: recepient address wrongly formatted.

Postby m.tiggelaar » Mon Oct 28, 2013 9:33 am

Well,
Something is off with "prvs=0011e2d5df=m.tiggelaar@mydomain.com" (as that doesn't look like any real address)
If it goes directly over exchange or assp this kind of issue doesn't occur with jetbrains. (bug tracker)

Any idea how to go around about it to fix it?
only seems to occur for very few emails but did see it atleast 3x in my logs (different occasions)
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: recepient address wrongly formatted.

Postby olivier » Mon Oct 28, 2013 9:40 am

hello,
please read the document I linked to in my previous mail.
This address is a BATV signed address and is in that format on purpose. This is not a bug and does not need to be fixed. This is a perfectly standard behavior.
See here http://mipassoc.org/batv/ for even more information.
m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

Re: recepient address wrongly formatted.

Postby m.tiggelaar » Mon Oct 28, 2013 10:06 am

I took a look.
but the problem is still the same: Good mails are being dropped.
mainly cause of:: That BATV address isn't known or processed by ldap and smtp address validation. (it gets the obvious user unknown reply).

Also a bit off topic but:
Is there a way to allow SPF: none but only greylist / drop when it's a fail?
at the moment it drops everything even if it's none (and plenty of domains have no spf).

Another issue i found is that SPF: none hits greylist --> then gets resend, again to greylist.. wasn't the purpouse of greylist that you come on there <delayed> and then the mail gets delivered? instead of never coming off it (duo to this i had to disable greylist untill the loop is fixed).
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: recepient address wrongly formatted.

Postby olivier » Mon Oct 28, 2013 10:19 am

m.tiggelaar wrote:I took a look.
but the problem is still the same: Good mails are being dropped.
mainly cause of:: That BATV address isn't known or processed by ldap and smtp address validation. (it gets the obvious user unknown reply).

This means that it is your users who are using BATV signing. And in that case the destination server must be aware of this and must allow the signed address to come back in. It it the purpose of BATV so you should make sure that if you users have BATV signing at the outgoing level, then the incoming destination server must also be configured for receiving these addresses.

m.tiggelaar wrote:Also a bit off topic but:
Is there a way to allow SPF: none but only greylist / drop when it's a fail?
at the moment it drops everything even if it's none (and plenty of domains have no spf).

Another issue i found is that SPF: none hits greylist --> then gets resend, again to greylist.. wasn't the purpouse of greylist that you come on there <delayed> and then the mail gets delivered? instead of never coming off it (duo to this i had to disable greylist untill the loop is fixed).


MailCleaner will never drop a session due to a missing SPF record of even a SOFTFAIL result. It will only reject message of domains which have a strict SPF policy, i.e. -all mechanism. In that case, it is defined by the sending domain that receiving server MUST reject sessions from unauthorized servers. MailCleaner is handling it the right way. Any other result (no SPF record, SOFTFAIL, PASS, etc…), will result in the acceptance of the message and further processing.
m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

Re: recepient address wrongly formatted.

Postby m.tiggelaar » Mon Oct 28, 2013 10:27 am

Hmm, alright.. i guess i better check further with Exchange. one thing is for sure: Exchange is rejecting any such mail so it's defenitly not happy with BATV addresses.

As far as SPF what i see is:
Mail arrived --> SPF: None --> Greylist

And that keeps on being repeated.. bit later the exact same mail comes back and again in greylist.
it never comes off the greylist and the email never gets delivered unless we whitelist the domain in greylist whitelist.
Then it finally comes around

We now receive all the spf: none emails but thats only duo to greylist being disabled.
i prefer greylist to be on ofcourse duo to system resources etc it saves..
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: recepient address wrongly formatted.

Postby olivier » Mon Oct 28, 2013 11:08 am

if you use MailCleaner as the outgoing gateway, you can have it do the BATV signing and it will correctly decrypt the address on receiving. Otherwise, you will have to with disable BATV signing or correctly configure it on the destination server side.

For SPF, MailCleaner will not do greylisting if SPF record succeed. All other case will lead to the greyslising to be active.
You can however define exceptions.
If an address keeps on being delayed by the greylisting, it is probably because to comes from different IP address or does not come back inside the configured delays.
m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

Re: recepient address wrongly formatted.

Postby m.tiggelaar » Mon Oct 28, 2013 11:15 am

Actually MC is configured incoming and outgoing
but it does have address validation on ldap and the address validation is checking up the batv address not the real one (which is why you get "user unknown" reply).

for MC: i know if it passes it goes well but SPF: none (not a fail and also not a pass) gets shipped off to Greylist.
this by it self isn't a problem --> problem is that it seems to keep hitting there.

so i guess it doesn't come back in time, our greylist delay was set a bit short (servers like ebay and such do not like the long delays).
i will re attempt it with a longer delay time in there.

Thanks for your support.
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: recepient address wrongly formatted.

Postby viniciusferrao » Thu Jun 26, 2014 8:23 am

m.tiggelaar wrote:Actually MC is configured incoming and outgoing
but it does have address validation on ldap and the address validation is checking up the batv address not the real one (which is why you get "user unknown" reply).

for MC: i know if it passes it goes well but SPF: none (not a fail and also not a pass) gets shipped off to Greylist.
this by it self isn't a problem --> problem is that it seems to keep hitting there.

so i guess it doesn't come back in time, our greylist delay was set a bit short (servers like ebay and such do not like the long delays).
i will re attempt it with a longer delay time in there.

Thanks for your support.


I'm with the same issue about BATV and LDAP Verification. Have you done some progress on this issue?
m.tiggelaar
Posts: 21
Joined: Fri Nov 25, 2011 12:02 pm
How did you hear about Mailcleaner: Google
Contact:

Re: recepient address wrongly formatted.

Postby m.tiggelaar » Thu Jun 26, 2014 8:34 am

No,

We have enabled smtp verification instead.

Return to “Usage”

Who is online

Users browsing this forum: No registered users and 1 guest