1
Spam email going to alias, which is being bounced and forwarded...
Question asked by Christopher York - March 24 at 11:17 AM
Unanswered
[2017.03.24] 11:56:44 [10229] Delivery started for fidelitylifeins@cluric.stream at 11:56:44 AM
[2017.03.24] 11:56:47 [10229] Starting local delivery to account_does_not_exist@domain
[2017.03.24] 11:56:47 [10229] recipient account_does_not_exist@domain does not exist.  Message directed to the domains catchall.
[2017.03.24] 11:56:47 [10229] Delivery for fidelitylifeins@cluric.stream to account_does_not_exist@domain has completed (Deleted) Filter: None
[2017.03.24] 11:56:47 [10229] End delivery to account_does_not_exist@domain
[2017.03.24] 11:56:50 [10229] Starting local delivery to delivery_to_not_exist_gmail@gmail.com
[2017.03.24] 11:56:50 [10229] Bounce email written to 73810268.eml
[2017.03.24] 11:56:50 [10229] Delivery for fidelitylifeins@cluric.stream to delivery_to_not_exist_gmail@gmail.com has completed (Bounced)
[2017.03.24] 11:56:50 [10229] Delivery for fidelitylifeins@cluric.stream to delivery_to_not_exist_gmail@gmail.com has completed (Bounced)
[2017.03.24] 11:56:50 [10229] Starting local delivery to delivery_to_local_sm_account@domain.com
[2017.03.24] 11:56:50 [10229] Delivery for fidelitylifeins@cluric.stream to delivery_to_local_sm_account@domain.com has completed (Deleted) Filter: Spam (Weight: 85), Action (Global Level): Delete
[2017.03.24] 11:56:50 [10229] End delivery to delivery_to_local_sm_account@domain.com
[2017.03.24] 11:56:50 [10229] Delivery finished for fidelitylifeins@cluric.stream at 11:56:50 AM	[id:x73810229]
The message is spam, weight 85 which they have set to delete. The spammer sends to a non-existent account which gets forwarded to their catch all, which is an alias. The alias forwards to a gmail.com account and a local (same domain) account. The forward to the local domain account is deleted per their spam settings like it should.
 
However the forward to the gmail.com address attempts to send, however the account does not exist, which results in a bounce notice ending up in our spool back to the spammer. We do have SMTP outbound blocking set to stop outgoing emails that have a high score, but in this case, it does not seem to matter.
 
Obviously removing the invalid address will fix this, but I am curious as to why SmarterMail is even attempting to forward an email that is above our "do not forward spam an above" settings.

Reply to Thread