Empty email address in "Mailbox size limit exceeded" sent to forwarding addres
Problem reported by Webio - August 25, 2017 at 1:37 AM
Submitted
Hello,
 
Scenario:
- mailbox MAILADDRESS1 - size 25MB and it has been exceeded
- mailbox MAILADDRESS1 is configured to forward mail to MAILADDRESS2 without message deletion
- MAILADDRESS2 is located on live.com domain
- SOME_SPAM_EMAIL is being sent to MAILADDRESS1 and it gets bounce/error: "Mailbox size limit exceeded"
- in moment when SOME_SPAM_EMAIL is being tried to be delivered new email is being created on MAILADDRESS1 with title "Mailbox size limit exceeded" from System Administrator
- when new email is being created also another email is being sent to forwarding address MAILADDRESS2
 
Can someone tell me why notification is being sent to remote forwarding MAILADDRESS2 since message which caused forwarding is simple local notification message? I thing there should be a switch somewhere to keep System Administrator message local.
 
Take a look at logs.
 
SMTP log (spam message is being delivered to MAILADDRES1):
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 220 MAIN_SM_INSTANCE
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] connected at 2017-08-24 02:39:49
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] IP in whitelist
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: EHLO INCOMING_GATEWAY_SM_IP
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 250-MAIN_SM_INSTANCE Hello [INCOMING_GATEWAY_SM_IP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: STARTTLS
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 220 Start TLS negotiation
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: EHLO INCOMING_GATEWAY_SM_IP
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 250-MAIN_SM_INSTANCE Hello [INCOMING_GATEWAY_SM_IP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: MAIL FROM:<SOME_SPAM_EMAIL> SIZE=31488
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 250 OK <SOME_SPAM_EMAIL> Sender ok
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: RCPT TO:<MAILADDRESS1>
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 452 <MAILADDRESS1> Mailbox size limit exceeded
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] cmd: QUIT
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] rsp: 221 Service closing transmission channel
[2017.08.24] 02:39:49 [INCOMING_GATEWAY_SM_IP][7993676] disconnected at 2017-08-24 02:39:49
Delivery log (notification about mailbox size exceeding is being sent to MAILADDRES2 for some reasong with empty email addres):
[2017.08.24] 02:39:49 [31282] Delivery started for  at 02:39:49
[2017.08.24] 02:39:53 [31282] Skipping spam checks: User authenticated
[2017.08.24] 02:39:56 [31282] Starting local delivery to MAILADDRESS1
[2017.08.24] 02:39:56 [31282] Delivery for  to MAILADDRESS1 has completed (Forwarded Delivered) Filter: None
[2017.08.24] 02:39:56 [31282] End delivery to MAILADDRESS1
[2017.08.24] 02:39:56 [31282] Sending remote mail for 
[2017.08.24] 02:39:56 [31282] Spam check results: [_CUSTOMRULES: ], [_BAYESIANFILTERING: passed]
[2017.08.24] 02:39:56 [31282] Initiating connection to OUTGOING_GATEWAY_SM_IP
[2017.08.24] 02:39:56 [31282] Connecting to OUTGOING_GATEWAY_SM_IP:25 (Id: 1)
[2017.08.24] 02:39:56 [31282] Binding to local IP LOCAL_MAIN_SM_IP:0 (Id: 1)
[2017.08.24] 02:39:56 [31282] Connection to OUTGOING_GATEWAY_SM_IP:25 from LOCAL_MAIN_SM_IP:37559 succeeded (Id: 1)
[2017.08.24] 02:39:56 [31282] RSP: 220 OUTGOING_GATEWAY_INSTANCE
[2017.08.24] 02:39:56 [31282] CMD: EHLO MAIN_SM_INSTANCE
[2017.08.24] 02:39:56 [31282] RSP: 250-OUTGOING_GATEWAY_INSTANCE Hello [LOCAL_MAIN_SM_IP]
[2017.08.24] 02:39:56 [31282] RSP: 250-SIZE 104857600
[2017.08.24] 02:39:56 [31282] RSP: 250-AUTH LOGIN CRAM-MD5
[2017.08.24] 02:39:56 [31282] RSP: 250-STARTTLS
[2017.08.24] 02:39:56 [31282] RSP: 250-8BITMIME
[2017.08.24] 02:39:56 [31282] RSP: 250 OK
[2017.08.24] 02:39:56 [31282] CMD: STARTTLS
[2017.08.24] 02:39:56 [31282] RSP: 220 Start TLS negotiation
[2017.08.24] 02:39:56 [31282] CMD: EHLO MAIN_SM_INSTANCE
[2017.08.24] 02:39:56 [31282] RSP: 250-OUTGOING_GATEWAY_INSTANCE Hello [LOCAL_MAIN_SM_IP]
[2017.08.24] 02:39:56 [31282] RSP: 250-SIZE 104857600
[2017.08.24] 02:39:56 [31282] RSP: 250-AUTH LOGIN CRAM-MD5
[2017.08.24] 02:39:56 [31282] RSP: 250-8BITMIME
[2017.08.24] 02:39:56 [31282] RSP: 250 OK
[2017.08.24] 02:39:56 [31282] CMD: MAIL FROM:<> SIZE=1030
[2017.08.24] 02:39:56 [31282] RSP: 250 OK <> Sender ok
[2017.08.24] 02:39:56 [31282] CMD: RCPT TO:<MAILADDRESS2>
[2017.08.24] 02:39:56 [31282] RSP: 250 OK <MAILADDRESS2> Recipient ok
[2017.08.24] 02:39:56 [31282] CMD: DATA
[2017.08.24] 02:39:56 [31282] RSP: 354 Start mail input; end with <CRLF>.<CRLF>
[2017.08.24] 02:39:56 [31282] RSP: 250 OK
[2017.08.24] 02:39:56 [31282] CMD: QUIT
[2017.08.24] 02:39:56 [31282] RSP: 221 Service closing transmission channel
[2017.08.24] 02:39:56 [31282] Delivery for  to MAILADDRESS2 has completed (Delivered)
[2017.08.24] 02:39:59 [31282] Delivery finished for  at 02:39:59	[id:830131282]
	
Shouldn't local notifications messages from System Administrator be delivered only to local account and not sent to forwarding address?
 
Another thing is also interesting and probably this is cause of my problems (about this below). Local "Mailbox size limit exceeded" message contains sender "System Administrator" with proper email address from SmarterMail configuration System Messages section BUT as you can see from Delivery log message sent to forwarding MAILADDRESS2 has empty email addres as sender.
 
I'm investigating this because my outgoing gateway has been marked on SORBS list and I'm trying to figure out why and IMHO cause is:
 
empty sender address in message "MailboxSizeLimitExceeded" which is being sent to forwarding MAILADDRESS2 configured in MAILADDRESS1
 
Any comments?
 
Thanks

4 Replies

Reply to Thread
0
Webio Replied
Take a look here:
 
[2017.08.24] 01:11:17 [29411] CMD: MAIL FROM:<> SIZE=1002
[2017.08.24] 01:28:00 [29827] CMD: MAIL FROM:<> SIZE=1008
[2017.08.24] 01:28:30 [29849] CMD: MAIL FROM:<> SIZE=1026
[2017.08.24] 01:35:43 [30000] CMD: MAIL FROM:<> SIZE=1000
[2017.08.24] 02:02:11 [30543] CMD: MAIL FROM:<> SIZE=1020
[2017.08.24] 02:07:10 [30672] CMD: MAIL FROM:<> SIZE=1032
[2017.08.24] 02:09:15 [30711] CMD: MAIL FROM:<> SIZE=1012
[2017.08.24] 02:23:37 [30976] CMD: MAIL FROM:<> SIZE=1026
[2017.08.24] 02:31:52 [31142] CMD: MAIL FROM:<> SIZE=1022
[2017.08.24] 02:35:38 [31217] CMD: MAIL FROM:<> SIZE=1024
[2017.08.24] 02:39:56 [31282] CMD: MAIL FROM:<> SIZE=1030
[2017.08.24] 03:02:30 [31732] CMD: MAIL FROM:<> SIZE=10360
[2017.08.24] 03:14:56 [32007] CMD: MAIL FROM:<> SIZE=1048
[2017.08.24] 03:49:16 [32450] CMD: MAIL FROM:<> SIZE=1020
[2017.08.24] 05:25:30 [34374] CMD: MAIL FROM:<> SIZE=1008
[2017.08.24] 06:02:42 [35235] CMD: MAIL FROM:<> SIZE=10272
[2017.08.24] 07:20:26 [38994] CMD: MAIL FROM:<> SIZE=1048
[2017.08.24] 09:13:22 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 09:18:25 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 09:21:35 [51483] CMD: MAIL FROM:<> SIZE=10538
[2017.08.24] 09:33:28 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 09:48:21 [54762] CMD: MAIL FROM:<> SIZE=10125
[2017.08.24] 09:48:22 [54762] CMD: MAIL FROM:<> SIZE=10125
[2017.08.24] 10:08:31 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 11:08:32 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 11:53:58 [70289] CMD: MAIL FROM:<> SIZE=10329
[2017.08.24] 12:38:33 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 13:03:47 [78813] CMD: MAIL FROM:<> SIZE=10592
[2017.08.24] 13:14:36 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 13:15:51 [80429] CMD: MAIL FROM:<> SIZE=10236
[2017.08.24] 13:16:37 [80506] CMD: MAIL FROM:<> SIZE=10583
[2017.08.24] 13:24:39 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 13:44:39 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 14:14:41 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 14:40:12 [90037] CMD: MAIL FROM:<> SIZE=10875
[2017.08.24] 14:43:34 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 15:16:13 [93747] CMD: MAIL FROM:<> SIZE=1030
[2017.08.24] 15:19:42 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 16:54:44 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 18:46:17 [58339] CMD: MAIL FROM:<> SIZE=10560
[2017.08.24] 18:48:36 [50311] CMD: MAIL FROM:<> SIZE=10116
[2017.08.24] 18:54:46 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 22:49:28 [94904] CMD: MAIL FROM:<> SIZE=10060
[2017.08.24] 22:54:49 [80291] CMD: MAIL FROM:<> SIZE=10401
[2017.08.24] 22:55:47 [94289] CMD: MAIL FROM:<> SIZE=10249
[2017.08.24] 23:02:21 [20019] CMD: MAIL FROM:<> SIZE=10002
This is delivery log entries from yesterday for "MAIL FROM:<> SIZE=10" keyword in log. It looks like there is a lot of messages forwarded or bounced with no FROM address which can lead to blacklist adding.
Can someone confirm this issue on your end? I'm using SM 15.7.6400
0
Webio Replied
Can someone at least check your main server delivery log for 
 
CMD: MAIL FROM:<> 
? If you have set System Administrator email address there should be no bounces sent with empty MAIL FROM. This can cause you server to be blacklisted.
0
David Jamell Replied
How does one set the System Administrator email address?
0
Webio Replied
Crap. My mistake. This STILL can't be set for bounce messages. Only place where System Administrator email used to FROM field is Admin Settings -> System Messages but this section does not contain bounce messages.

I literally can say WTF SmarterTools? Even simple entry in mailConfig.xml file would solve this problem.

This has been reported (I know I know this is community forum but c'mon don't you even look here and consider some bugs as ones which you should take care of without support ticket?) here:

https://portal.smartertools.com/community/a87400/how-to-set-system-administrator-email-address-which-is-being-used-for-delivery-failure-emails.aspx

few months ago.

Reply to Thread