3
SmarterMail issue with Backscatter
Problem reported by Ashkan Nasiri - 3/22/2019 at 8:26 PM
Submitted
We have a +15 Enterprise v16 SMs and nearly all of them are listed in Backscatter RBL. Apparently disabling "Settings > Protocols > SMTP Out > Enable Remote Bounces" should resolve the issue however it's not the case for us.
Also since we are hosting +1000 mail domains on each instance of mail server we can't locate the ones that are bouncing spams thus not able to enable a custom content filtering to handle it.

Is there a bug in our SM's version that disabling "Remote Bounces" isn't fixing the issue? Is there any other way to resolve this problem?

4 Replies

Reply to Thread
0
Bob Bell Replied
I have the same problem. Need a fix because emails are not getting through to any server that subscribes to backscatter RBL.

What is the fix?

Thanks.
Web Engineer http://www.fullblownwebdesign.com
0
Douglas Foster Replied
Have you reviewed your logs to find bouncing messages?  Check both SMTP and Delivery logs.

Messages can be undeliverable for different reasons:
Nonexistent recipient
Recipient with SMTP IN disabled
Recipient disabled with no mail
Mailbox quota exceeded
Alias or mailing list address that cannot be delivered for any of the above reasons.

Based on my testing:
the first two should be rejected in the SMTP logs, so the NDR is sent by the submitting system.
Thee second two are bounced in the Delivery logs, after the message is accepted, sothe NDR is sent by SM. Subject line begins with Failed:
The last problem does not generate a bounce message to the originator.

If you can confirm my data, you can minimize the problem by deleting rather than disabling obsolete accounts, or by configuring a spam filter rule that catches ouI tbound messages with Failed: in the subject line.  I have a spam filter in front of SM, so I am intercepting NDRs there.
0
Douglas Foster Replied
Do you use a plugin like Declude or SpamAssassin?  They may be triggering NDRs as well.
0
Douglas Foster Replied
If you do not have one already, it is a good idea to establish a free account on MXToolbox.com to monitor the reputation of all of the IP addresses and domain names that you control.

If you have blacklists occurring on the same RBL for different IP addresses, the RBL may have a problem, and you should check with them.

If you are legitimately getting blacklisted for backscatter, there are a small number of possibilities which needs to be fixed:
  1. You are receiving messages with fraudulent return paths, then bouncing them.   Detected spam should be bounced silently.   If you are bouncing spam for reasons other than spam detection, then your spam filters need to be tightened so that the message is detected as spam.
  2. You are allowing auto-forwards, and SM is not configured to use SRS encoding of forwarded messages.  I would expect this to cause problems on lists other then Backscatter RBLs.
  3. You have an infection and the malware is sending bogus NDRs or autoreplies.
The setting that you mentioned is irrelevant.   SM does not do BATV encoding, so it cannot tell whether an incoming NDR is valid or fruadulent.   With the setting off, it blocks incoming NDRs from remote sources.   With it enabled, it accepts all NDRs and autoreplies as valid.

You should consider these settings:
Site Administrator... Antispam... Options:  Autoresponders = Disabled, Content Blocking Bounces = Disabled.


Reply to Thread