So. Here you have real life scenario (logs below).
User
VALID@EMAIL.COM is sending email to
NOTEXISTING@gmail.com to cause no such user here on gmail side. As you can see gmail is bouncing with this error. Outgoing gateway OUTGOINGGATEWAYIP is creating bounce and delivers it to incoming gateway INCOMINGGATEWAYHOST.
And here we have interesting observation because bounce has:
2020.04.08 09:33:59.291 [OUTGOINGGATEWAYIP][8752592] cmd: MAIL FROM:<VALID@EMAIL.COM> RET=HDRS ENVID=092ddad7-50d5-4154-8211-42d73216e764 SIZE=3513
while bounce in mail header has
2020.04.08 09:33:59.385 [OUTGOINGGATEWAYIP][8752592] senderEmail(2): SYSTEM@ADMIN.COM parsed using: "System Administrator Out 1" <SYSTEM@ADMIN.COM>
Then we see that incoming gateway INCOMINGGATEWAYLOCALIP is trying to deliver this message to PRIMARYSMLOCALIP with:
2020.04.08 09:34:16.373 [59392] CMD: MAIL FROM:<VALID@EMAIL.COM> RET=HDRS ENVID=092ddad7-50d5-4154-8211-42d73216e764 SIZE=3735
which is causing spoofing protection:
2020.04.08 09:34:16.405 [59392] RSP: 550 Authentication is required for relay
bacause domain for
VALID@EMAIL.COM is created locally so any remote delivery is rejected with 550 error.
Yes I have "Enable Domain's SMTP auth setting for local deliveries". Does disabling this param will also not create some kind of open relay server?
Enable Domain's SMTP auth setting for local deliveries - Toggle the slider to the right to enforce SMTP authentication for all local deliveries. For example, mail from user1@example.com to user2@example.com must be authenticated even though the message is bound for local delivery.
outgoing gateway delivery log
2020.04.08 09:33:26.865 [85967] Delivery started for VALID@EMAIL.COM at 09:33:26
2020.04.08 09:33:38.865 [85967] Added to SpamCheckQueue (0 queued; 1/30 processing)
2020.04.08 09:33:38.865 [85967] [SpamCheckQueue] Begin Processing.
2020.04.08 09:33:38.865 [85967] Starting Spam Checks.
2020.04.08 09:33:38.865 [85967] Skipping spam checks: No local recipients
2020.04.08 09:33:38.865 [85967] Spam Checks completed.
2020.04.08 09:33:38.865 [85967] Removed from SpamCheckQueue (0 queued or processing)
2020.04.08 09:33:41.881 [85967] Added to RemoteDeliveryQueue (1 queued; 2/200 processing)
2020.04.08 09:33:41.881 [85967] [RemoteDeliveryQueue] Begin Processing.
2020.04.08 09:33:41.881 [85967] Sending remote mail for VALID@EMAIL.COM
2020.04.08 09:33:41.881 [85967] Spam check results:
2020.04.08 09:33:41.881 [85967] MxRecord count: '5' for domain 'gmail.com'
2020.04.08 09:33:41.881 [85967] Attempting MxRecord Host Name: 'gmail-smtp-in.l.google.com', preference '5', Ip Count: '1'
2020.04.08 09:33:41.881 [85967] Attempting to send to MxRecord 'gmail-smtp-in.l.google.com' ip: '173.194.73.27'
2020.04.08 09:33:41.881 [85967] Sending remote mail to: NOTEXISTING@gmail.com
2020.04.08 09:33:41.881 [85967] Initiating connection to 173.194.73.27
2020.04.08 09:33:41.881 [85967] Connecting to 173.194.73.27:25 (Id: 1)
2020.04.08 09:33:41.881 [85967] Binding to local IP OUTGOINGGATEWAYIP (Id: 1)
2020.04.08 09:33:41.912 [85967] Connection to 173.194.73.27:25 from OUTGOINGGATEWAYIP:10967 succeeded (Id: 1)
2020.04.08 09:33:41.959 [85967] RSP: 220 mx.google.com ESMTP y16si3664322ljy.202 - gsmtp
2020.04.08 09:33:41.959 [85967] CMD: EHLO OUTGOINGGATEWAYHOST
2020.04.08 09:33:42.006 [85967] RSP: 250-mx.google.com at your service, [OUTGOINGGATEWAYIP]
2020.04.08 09:33:42.006 [85967] RSP: 250-SIZE 157286400
2020.04.08 09:33:42.006 [85967] RSP: 250-8BITMIME
2020.04.08 09:33:42.006 [85967] RSP: 250-STARTTLS
2020.04.08 09:33:42.006 [85967] RSP: 250-ENHANCEDSTATUSCODES
2020.04.08 09:33:42.006 [85967] RSP: 250-PIPELINING
2020.04.08 09:33:42.006 [85967] RSP: 250-CHUNKING
2020.04.08 09:33:42.006 [85967] RSP: 250 SMTPUTF8
2020.04.08 09:33:42.006 [85967] CMD: STARTTLS
2020.04.08 09:33:42.068 [85967] RSP: 220 2.0.0 Ready to start TLS
2020.04.08 09:33:42.099 [85967] CMD: EHLO OUTGOINGGATEWAYHOST
2020.04.08 09:33:42.178 [85967] RSP: 250-mx.google.com at your service, [OUTGOINGGATEWAYIP]
2020.04.08 09:33:42.178 [85967] RSP: 250-SIZE 157286400
2020.04.08 09:33:42.178 [85967] RSP: 250-8BITMIME
2020.04.08 09:33:42.178 [85967] RSP: 250-ENHANCEDSTATUSCODES
2020.04.08 09:33:42.178 [85967] RSP: 250-PIPELINING
2020.04.08 09:33:42.178 [85967] RSP: 250-CHUNKING
2020.04.08 09:33:42.178 [85967] RSP: 250 SMTPUTF8
2020.04.08 09:33:42.178 [85967] CMD: MAIL FROM:<VALID@EMAIL.COM> SIZE=4269
2020.04.08 09:33:42.240 [85967] RSP: 250 2.1.0 OK y16si3664322ljy.202 - gsmtp
2020.04.08 09:33:42.240 [85967] CMD: RCPT TO:<NOTEXISTING@gmail.com>
2020.04.08 09:33:42.303 [85967] RSP: 550-5.1.1 The email account that you tried to reach does not exist. Please try
2020.04.08 09:33:42.303 [85967] RSP: 550-5.1.1 double-checking the recipient's email address for typos or
2020.04.08 09:33:42.303 [85967] RSP: 550-5.1.1 unnecessary spaces. Learn more at
2020.04.08 09:33:42.303 [85967] RSP: 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser y16si3664322ljy.202 - gsmtp
2020.04.08 09:33:42.303 [85967] CMD: QUIT
2020.04.08 09:33:42.365 [85967] RSP: 221 2.0.0 closing connection y16si3664322ljy.202 - gsmtp
2020.04.08 09:33:42.365 [85967] Attempt to ip, '173.194.73.27' success: 'True'
2020.04.08 09:33:42.365 [85967] Delivery for VALID@EMAIL.COM to NOTEXISTING@gmail.com has bounced. Reason: Remote host said: 550 5.1.1 The email account that you tried to reach does not exist. Please try
2020.04.08 09:33:42.365 [85967] DSN email written to -1548961585971 with status failed to NOTEXISTING@gmail.com
2020.04.08 09:33:42.365 [85967] Process delivery status notification step from recipient success. Recipient: [NOTEXISTING@gmail.com], Notify: [failure], LastError: [550 5.1.1 The email account that you tried to reach does not exist. Please try
2020.04.08 09:33:42.365 [85967] Delivery for VALID@EMAIL.COM to NOTEXISTING@gmail.com has completed (Bounced)
2020.04.08 09:33:42.365 [85967] Removed from RemoteDeliveryQueue (2 queued or processing)
2020.04.08 09:33:44.881 [85967] Removing Spool message: Killed: False, Failed: False, Finished: True
2020.04.08 09:33:44.881 [85967] Delivery finished for VALID@EMAIL.COM at 09:33:44 [id:-1548961585967]
Incoming gateway smtp log
2020.04.08 09:33:58.948 [OUTGOINGGATEWAYIP][8752592] rsp: 220 INCOMINGGATEWAYHOST
2020.04.08 09:33:58.948 [OUTGOINGGATEWAYIP][8752592] connected at 2020-04-08 09:33:58
2020.04.08 09:33:58.948 [OUTGOINGGATEWAYIP][8752592] Country code: PL
2020.04.08 09:33:58.948 [OUTGOINGGATEWAYIP][8752592] IP in whitelist
2020.04.08 09:33:58.948 [OUTGOINGGATEWAYIP][8752592] IP in authentication bypass
2020.04.08 09:33:58.979 [OUTGOINGGATEWAYIP][8752592] cmd: EHLO OUTGOINGGATEWAYHOST
2020.04.08 09:33:58.979 [OUTGOINGGATEWAYIP][8752592] rsp: 250-INCOMINGGATEWAYHOST Hello [OUTGOINGGATEWAYIP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5 NTLM250-STARTTLS250-8BITMIME250-DSN250 OK
2020.04.08 09:33:59.026 [OUTGOINGGATEWAYIP][8752592] cmd: STARTTLS
2020.04.08 09:33:59.026 [OUTGOINGGATEWAYIP][8752592] rsp: 220 Start TLS negotiation
2020.04.08 09:33:59.276 [OUTGOINGGATEWAYIP][8752592] cmd: EHLO OUTGOINGGATEWAYHOST
2020.04.08 09:33:59.276 [OUTGOINGGATEWAYIP][8752592] rsp: 250-INCOMINGGATEWAYHOST Hello [OUTGOINGGATEWAYIP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5 NTLM250-8BITMIME250-DSN250 OK
2020.04.08 09:33:59.291 [OUTGOINGGATEWAYIP][8752592] cmd: MAIL FROM:<VALID@EMAIL.COM> RET=HDRS ENVID=092ddad7-50d5-4154-8211-42d73216e764 SIZE=3513
2020.04.08 09:33:59.291 [OUTGOINGGATEWAYIP][8752592] senderEmail(1): VALID@EMAIL.COM parsed using: <VALID@EMAIL.COM>
2020.04.08 09:33:59.291 [OUTGOINGGATEWAYIP][8752592] rsp: 250 OK <VALID@EMAIL.COM> Sender ok
2020.04.08 09:33:59.291 [OUTGOINGGATEWAYIP][8752592] Sender accepted. Weight: 0. Block threshold: 90.
2020.04.08 09:33:59.323 [OUTGOINGGATEWAYIP][8752592] cmd: RCPT TO:<VALID@EMAIL.COM> NOTIFY=FAILURE
2020.04.08 09:33:59.323 [OUTGOINGGATEWAYIP][8752592] rsp: 250 OK <VALID@EMAIL.COM> Recipient ok
2020.04.08 09:33:59.354 [OUTGOINGGATEWAYIP][8752592] cmd: DATA
2020.04.08 09:33:59.354 [OUTGOINGGATEWAYIP][8752592] Performing PTR host name lookup for OUTGOINGGATEWAYIP
2020.04.08 09:33:59.354 [OUTGOINGGATEWAYIP][8752592] PTR host name for OUTGOINGGATEWAYIP resolved as OUTGOINGGATEWAYHOST
2020.04.08 09:33:59.354 [OUTGOINGGATEWAYIP][8752592] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
2020.04.08 09:33:59.385 [OUTGOINGGATEWAYIP][8752592] senderEmail(2): SYSTEM@ADMIN.COM parsed using: "System Administrator Out 1" <SYSTEM@ADMIN.COM>
2020.04.08 09:33:59.603 [OUTGOINGGATEWAYIP][8752592] rsp: 250 OK
2020.04.08 09:33:59.603 [OUTGOINGGATEWAYIP][8752592] Received message size: 3518 bytes
2020.04.08 09:33:59.603 [OUTGOINGGATEWAYIP][8752592] Successfully wrote to the HDR file. (D:\Poczta\Spool\SubSpool5\-1587934859392.hdr)
2020.04.08 09:33:59.603 [OUTGOINGGATEWAYIP][8752592] Data transfer succeeded, writing mail to -1587934859392.eml (MessageID: <80bb30f8aaa84c0ba892d8e13f76d405@gmail.com>)
2020.04.08 09:33:59.619 [OUTGOINGGATEWAYIP][8752592] cmd: QUIT
2020.04.08 09:33:59.619 [OUTGOINGGATEWAYIP][8752592] rsp: 221 Service closing transmission channel
2020.04.08 09:33:59.619 [OUTGOINGGATEWAYIP][8752592] disconnected at 2020-04-08 09:33:59
incoming gateway delivery log
2020.04.08 09:34:00.992 [59392] Delivery started for VALID@EMAIL.COM (via bypass) at 09:34:00
2020.04.08 09:34:13.160 [59392] Added to SpamCheckQueue (0 queued; 1/30 processing)
2020.04.08 09:34:13.160 [59392] [SpamCheckQueue] Begin Processing.
2020.04.08 09:34:13.160 [59392] Starting Spam Checks.
2020.04.08 09:34:13.160 [59392] Skipping spam checks: User authenticated
2020.04.08 09:34:13.160 [59392] Spam Checks completed.
2020.04.08 09:34:13.160 [59392] Removed from SpamCheckQueue (0 queued or processing)
2020.04.08 09:34:16.217 [59392] Added to RemoteDeliveryQueue (0 queued; 1/50 processing)
2020.04.08 09:34:16.217 [59392] [RemoteDeliveryQueue] Begin Processing.
2020.04.08 09:34:16.217 [59392] Sending remote mail for VALID@EMAIL.COM
2020.04.08 09:34:16.217 [59392] Sending remote mail to: VALID@EMAIL.COM
2020.04.08 09:34:16.217 [59392] Initiating connection to PRIMARYSMLOCALIP
2020.04.08 09:34:16.217 [59392] Connecting to PRIMARYSMLOCALIP:25 (Id: 1)
2020.04.08 09:34:16.217 [59392] Binding to local IP INCOMINGGATEWAYLOCALIP (Id: 1)
2020.04.08 09:34:16.217 [59392] Connection to PRIMARYSMLOCALIP:25 from INCOMINGGATEWAYLOCALIP:63825 succeeded (Id: 1)
2020.04.08 09:34:16.217 [59392] RSP: 220 PRIMARYHOST
2020.04.08 09:34:16.217 [59392] CMD: EHLO INCOMINGGATEWAYHOST
2020.04.08 09:34:16.249 [59392] RSP: 250-PRIMARYHOST Hello [INCOMINGGATEWAYLOCALIP]
2020.04.08 09:34:16.249 [59392] RSP: 250-SIZE 104857600
2020.04.08 09:34:16.249 [59392] RSP: 250-AUTH LOGIN CRAM-MD5 NTLM
2020.04.08 09:34:16.249 [59392] RSP: 250-STARTTLS
2020.04.08 09:34:16.249 [59392] RSP: 250-8BITMIME
2020.04.08 09:34:16.249 [59392] RSP: 250-DSN
2020.04.08 09:34:16.249 [59392] RSP: 250 OK
2020.04.08 09:34:16.249 [59392] CMD: STARTTLS
2020.04.08 09:34:16.280 [59392] RSP: 220 Start TLS negotiation
2020.04.08 09:34:16.280 [59392] Certificate name mismatch.
2020.04.08 09:34:16.280 [59392] CMD: EHLO INCOMINGGATEWAYHOST
2020.04.08 09:34:16.373 [59392] RSP: 250-PRIMARYHOST Hello [INCOMINGGATEWAYLOCALIP]
2020.04.08 09:34:16.373 [59392] RSP: 250-SIZE 104857600
2020.04.08 09:34:16.373 [59392] RSP: 250-AUTH LOGIN CRAM-MD5 NTLM
2020.04.08 09:34:16.373 [59392] RSP: 250-8BITMIME
2020.04.08 09:34:16.373 [59392] RSP: 250-DSN
2020.04.08 09:34:16.373 [59392] RSP: 250 OK
2020.04.08 09:34:16.373 [59392] CMD: MAIL FROM:<VALID@EMAIL.COM> RET=HDRS ENVID=092ddad7-50d5-4154-8211-42d73216e764 SIZE=3735
2020.04.08 09:34:16.405 [59392] RSP: 550 Authentication is required for relay
2020.04.08 09:34:16.405 [59392] CMD: QUIT
2020.04.08 09:34:21.412 [59392] Removed from RemoteDeliveryQueue (0 queued or processing)
2020.04.08 09:34:22.348 [59392] Removing Spool message: Killed: True, Failed: False, Finished: False
2020.04.08 09:34:22.348 [59392] Delivery finished for VALID@EMAIL.COM at 09:34:22 [id:-1587934859392]
EDIT:
When it comes to delivery notifiaction errors I see that latest notification I have from august 2019 and it contains:
Return-Path: <>
Received: from INCOMINGGATEWAYHOST (UnknownHost [INCOMINGGATEWAYLOCALIP]) by PRIMARYHOST with SMTP
(version=TLS\Tls
cipher=Aes256 bits=256);
Mon, 19 Aug 2019 11:25:01 +0200
Received: from OUTGOINGGATEWAYHOST (OUTGOINGGATEWAYHOST [OUTGOINGGATEWAYIP]) by INCOMINGGATEWAYHOST with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Mon, 19 Aug 2019 11:23:32 +0200
Message-ID: <637018105916155383@OUTGOINGGATEWAYHOST>
From: "System Administrator"
To: VALID@EMAIL.COM
Date: Mon, 19 Aug 2019 11:23:11 +0200
Subject: Delivery Failure
Content-Type: text/plain
Auto-Submitted: auto-generated
X-SmarterMail-MessageType: Bounce
X-Exim-Id: 637018105916155383
X-SmarterMail-SmartHostSpam:
X-SmarterMail-SmartHostSpamWeight: 0
X-SmarterMail-SmartHostSpamSalt: 1230971332
X-SmarterMail-SmartHostSpamKey: 1913677964
X-SmarterMail-TotalSpamWeight: 0
headers and in incoming gateway delivery log it looked like this:
2019.08.19 11:23:33.382 [49393] Delivery started for at 11:23:33
2019.08.19 11:23:33.382 [49393] Spool message was missing Return-Path; Also missing FROM header. If this is a system message this is normal behavior.
2019.08.19 11:23:43.693 [49393] Added to SpamCheckQueue (0 queued; 4/30 processing)
2019.08.19 11:23:43.693 [49393] [SpamCheckQueue] Begin Processing.
2019.08.19 11:23:43.693 [49393] Starting Spam Checks.
2019.08.19 11:23:43.693 [49393] Skipping spam checks: Bounce Message
2019.08.19 11:23:43.693 [49393] Spam Checks completed.
2019.08.19 11:23:43.693 [49393] Removed from SpamCheckQueue (3 queued or processing)
2019.08.19 11:23:46.954 [49393] Added to RemoteDeliveryQueue (0 queued; 2/50 processing)
2019.08.19 11:23:46.954 [49393] [RemoteDeliveryQueue] Begin Processing.
2019.08.19 11:23:46.954 [49393] Sending remote mail for
2019.08.19 11:23:46.969 [49393] Sending remote mail to: VALID@EMAIL.COM
2019.08.19 11:23:46.969 [49393] Initiating connection to PRIMARYSMLOCALIP
2019.08.19 11:23:46.969 [49393] Connecting to PRIMARYSMLOCALIP:25 (Id: 1)
2019.08.19 11:23:46.969 [49393] Binding to local IP INCOMINGGATEWAYLOCALIP (Id: 1)
2019.08.19 11:23:46.985 [49393] Connection to PRIMARYSMLOCALI:25 from INCOMINGGATEWAYLOCALIP:59215 succeeded (Id: 1)
2019.08.19 11:23:46.985 [49393] RSP: 220 PRIMARYHOST
2019.08.19 11:23:46.985 [49393] CMD: EHLO INCOMINGGATEWAYHOST
2019.08.19 11:23:47.016 [49393] RSP: 250-PRIMARYHOST Hello [INCOMINGGATEWAYLOCALIP]
2019.08.19 11:23:47.016 [49393] RSP: 250-SIZE 104857600
2019.08.19 11:23:47.016 [49393] RSP: 250-AUTH LOGIN CRAM-MD5
2019.08.19 11:23:47.016 [49393] RSP: 250-STARTTLS
2019.08.19 11:23:47.016 [49393] RSP: 250-8BITMIME
2019.08.19 11:23:47.016 [49393] RSP: 250-DSN
2019.08.19 11:23:47.016 [49393] RSP: 250 OK
2019.08.19 11:23:47.016 [49393] CMD: STARTTLS
2019.08.19 11:23:47.047 [49393] RSP: 220 Start TLS negotiation
2019.08.19 11:23:47.047 [49393] Certificate name mismatch.
2019.08.19 11:23:47.047 [49393] CMD: EHLO INCOMINGGATEWAYHOST
2019.08.19 11:23:47.141 [49393] RSP: 250-PRIMARYHOST Hello [INCOMINGGATEWAYLOCALIP]
2019.08.19 11:23:47.141 [49393] RSP: 250-SIZE 104857600
2019.08.19 11:23:47.141 [49393] RSP: 250-AUTH LOGIN CRAM-MD5
2019.08.19 11:23:47.141 [49393] RSP: 250-8BITMIME
2019.08.19 11:23:47.141 [49393] RSP: 250-DSN
2019.08.19 11:23:47.141 [49393] RSP: 250 OK
2019.08.19 11:23:47.141 [49393] CMD: MAIL FROM:<> RET=HDRS ENVID=36162033-8423-4c1f-909d-3399e3de68b1 SIZE=2834
2019.08.19 11:23:47.172 [49393] RSP: 250 OK <> Sender ok
2019.08.19 11:23:47.172 [49393] CMD: RCPT TO:<VALID@EMAIL.COM> NOTIFY=NEVER
2019.08.19 11:23:47.203 [49393] RSP: 250 OK <VALID@EMAIL.COM> Recipient ok
2019.08.19 11:23:47.203 [49393] CMD: DATA
2019.08.19 11:23:47.266 [49393] RSP: 354 Start mail input; end with <CRLF>.<CRLF>
2019.08.19 11:23:47.484 [49393] RSP: 250 OK
2019.08.19 11:23:47.484 [49393] CMD: QUIT
2019.08.19 11:23:47.547 [49393] RSP: 221 Service closing transmission channel
2019.08.19 11:23:47.547 [49393] Delivery for to VALID@EMAIL.COM has completed (Delivered)
2019.08.19 11:23:47.547 [49393] Removed from RemoteDeliveryQueue (2 queued or processing)
2019.08.19 11:23:50.011 [49393] Removing Spool message: Killed: False, Failed: False, Finished: True
2019.08.19 11:23:50.011 [49393] Delivery finished for at 11:23:50 [id:71549393]
so as you can see there was empty FROM field:
2019.08.19 11:23:47.141 [49393] CMD: MAIL FROM:<> RET=HDRS ENVID=36162033-8423-4c1f-909d-3399e3de68b1 SIZE=2834
which was not triggering spoofing protection and thats why it was delivering bounce to its sender.