2
Inbound message delivery
Question asked by Sabatino - 2/16/2022 at 2:34 PM
Unanswered
I have some domains configured with active inbound message delivery

In practice mx of the domain is on my server, but if the user does not exist locally it is forwarded to another server

Everything works, but I have a big doubt.

If a message is sent to a non-existent user on both my server and the relay server, who responds? How.

I did a test and I understand that an smtp session with the forwarder is opened right away. if it replies that it does not exist, it is my server that gives a reply via smtp (no bounce) from an unknown user

The thing is beautiful. But when the message arrives to my server it must first pass the antispam checks, only then is forwarding to the other server tried.
It will take some time to do this.
In all this time the smtp session with the sending server remains open? Am I wrong?
Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

4 Replies

Reply to Thread
0
Sabatino Replied
I answer myself

[2022.02.16] 22: 23: 15.995 [99750274] [Cyren Client] Done Scanning Message. MessagePath: D: \ SmarterMail \ Spool \ SubSpool1 \ 1339099750274.eml Results AV: Unknown, AS: Unknown
[2022.02.16] 22: 23: 15.995 [99750274] Spam Checks started.
[2022.02.16] 22: 23: 15.995 [99750274] Spam Checks skipped: No local recipients
[2022.02.16] 22: 23: 15.995 [99750274] Spam Checks completed.
[2022.02.16] 22: 23: 15.995 [99750274] Removed from SpamCheckQueue (0 queued or processing)
[2022.02.16] 22: 23: 18.761 [99750274] Added to RemoteDeliveryQueue (1 queued; 0/50 processing)


In practice, just apply cyren to him and skip spam checks

But at this point the doubt remains
What does it apply?
rbl and urirbl?
greylisting?
cyren what? Antivirus or antispam?
Antivirus?
Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

0
Matt Petty Replied
Employee Post
We always check emails for viruses even if they skip spam checks. Cyren might still classify it as spam but when we skip spam checks we ignore cyren's spam results. Just for completeness I'll list the other checks that still happen (if they are enabled) Cyren, Clam, Defender, and Command Line AV.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Sabatino Replied
I'm sorry but it's not like that

Here is a log that proves it

I masked the real sender and recipient

Anyway

sender: mitt@mitt.xx

Recipient:

dest@domain.dest

mx of domain.dest my server

but Inbound message delivery another server for users not present on my server

on the other server

dest@domain.dest

does not exist

cyren client identified it as spam

and in fact it doesn't even try to see if it exists on the target server.
It quarantines me outbound spam


I'm okay with it like this. I just like knowing how it works



[2022.02.17] 09:35:39.005 [99752736] Delivery started for mitt@mitt.xx at 9:35:39 AM
[2022.02.17] 09:36:03.053 [99752736] Added to SpamCheckQueue (0 queued; 2/30 processing)
[2022.02.17] 09:36:03.053 [99752736] [SpamCheckQueue] Begin Processing.
[2022.02.17] 09:36:03.053 [99752736] Blocked Sender Checks started.
[2022.02.17] 09:36:03.240 [99752736] [Cyren Client] Start Scanning Message. Enabled Services: All, MailFrom: mitt@mitt.xx, SenderIP: 115.231.154.141, MessagePath: D:\SmarterMail\Spool\SubSpool4\1339099752736.eml
[2022.02.17] 09:36:03.569 [99752736] [Cyren Client] Done Scanning Message. MessagePath: D:\SmarterMail\Spool\SubSpool4\1339099752736.eml Results AV: Unknown, AS: Confirmed
[2022.02.17] 09:36:03.569 [99752736] Spam Checks started.
[2022.02.17] 09:36:03.569 [99752736] Spam Checks skipped: No local recipients
[2022.02.17] 09:36:03.569 [99752736] Spam Checks completed.
[2022.02.17] 09:36:03.569 [99752736] Removed from SpamCheckQueue (1 queued or processing)
[2022.02.17] 09:36:06.053 [99752736] Added to RemoteDeliveryQueue (1 queued; 0/50 processing)
[2022.02.17] 09:36:06.053 [99752736] [RemoteDeliveryQueue] Begin Processing.
[2022.02.17] 09:36:06.053 [99752736] Sending remote mail from mitt@mitt.xx
[2022.02.17] 09:36:06.865 [99752736] [Cyren Client] Start Scanning Message. Enabled Services: All, MailFrom: mitt@mitt.xx, SenderIP: 115.231.154.141, MessagePath: D:\SmarterMail\Spool\SubSpool4\1339099752736.eml
[2022.02.17] 09:36:07.194 [99752736] [Cyren Client] Done Scanning Message. MessagePath: D:\SmarterMail\Spool\SubSpool4\1339099752736.eml Results AV: Unknown, AS: Confirmed
[2022.02.17] 09:36:08.209 [99752736] Spam check results: [_INTERNALSPAMASSASSIN: 5:8], [_CYREN: 30,Confirmed], [_MESSAGESNIFFER: 30,code:60], [MCAFEE: 0,passed], [SPAMHAUS - CSS: 0,passed], [SEM-URI: 0,passed], [SURBL: 0,passed], [URIBL BLACK: 0,passed], [URIBL GREY: 0,passed], [URIBL RED: 0,passed]
[2022.02.17] 09:36:08.209 [99752736] Message flagged for Quarantine
[2022.02.17] 09:36:08.209 [99752736] This message cannot be delivered as it was marked as spam. Weight: 68
[2022.02.17] 09:36:08.209 [99752736] Process delivery status notification step from recipient success. Recipient: [dest@domain.dest], Notify: [], LastError: [550 This message cannot be delivered as it was marked as spam.], RanDomainFilter: [False], RanGlobalFilter: False
[2022.02.17] 09:36:08.209 [99752736] Delivery for mitt@mitt.xx to dest@domain.dest has completed (Bounced)
[2022.02.17] 09:36:08.209 [99752736] Removed from RemoteDeliveryQueue (0 queued or processing)
[2022.02.17] 09:36:09.100 [99752736] Removing Spool message: Killed: False, Failed: False, Finished: True
[2022.02.17] 09:36:09.100 [99752736] Delivery finished for mitt@mitt.xx at 9:36:09 AM    [id:1339099752736]

Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

0
Matt Petty Replied
Employee Post
I have a feeling what might be happening here is that the email is skipping inbound spam checks but the email going outbound is still scanned for outgoing spam. 

If that is what's happening here maybe some changes to the language used in the logs to better indicate the type of spam it detected.

"This message cannot be delivered as it was marked as spam."
Vs
"This message cannot be delivered as it was marked as outbound spam." Maybe?
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread