Email being bounced by smarthost

Discussion:

(too old to reply)

Marc Palmer

2003-10-18 14:44:33 UTC

Hmmm, today for the first time Easynet's smarthost is bouncing messages
back to me. They are messages posted from a mailing list I host and have
always done so on my ADSL line, using my local SMTP server.

The error message for each recipient of the message (using multiple RCPT
TO: SMTP commands) is:

Message appears to be from known spam source exploiting SMTP AUTH
weakness.

What the hell is this? I'm not spam, and I'm not exploiting any
weaknesses, and I don't run an open relay either.

Can Easynet please tell me why on earch RFC compliant SMTP usage is now
causing a problem? ...and more importantly when it will be fixed?

I can work around the problem for now by cracking the list messages so
there is one distinct message per recipient (instead of one per 50 or so
recipients) but that significantly wastes bandwidth.

Thanks in advance.

--
Marc Palmer
http://www.wangjammers.org

Anthony Edwards

2003-10-18 16:33:33 UTC

Permalink

Post by Marc Palmer
Hmmm, today for the first time Easynet's smarthost is bouncing messages
back to me. They are messages posted from a mailing list I host and have
always done so on my ADSL line, using my local SMTP server.
The error message for each recipient of the message (using multiple RCPT
Message appears to be from known spam source exploiting SMTP AUTH
weakness.
What the hell is this? I'm not spam, and I'm not exploiting any
weaknesses, and I don't run an open relay either.

This seems likely to be an unintended consequence of some emergency
filtering that has been put in place as the result of some serious,
ongoing abuse incidents (not involving yourself, I hasten to add).

I would be grateful if you could email me a full and complete copy of
one of the bounce messages that you have received. This will enable
us to see if this unintended consequence can be mitigated, and how.

Many thanks.

--
Anthony Edwards * ***@uk.easynet.net
Abuse Team Manager * Tel: 0800 053 0588
Easynet Ltd * DDI: 0161 227 0707
http://www.uk.easynet.net * Fax: 0845 333 4503

Chris Thompson

2003-10-18 22:01:27 UTC

Permalink

Post by Anthony Edwards

This seems likely to be an unintended consequence of some emergency
filtering that has been put in place as the result of some serious,
ongoing abuse incidents (not involving yourself, I hasten to add).
I would be grateful if you could email me a full and complete copy of
one of the bounce messages that you have received. This will enable
us to see if this unintended consequence can be mitigated, and how.

Got another one for you!

I got a bounce back tonight (18:08) from an email I sent last Sunday - the
email actually had the wrong email address on but it still bounced with the
above mentioned error. It was sent to one recipient, but the body had lots
of other peoples email addresses in it (if that makes any difference)

I tried to email you the error report message, but that bounced too with the
same error!

I use "roam.easynet.co.uk" (if that makes any difference/helps)

Chris Thompson,
East of England Binoculars.
www.eebc.co.uk

Anthony Edwards

2003-10-18 22:45:27 UTC

Permalink

On Sat, 18 Oct 2003 23:01:27 +0100, Chris Thompson

Post by Chris Thompson
I got a bounce back tonight (18:08) from an email I sent last Sunday - the
email actually had the wrong email address on but it still bounced with the
above mentioned error. It was sent to one recipient, but the body had lots
of other peoples email addresses in it (if that makes any difference)

It shouldn't. I don't want to discuss in public what the filter does
(or is supposed to do) or what it is looking for, for what I hope should
be obvious reasons. However, it is trying to catch a fairly specific
condition, and it is somewhat puzzling how it is apparently catching
mail that does not exhibit that condition.

Post by Chris Thompson
I tried to email you the error report message, but that bounced too with the
same error!

It appears (and I have now spoken to another customer about this issue
who is experiencing the same thing) that if a condition exists which
makes the filter erroneously bounce mail from a given host, then it will
bounce all mail from that host, regardless of destination.

The person who wrote the filter is highly experienced in these matters
and I have sent an email to bring it to his attention, so hopefully this
will be fixed within the next few hours.

--
Anthony Edwards * ***@uk.easynet.net
Abuse Team Manager * Tel: 0800 053 0588
Easynet Ltd * DDI: 0161 227 0707
http://www.uk.easynet.net * Fax: 0845 333 4503

Chris Thompson

2003-10-19 00:55:46 UTC

Permalink

Post by Anthony Edwards
The person who wrote the filter is highly experienced in these matters
and I have sent an email to bring it to his attention, so hopefully this
will be fixed within the next few hours.

It seems to be working OK now.

Thanks for a quick response and resolution to this problem.

Chris Thompson
East of England Binoculars
www.eebc.co.uk

Anthony Edwards

2003-10-19 01:00:09 UTC

Permalink

On Sat, 18 Oct 2003 22:45:27 -0000, Anthony Edwards

I understand that this has now been remedied. It would be
extremely helpful if those whose mail has been erroneously blocked
by the filter in question could attempt to send some email (to
***@uk.easynet.net if you like), and post the results
here as to whether the mail was again bounced, or otherwise.

--
Anthony Edwards
easynet Ltd - Manchester
http://www.uk.easynet.net
***@uk.easynet.net