Alternate NDR server setup |
Post Reply |
Author | |
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
Posted: 16 May 2007 at 10:06pm |
Howdy all,
I'm having a little trouble setting up SpamFilter to forward it's NDR to an alternate smtp server on v3.1.3.615. The underlying issue seems to be that SpamFilter doesn't accept what I specify for NotificationSMTPServerPort within SpamFilter.ini. It does accept changes that I make to NotificationSMTPServer, but it continues to send NDRs to that server on the port specified in DestinationPort. Any help is greatly appreciated! Here's my setup... ListenIP=10.10.10.4 ListenPort=25 ; DestinationServer is where you want all mail received by SpamFilter to be forwarded to DestinationServer=10.10.10.4 DestinationPort=26 ;An alternate server for sending NDR (non-delivery) notification emails can be used. Leave the "NotificationSMTPServer" value blank to use the default destination SMTP server NotificationSMTPServer=10.10.10.4 NotificationSMTPServerPort=27 ;if EnableBadMailDir is set to 1, this will cause all emails that generate a "server error" when forwarded to your destination SMTP server will be saved in a "BadMailDir" for troubleshooting EnableBadMailDir=1 As you can see, SpamFilter is accepting on 25, and forward good mail to a separate content filter on port 26. Occasionally the content filter on 26 will reject a message, in which case I would like to have SpamFilter forward the generated NDR to port 27, which bypasses the external content filter. However, this is not working as planned, as even the NDRs are getting sent to port 26 and are often rejected, ending up in my SpamFilter badmail folder. Here's a snippet of my log file with the above configuration: 05/16/07 21:39:49:532 -- (5252) Connection from: 209.85.146.178 - Originating country : United States ... 05/16/07 21:39:52:314 -- (5252) EMail from some-guy-out-there@gmail.com to some-guy-in-here@domain.com was queued. Size: 1 KB, 1024 bytes 05/16/07 21:39:52:329 -- (1708) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com -- 05/16/07 21:39:52:767 -- (1708) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@domain.com -- was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/16/07 21:39:53:017 -- (1708) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com -- was forwarded to 10.10.10.4 05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/16/07 21:40:22:486 -- (5252) Disconnect Thanks for your help, as always! -Stephen |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Update: It looks like, yet again, I'm incorrect (at least partially).
SpamFilter is at least trying to connect on NotificationSMTPServerPort, but for some reason is not successful. The part that is confusing me is that I can send a test email through telnet on NotificationSMTPServerPort, and it goes through without a hitch. However, when SpamFilter tries, it is not successful. I'm still trying to find out why I can send emails to my 2ndary content filter on port 27, but SpamFilter cannot. Hmmph, I'll let you guys know if I find out what I'm doing wrong. -Stephen |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
At the risk of over-posting, here's a little more info, including a diagram of my setup.
I'm just gonna state the facts of what I've found so far.
-Stephen Edited by sgeorge |
|
Desperado
Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
|
Stephen, What version of SpamFilter are you using? |
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Howdy Dan. I'm running v3.1.3.615... I haven't made the jump to SFE just yet.
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
stephen,
We cannot get to reproduce the problem. The 2nd error in your log: 5/16/07 21:39:53:017 -- (1708) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com -- was forwarded to 10.10.10.4 05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- indicates that the second time as well your Exchange server rejected the email. The connection on port 27 is indeed made, as what you see is SpamFilter reporting the error it received from Exchange when forwarding the email to port 27. It's an actual error that was delivered via SMTP... Are you 100% sure that your Exchange server is not rejecting these emails for some reason...? Everything seems to indicate that there's some rules on Exchange that is causing the email to be rejected (twice). |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Yeah, I know it looks pretty funky. I'm using Exchange IMF's "Custom Weight List" feature to test the presence/absence of filtering. I have a watch-word ("imfspamme"), and IMF will block any message that contains that keyword.
When I send telnet emails with that watch-word to port 26, Exchange blocks the message. When I send the same messages through telnet on port 27, the message arrives in my inbox. Also, I temporarily reconfigured SpamFilter's destination server port to 27, and that also had success in delivering messages with the watch-word to my inbox. Just fyi, that "Message refused due to content restrictions." is one that I customized just for Exchange's IMF rejection errors. i.e., that error does cannot occur for any other Exchange errors such as "mailbox full", "relaying denied", "bad address", etc. Even if I set NotificationSMTPServerPort to a port that is not being listened to by Exchange (e.g., 28), that error still appears twice. Here's an example: Settings in SpamFilter.ini: ListenIP=10.10.10.4 ListenPort=25 DestinationServer=10.10.10.4 DestinationPort=26 NotificationSMTPServer=10.10.10.4 NotificationSMTPServerPort=28 05/17/07 11:09:59:928 -- (1532) Connection from: 64.233.184.235 - Originating country : United States ... 05/17/07 11:10:02:209 -- (1532) EMail from some-guy-out-there@gmail.com to some-guy-in-here@domain.com was queued. Size: 1 KB, 1024 bytes 05/17/07 11:10:02:225 -- (1756) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com -- 05/17/07 11:10:02:803 -- (1756) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@domain.com -- was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/17/07 11:10:03:819 -- (1756) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com -- was forwarded to 10.10.10.4 05/17/07 11:10:03:819 -- (1756) Exception occurred during TSendMailThread.SendErrMsg: Socket Error # 10061 -- Connection refused. 05/17/07 11:10:03:819 -- (1756) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/17/07 11:10:32:335 -- (1532) Disconnect Is SpamFilter echoing the original response from the destionation server after the attempt to connect to the notification/ndr server? Thanks for your help Roberto! Stephen Edited by sgeorge |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Stephen,
Here SpamFilter is forwarding the
original message to your server on port 26:
The above NDR has been sent. If there was a delivery
error on this attempt it would have been logged right after this. In your other
sample, you do see a socket error being logged, and that indicates a delivery
error during the NDR delivery: The following log entry is in reality for the
original delivery to your SMTP server on port 26. It get logged at the end,
confusing you (and I!!) While
forwarding the email, your server rejected it with "5.7.1 Message refused
due to content restrictions". SpamFilter logs this and says that an NDR is
being generated (indicated by the "was returned to sender"): |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Thank you Roberto! Making sense of the logs helped me to focus on what I was REALLY doing wrong...
I had not made an exception in Exchange to allow SpamFilter to "relay" NDRs out to the world. Exchange would disregard all of SpamFilter's outbound NDRs. I simply had to make an exception to add the server's own i.p. address as an allowed relayer, and things are working like a charm. I'm sorry to waste your time with such an obvious goof.... what complicated the situation was that Exchange was not logging that it was blocking the outgoing NDRs because of relaying restrictions, which led me to think that SpamFilter was not connecting to Exchange at all. Thanks for your help. Having NDRs properly go out means I can spend less time worrying about "badmail", getting me one step closer to email nirvana. Thanks! Stephen |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Goodness... would you mind if I asked you yet another question?
For some reason, even now that SpamFilter's NDRs are sent to Exchange and successfully sent out, SpamFilter is still saving a copy of the original message in the badmail folder. But sure enough, I am successfully getting the NDR sent to my external mail account for sending a message that Exchange's IMF blocked - so I know that it's working ok. Does SpamFilter still think that the NDR was not successfully forwarded? Or is it normal to save the badmail regardless of whether the NDR was forwarded? Just in case anything funny is going on, I'll include some SpamFilter and Exchange logs of a blocked message that successfully sent out an NDR, but saved the original message in SpamFilter's badmail. SpamFilter: 05/18/07 11:46:24:391 -- (3148) Connection from: 64.233.162.230 - Originating country : United States ... 05/18/07 11:46:26:407 -- (3148) EMail from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com was queued. Size: 1 KB, 1024 bytes 05/18/07 11:46:26:423 -- (1312) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com -- 05/18/07 11:46:26:673 -- (1312) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@mydomain.com -- was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/18/07 11:46:26:970 -- (1312) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com -- was forwarded to 10.10.10.4 05/18/07 11:46:26:970 -- (1312) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. -- 05/18/07 11:46:56:517 -- (3148) Disconnect Exchange (the time zone here is GMT, don't ask me why :] ) -- SpamFilter is attempting to send the message on port 26, which IMF will block -- 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 EHLO - +hobbes 250 0 306 11 0 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 MAIL - +FROM:<some-guy-out-there@gmail.com> 250 0 43 30 0 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 RCPT - +TO:<some-guy-in-here@mydomain.com> 250 0 33 30 0 SMTP - - - - -- For some reason the DATA portion is not logged here, but Exchange returns "550 5.7.1 Message refused due to content restrictions." -- 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 QUIT - hobbes 240 250 102 2007 125 SMTP - - - - -- SpamFilter is attempting to send the NDR on port 27, which Exchange will accept and forward -- 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 EHLO - +hobbes 250 0 306 11 0 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 MAIL - +FROM:<> 250 0 27 12 0 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 RCPT - +TO:<some-guy-out-there@gmail.com> 250 0 31 28 0 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 DATA - <HOBBESJfG8REzzIfLiz00000024@hobbes.mss.local> 250 0 129 2538 141 SMTP - - - - 2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 QUIT - hobbes 240 281 65 4 15 SMTP - - - - -- Exchange is forwarding the NDR -- 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 220+mx.google.com+ESMTP+z52si6745795pyg 0 0 39 0 93 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 EHLO - hobbes.mss.local 0 0 4 0 93 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250-mx.google.com+at+your+service,+[123.123.123.123] 0 0 48 0 140 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 MAIL - FROM:<>+SIZE=2828 0 0 4 0 140 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.1.0+OK 0 0 12 0 187 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 RCPT - TO:<some-guy-out-there@gmail.com> 0 0 4 0 187 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.1.5+OK 0 0 12 0 406 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 DATA - - 0 0 4 0 406 SMTP - - - - 2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 354+Go+ahead 0 0 12 0 437 SMTP - - - - 2007-05-18 15:46:27 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.0.0+OK+1179503166+z52si6745795pyg 0 0 39 0 625 SMTP - - - - 2007-05-18 15:46:27 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 QUIT - - 0 0 4 0 625 SMTP - - - - 2007-05-18 15:46:27 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 221+2.0.0+mx.google.com+closing+connection+z52si6745795pyg 0 0 58 0 734 SMTP - - - - Thank you Roberto! I'm sorry to bug you again, but this really is not urgent, seeing as how my NDRs are going out just fine. Have a good weekend! Stephen |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Actually this one is pretty easy .
From the settings you posted earlier, I see you enabled at some point the following option in the SpamFilter.ini file: ;if EnableBadMailDir is set to 1, this will cause all emails that generate a "server error" when forwarded to your destination SMTP server will be saved in a "BadMailDir" for troubleshooting EnableBadMailDir=1 Just changing that to 0 should prevent the emails to be saved in the badmail folder. There "should" be no need to restart SpamFilter. |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Thanks Roberto. Is there anyway to save the badmail when an NDR cannot be forwarded, but not save badmail when the NDR is successfully forwarded?
Stephen |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Ok, now that's a bit too much even for SpamFilter
This one can't be done... |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Gotcha, thanks!
I appreciate your help, again! Have a great weekend! Stephen |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.400 seconds.