Print Page | Close Window

Alternate NDR server setup

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6074
Printed Date: 18 October 2017 at 12:47pm


Topic: Alternate NDR server setup
Posted By: sgeorge
Subject: Alternate NDR server setup
Date Posted: 16 May 2007 at 10:06pm
Howdy all,

I'm having a little trouble setting up SpamFilter to forward it's NDR to an alternate smtp server on v3.1.3.615.  The underlying issue seems to be that SpamFilter doesn't accept what I specify for NotificationSMTPServerPort within SpamFilter.ini.  It does accept changes that I make to NotificationSMTPServer, but it continues to send NDRs to that server on the port specified in DestinationPort.

Any help is greatly appreciated!  Here's my setup...

ListenIP=10.10.10.4
ListenPort=25

; DestinationServer is where you want all mail received by SpamFilter to be forwarded to
DestinationServer=10.10.10.4
DestinationPort=26

;An alternate server for sending NDR (non-delivery) notification emails can be used. Leave the "NotificationSMTPServer" value blank to use the default destination SMTP server
NotificationSMTPServer=10.10.10.4
NotificationSMTPServerPort=27

;if EnableBadMailDir is set to 1, this will cause all emails that generate a "server error" when forwarded to your destination SMTP server will be saved in a "BadMailDir" for troubleshooting
EnableBadMailDir=1


As you can see, SpamFilter is accepting on 25, and forward good mail to a separate content filter on port 26.  Occasionally the content filter on 26 will reject a message, in which case I would like to have SpamFilter forward the generated NDR to port 27, which bypasses the external content filter.

However, this is not working as planned, as even the NDRs are getting sent to port 26 and are often rejected, ending up in my SpamFilter badmail folder.  Here's a snippet of my log file with the above configuration:

05/16/07 21:39:49:532 -- (5252) Connection from: 209.85.146.178  -  Originating country : United States
...
05/16/07 21:39:52:314 -- (5252) EMail from some-guy-out-there@gmail.com to some-guy-in-here@domain.com was queued. Size: 1 KB, 1024 bytes
05/16/07 21:39:52:329 -- (1708) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --
05/16/07 21:39:52:767 -- (1708) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@domain.com --  was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/16/07 21:39:53:017 -- (1708) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --  was forwarded to 10.10.10.4
05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/16/07 21:40:22:486 -- (5252) Disconnect


Thanks for your help, as always!

-Stephen




Replies:
Posted By: sgeorge
Date Posted: 17 May 2007 at 12:14pm
Update:  It looks like, yet again, I'm incorrect (at least partially).

SpamFilter is at least trying to connect on NotificationSMTPServerPort, but for some reason is not successful.

The part that is confusing me is that I can send a test email through telnet on NotificationSMTPServerPort, and it goes through without a hitch.  However, when SpamFilter tries, it is not successful.

I'm still trying to find out why I can send emails to my 2ndary content filter on port 27, but SpamFilter cannot.  Hmmph, I'll let you guys know if I find out what I'm doing wrong.

-Stephen


Posted By: sgeorge
Date Posted: 17 May 2007 at 2:40pm
At the risk of over-posting, here's a little more info, including a diagram of my setup.



 I'm just gonna state the facts of what I've found so far.
  • I know SpamFilter is at least attempting to connect to the port I specify in NotificationSMTPServerPort, because if I set it to a bogus port, SpamFilter's log shows this connection error (which it should):
    Exception occurred during TSendMailThread.SendErrMsg: Socket Error # 10061 -- Connection refused.
  • When I test email via telnet on port 26 or port 27 on my mail server, I am able to connect and send mail.  Port 26 is filtering, while port 27 has no filter.  When I check my Exchange SMTP logs, I see it recording connections initiated on port 26 and port 27.
  • When SpamFilter is blocked from sending mail to 26, and then fails send the NDR on port 27, I expect to see two separate smtp transactions, but I'm only seeing one.
  • I'm able to confirm that SpamFilter is not blocked from hitting port 27... If I set DestinationPort to port 27, all of my good email does get forwarded to 27.
Wish me luck, I'm still confoodled.

-Stephen



Posted By: Desperado
Date Posted: 17 May 2007 at 2:58pm

Stephen,

What version of SpamFilter are you using?



-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com



Posted By: sgeorge
Date Posted: 17 May 2007 at 3:03pm
Howdy Dan.  I'm running v3.1.3.615... I haven't made the jump to SFE just yet.


Posted By: LogSat
Date Posted: 17 May 2007 at 4:06pm
stephen,

We cannot get to reproduce the problem. The 2nd error in your log:

5/16/07 21:39:53:017 -- (1708) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --  was forwarded to 10.10.10.4
05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --

indicates that the second time as well your Exchange server rejected the email. The connection on port 27 is indeed made, as what you see is SpamFilter reporting the error it received from Exchange when forwarding the email to port 27. It's an actual error that was delivered via SMTP... Are you 100% sure that your Exchange server is not rejecting these emails for some reason...? Everything seems to indicate that there's some rules on Exchange that is causing the email to be rejected (twice).


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: sgeorge
Date Posted: 17 May 2007 at 4:41pm
Yeah, I know it looks pretty funky.  I'm using Exchange IMF's "Custom Weight List" feature to test the presence/absence of filtering.  I have a watch-word ("imfspamme"), and IMF will block any message that contains that keyword.

When I send telnet emails with that watch-word to port 26, Exchange blocks the message.  When I send the same messages through telnet on port 27, the message arrives in my inbox.  Also, I temporarily reconfigured SpamFilter's destination server port to 27, and that also had success in delivering messages with the watch-word to my inbox.

Just fyi, that "Message refused due to content restrictions." is one that I customized just for Exchange's IMF rejection errors. i.e., that error does cannot occur for any other Exchange errors such as "mailbox full", "relaying denied", "bad address", etc.

Even if I set NotificationSMTPServerPort to a port that is not being listened to by Exchange (e.g., 28), that error still appears twice.  Here's an example:

Settings in SpamFilter.ini:

ListenIP=10.10.10.4
ListenPort=25
DestinationServer=10.10.10.4
DestinationPort=26
NotificationSMTPServer=10.10.10.4
NotificationSMTPServerPort=28


05/17/07 11:09:59:928 -- (1532) Connection from: 64.233.184.235  -  Originating country : United States
...
05/17/07 11:10:02:209 -- (1532) EMail from some-guy-out-there@gmail.com to some-guy-in-here@domain.com was queued. Size: 1 KB, 1024 bytes
05/17/07 11:10:02:225 -- (1756) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --
05/17/07 11:10:02:803 -- (1756) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@domain.com --  was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/17/07 11:10:03:819 -- (1756) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --  was forwarded to 10.10.10.4
05/17/07 11:10:03:819 -- (1756) Exception occurred during TSendMailThread.SendErrMsg: Socket Error # 10061 -- Connection refused.
05/17/07 11:10:03:819 -- (1756) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/17/07 11:10:32:335 -- (1532) Disconnect




Is SpamFilter echoing the original response from the destionation server after the attempt to connect to the notification/ndr server?

Thanks for your help Roberto!

Stephen


Posted By: LogSat
Date Posted: 17 May 2007 at 6:52pm

Stephen,

 Iím very sorry. What I said above is not correct, the logs are misleading, and got me as well. The confusing piece is the entry highlighted in red below. That entry should be written to the log sooner, and Iíve duplicated in light red to show where it should have been inserted to make the log more readable.

 
The email is received from the internet and queued
05/16/07 21:39:52:314 -- (5252) EMail from some-guy-out-there@gmail.com to some-guy-in-here@domain.com was queued. Size: 1 KB, 1024 bytes

Here SpamFilter is forwarding the original message to your server on port 26:
05/16/07 21:39:52:329 -- (1708) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --

 While forwarding the email, your server rejected it with "5.7.1 Message refused due to content restrictions". SpamFilter logs this and says that an NDR is being generated (indicated by the "was returned to sender"):
05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --

 
Here SpamFilter generated an NDR and is forwarding it to your server on port 27. The highlighted sentence is again reporting the above error that was encountered:

05/16/07 21:39:52:767 -- (1708) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@domain.com --  was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --

The above NDR has been sent. If there was a delivery error on this attempt it would have been logged right after this. In your other sample, you do see a socket error being logged, and that indicates a delivery error during the NDR delivery:
05/16/07 21:39:53:017 -- (1708) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@domain.com --  was forwarded to 10.10.10.4

The following log entry is in reality for the original delivery to your SMTP server on port 26. It get logged at the end, confusing you (and I!!)

While forwarding the email, your server rejected it with "5.7.1 Message refused due to content restrictions". SpamFilter logs this and says that an NDR is being generated (indicated by the "was returned to sender"):
05/16/07 21:39:53:033 -- (1708) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --

 



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: sgeorge
Date Posted: 18 May 2007 at 11:09am
Thank you Roberto!  Making sense of the logs helped me to focus on what I was REALLY doing wrong...

I had not made an exception in Exchange to allow SpamFilter to "relay" NDRs out to the world.  Exchange would disregard all of SpamFilter's outbound NDRs.  I simply had to make an exception to add the server's own i.p. address as an allowed relayer, and things are working like a charm.

I'm sorry to waste your time with such an obvious goof....  what complicated the situation was that Exchange was not logging that it was blocking the outgoing NDRs because of relaying restrictions, which led me to think that SpamFilter was not connecting to Exchange at all.

Thanks for your help.   Having NDRs properly go out means I can spend less time worrying about "badmail", getting me one step closer to email nirvana.

Thanks!

Stephen


Posted By: sgeorge
Date Posted: 18 May 2007 at 12:23pm
Goodness... would you mind if I asked you yet another question?

For some reason, even now that SpamFilter's NDRs are sent to Exchange and successfully sent out, SpamFilter is still saving a copy of the original message in the badmail folder.  But sure enough, I am successfully getting the NDR sent to my external mail account for sending a message that Exchange's IMF blocked - so I know that it's working ok.

Does SpamFilter still think that the NDR was not successfully forwarded?  Or is it normal to save the badmail regardless of whether the NDR was forwarded?

Just in case anything funny is going on, I'll include some SpamFilter and Exchange logs of a blocked message that successfully sent out an NDR, but saved the original message in SpamFilter's badmail.

SpamFilter:
05/18/07 11:46:24:391 -- (3148) Connection from: 64.233.162.230  -  Originating country : United States
...
05/18/07 11:46:26:407 -- (3148) EMail from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com was queued. Size: 1 KB, 1024 bytes
05/18/07 11:46:26:423 -- (1312) Sending email from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com --
05/18/07 11:46:26:673 -- (1312) EMail from: some-guy-out-there@gmail.com to: some-guy-in-here@mydomain.com --  was returned to sender - server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/18/07 11:46:26:970 -- (1312) Error-email from some-guy-out-there@gmail.com to some-guy-in-here@mydomain.com --  was forwarded to 10.10.10.4
05/18/07 11:46:26:970 -- (1312) server error - 10.10.10.4 said: 5.7.1 Message refused due to content restrictions. --
05/18/07 11:46:56:517 -- (3148) Disconnect

Exchange (the time zone here is GMT, don't ask me why :] )
-- SpamFilter is attempting to send the message on port 26, which IMF will block --
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 EHLO - +hobbes 250 0 306 11 0 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 MAIL - +FROM:<some-guy-out-there@gmail.com> 250 0 43 30 0 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 RCPT - +TO:<some-guy-in-here@mydomain.com> 250 0 33 30 0 SMTP - - - -
-- For some reason the DATA portion is not logged here, but Exchange returns "550 5.7.1 Message refused due to content restrictions." --
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 QUIT - hobbes 240 250 102 2007 125 SMTP - - - -
-- SpamFilter is attempting to send the NDR on port 27, which Exchange will accept and forward --
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 EHLO - +hobbes 250 0 306 11 0 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 MAIL - +FROM:<> 250 0 27 12 0 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 RCPT - +TO:<some-guy-out-there@gmail.com> 250 0 31 28 0 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 DATA - <HOBBESJfG8REzzIfLiz00000024@hobbes.mss.local> 250 0 129 2538 141 SMTP - - - -
2007-05-18 15:46:26 10.10.10.4 hobbes SMTPSVC1 HOBBES 10.10.10.4 0 QUIT - hobbes 240 281 65 4 15 SMTP - - - -
-- Exchange is forwarding the NDR --
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 220+mx.google.com+ESMTP+z52si6745795pyg 0 0 39 0 93 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 EHLO - hobbes.mss.local 0 0 4 0 93 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250-mx.google.com+at+your+service,+[123.123.123.123] 0 0 48 0 140 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 MAIL - FROM:<>+SIZE=2828 0 0 4 0 140 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.1.0+OK 0 0 12 0 187 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 RCPT - TO:<some-guy-out-there@gmail.com> 0 0 4 0 187 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.1.5+OK 0 0 12 0 406 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 DATA - - 0 0 4 0 406 SMTP - - - -
2007-05-18 15:46:26 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 354+Go+ahead 0 0 12 0 437 SMTP - - - -
2007-05-18 15:46:27 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 250+2.0.0+OK+1179503166+z52si6745795pyg 0 0 39 0 625 SMTP - - - -
2007-05-18 15:46:27 64.233.167.114 OutboundConnectionCommand SMTPSVC1 HOBBES - 25 QUIT - - 0 0 4 0 625 SMTP - - - -
2007-05-18 15:46:27 64.233.167.114 OutboundConnectionResponse SMTPSVC1 HOBBES - 25 - - 221+2.0.0+mx.google.com+closing+connection+z52si6745795pyg 0 0 58 0 734 SMTP - - - -


Thank you Roberto!  I'm sorry to bug you again, but this really is not urgent, seeing as how my NDRs are going out just fine.

Have a good weekend!

Stephen


Posted By: LogSat
Date Posted: 18 May 2007 at 4:32pm
Actually this one is pretty easy .

From the settings you posted earlier, I see you enabled at some point the following option in the SpamFilter.ini file:

;if EnableBadMailDir is set to 1, this will cause all emails that generate a "server error" when forwarded to your destination SMTP server will be saved in a "BadMailDir" for troubleshooting
EnableBadMailDir=1


Just changing that to 0 should prevent the emails to be saved in the badmail folder. There "should" be no need to restart SpamFilter.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: sgeorge
Date Posted: 18 May 2007 at 5:14pm
Thanks Roberto.  Is there anyway to save the badmail when an NDR cannot be forwarded, but not save badmail when the NDR is successfully forwarded?

Stephen


Posted By: LogSat
Date Posted: 18 May 2007 at 5:43pm
Ok, now that's a bit too much even for SpamFilter 
This one can't be done...


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: sgeorge
Date Posted: 18 May 2007 at 6:07pm
Gotcha, thanks!

I appreciate your help, again!  Have a great weekend!

Stephen



Print Page | Close Window