search

Jaymon / stockton

Quickly setup an email server to forward a personal domain to any email address
Other
4 stars 0 forks source link

Google sends same code with different messages #36

Open Jaymon opened 8 years ago

Jaymon commented 8 years ago

Certain emails are getting this response, annoyingly, Spam assassin isn't identifying them as spam, so postfix will just keep sending them until the count is hit and then they will be discarded, but in the meantime I'll ping google a bunch of times:

$ mailq -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- QUEUE_ID 10333 Sat Sep 10 23:09:14 SRS0=blah=blah@example.com (host alt1.gmail-smtp-in.l.google.com[64.233.190.26] said: 421-4.7.0 [MY_IP 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending domain. To 421-4.7.0 best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. blahblahblah.blah - gsmtp (in reply to end of DATA command)) alias@gmail.com

I can look at the contents of the email by looking at the spool:

$ cat /var/spool/postfix/deferred/Q/QUEUE_ID

You can see all the deferred emails in the spool:

$ find /var/spool/postfix/deferred/

What I would like to do is drop these emails if Google says the message has been blocked, unfortunately, I can't see a difference in this response over:

Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked.

Which I want to keep sending until the ban is lifted.

I'm not sure the best approach to take to do this, I know I could write a daemon that just checkes the mailq and looks for matches and if they match then run 

$ postsuper -d QUEUE_ID

But I would rather it be more integrated into postfix, time to do more research.

Jaymon commented 8 years ago

If you need to delete a whole bunch of emails matching, this might help

Jaymon commented 7 years ago

Sigh, once again:

15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending domain. To 421-4.7.0 best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information.

My first thought, was once again, just write a log parser that pulls out the mailqueue id and deletes it if it sees this message, but there has got to be a better way.

Jaymon commented 7 years ago

I think I'm going to need to just try some stuff, the problem here is I'm not sure how to test, I'm thinking about bringing up another mailserver for one of my domains, then have my main mailserver forward emails to my new mailserver which will then forward it to my main email account, that way I can hopefully get some testing exposure to some of these gmail errors.

Doing some preliminary research, I'm not exactly sure how to grab the message on bounce and get the response from the server (though it definitely exists since running mailq returns the bounce message)

ubuntu@mail:~$ mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
N999999999     9999 Thu Dec 22 23:39:44  foo@example.com
(host alt1.gmail-smtp-in.l.google.com[XX.XXX.XX.XXX] said: 421-4.7.0 [XXX.XXX.XX.XXX      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.0 review our Bulk Email Senders Guidelines. r83si8856625qki.320 - gsmtp (in reply to end of DATA command))

So I would like a filter to get these bounced emails, decide if they should just be deleted or something and then take appropriate action, instead of just letting them sit in the queue.

Things I looked at that might be relevant

my first round of searching

second round of searching

Google searches

Jaymon commented 7 years ago

This is just a cache of the contents of this post (this post is also discussed in the above comment) so I have all my thoughts in one place.

Handle all bounce emails for domain: domain.com , run shell/perl/php/etc. script with sensitive info.

1. Create transport map in main.cf , and postmap the map

    # tail -1 /usr/local/etc/postfix/main.cf

transport_maps = hash:/usr/local/etc/postfix/transport.maps

    # cat /usr/local/etc/postfix/transport.maps

xssoftgames.com bounces:

    # postmap /usr/local/etc/postfix/transport.maps

2. Create user for executing the script (can not be root, can not be postfix master user! ) – no shell, nologin

    # useradd bounce

3. Create pipe service in master.cf (pipe service name: bounces , as it’s bounces: in the transport map). Simple usage.

     # tail -2 /usr/local/etc/postfix/master.cf

bounces unix – n n – – pipe
flags=FRq user=bounce argv=/usr/local/etc/postfix/bounces.sh ${sender} ${recipient}

4. create /usr/local/etc/postfix/bounces.sh script

     # cat /usr/local/etc/postfix/bounces.sh

#!/bin/sh
echo “$1 $2” > /tmp/kur

5. reload Postfix

What values can you send to argv=? Look here: http://www.postfix.org/pipe.8.html

Worse comes to worse, I guess the script can call mailq to get information, you would just need to pass it ${queue_id}.

Jaymon commented 7 years ago

Another option is to create a daemon and use the Milter interface.

Configuring postfix to use a milter is very easy. 

1. configure your milter to listen on some local port.  eg 
127.0.0.1:2550 

2. tell postfix to use that same port 
# main.cf 
smtpd_milters = inet:127.0.0.1:2550 

That's all that is usually required. 

All other configuration is done in the milter.

via