Feature: mark person as 'inactive' upon retrieving an e-mail that the mailbox no longer exists

[jbostoen]

Currently not part of the default Mail to Ticket Automation. However, already available for a small fee - get in touch: https://jeffreybostoen.be/

---

Based on e-mail content (configurable), a person could be marked as inactive in iTop when a bounce mail is received.

It's not intended (but could be configured) to work with out-of-office messages that someone no longer works in the organization.

It would focus on common typical e-mail error notifications that a mailbox or e-mail address no longer exists.

[jbostoen]

Some examples:

This is the mail system at host mailout3.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

<someuser@somedomain.org> failed: host aspmx.l.google.com
 (2a00:1450:400c:c01::1b) said: 550 5.2.1 The email account that you tried to  reach is disabled. Learn more at  https://support.google.com/mail/?p=DisabledUser
 n4-20020a7bc5c4000000b003efd8c5fc10si8100417wmk.101 - gsmtp (in reply to RCPT
 command)

This is the mail system at host mailout3.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

<[someuser@somedomain.org](mailto:someuser@somedomain.org)> failed: host somehost.somedomain.org
 (91.137.11.73) said: 550 Requested action not taken: mailbox unavailable (in  reply to RCPT command)

Main challenges:

1) Is this some sort of mail delivery failure?

Note: we also need to make sure it's a NDR (non-delivery report). In the past, I've seen reports about failure but still mentioning a retry before ultimately failing.

• Email headers may help
  • Subject: some pattern matching (could be configurable, with some defaults such as mail delivery failure, undeliverable, ...)
  • These headers would help to find the original message: Subject, In-Reply-To, References. But when having the original e-mail message: there may be other recipients in there as well.
  • From: often from "postmaster" or something similar.
  • Auto-Submitted: auto-replied: doesn't tell us more, except the message was an auto-reply (see #11 - Also means the step for detecting auto-replies must be processed after this policy). Mind that there are several other forms of auto-reply as well, such as out-of-office.
  • X-Failed-Recipients: only available sometimes.

Might also be worth checking what triggered this icon in Outlook (desktop):

As it is not typical for each auto-reply:

It actually seems based on Content-Type: multipart/report; report-type=delivery-status; https://stackoverflow.com/questions/3102740/how-to-safely-identify-a-dsn-delivery-status-notification-message

Status codes are also important, otherwise we might mark a user whose mailbox is just (temporarily) full as inactive: https://learn.microsoft.com/en-us/exchange/dsns-and-ndrs-in-exchange-2013-exchange-2013-help

Note: the structured format does seem to occur when using https://www.aconvert.com/document/msg-to-eml/ to convert the sample .msg files to .eml.

Structures look like this:

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following recipient(s) could not be reached:=0A=
    some=user@somedomain=2Ecom On Sunday, April 23, 2023 7:37 AM=
=0A=
    Diagnostic code =3D NoDiagnostic; Reason code =3D TransferFailed; Status c=
ode =3D 500=0A=

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following recipient(s) could not be reached:=0A=
    someuser@somedomain=2Ecom On Sunday, April 23, 2023 7:37 AM=0A=
    Diagnostic code =3D MailRefused; Reason code =3D TransferFailed; Status co=
de =3D 521=0A=

https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml 4 indicates a temporary delivery error. 5 indicates a permanent delivery error. Note that "mailbox full" would be 5.5.2

When examining an example of a delayed delivery, even with aconvert.com , nothing was visible.

2) How to get the e-mail addresses of not existing mailboxes?

It would be too complicated to find the original message (although I believe it's sometimes attached).

The message (body) itself usually contains the e-mail address. This may be the best/easiest approach: get all e-mail addresses, check if a person in iTop exists with this e-mail address and mark them as inactive.

Apparently, in some cases the X-Failed-Recipients header should be present (not observed yet).

[jbostoen]

Could be easier than above, depending on how everything gets decoded.

Content-Type: message/delivery-status

Reporting-MTA: dns; mailout3

Final-recipient: RFC822; user@domain.org
Action: failed
Status: 5.0.0
Remote-MTA: dns; hostname.domain.org (1.2.3.4)
X-Supplementary-Info: <hostname.domain.org (1.2.3.4) #5.0.0 smtp;
 550 Requested action not taken: mailbox unavailable (in reply to RCPT
 command)>

Content-Type: message/delivery-status

Reporting-MTA: dns; hostname.eurprd02.prod.outlook.com

Final-recipient: RFC822; user@domain.org
Action: failed
Status: 5.1.0
Remote-MTA: dns; hostname.domain.org
X-Supplementary-Info: <hostname.domain.org #5.1.351 smtp;550
 5.1.351 Remote server returned unknown recipient or mailbox unavailable ->
 550 unknown user>

[jbostoen]

Investigate: if there are alternative contact methods, should one of those be set instead? But what logic would be used to determine this?

It makes little sense. At this point, the most common scenario will be not to rely on contact methods anyway.