Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Bounce messages
  •  
jhawley

Messages: 4
Karma: 0
Send a private message to this user
Is there a way to turn off bounce messages from Kerio to domains that it is not responsible for?


[22/Mar/2006 12:09:39] DSN: From: <>, To: <octfgdalwko<_at_>byanet.se>, Size: 1806, Report: failed
[22/Mar/2006 12:09:39] DSN: From: <>, To: <gldneoti<_at_>developingartistinstitute.com>, Size: 1862, Report: failed
[22/Mar/2006 12:09:39] DSN: From: <>, To: <xrksicsk<_at_>dmsa.org>, Size: 1845, Report: failed
[22/Mar/2006 12:09:39] DSN: From: <>, To: <jjomckzql<_at_>kitadai.com>, Size: 1843, Report: failed

[Updated on: Wed, 22 March 2006 21:10]

  •  
Blotto

Messages: 27
Karma: 0
Send a private message to this user
this might be an old post, but its still relevant.

Is this possible?

bounce messages to spammers clog up the mail queue to no end.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
KMS does not send bounce messages by default. Check

Content Filter > Spam Filter

Make sure "Send bounce message to sender" is UN-ticked.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Blotto

Messages: 27
Karma: 0
Send a private message to this user
its not so much messages marked as spam, more messages that are to non existant addresses.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
But then please explain what happens exactly:

- Your KMS gets a spam message (sender address spoofed, of course)

- KMS bounces your message (why? Recipient not found?)

- The resulting DSN cannot be delivered

Is that the correct assumption? Why does KMS not accept the messages (Recipient not found? Recipient domain not found?)

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Blotto

Messages: 27
Karma: 0
Send a private message to this user
Assumption Correct.

Spoofed Headers in recieved email,

DSN message cannont be delivered because domain not found/addressed greylisted etc etc.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
OK, I understand why the DSN message can't be delivered and stays in your queue.

But I don't understand, why KMS hasn't accepted the original Spam message (and created the DSN). Because it recognized it as Spam? Because the recipient doesn't exist on your side?

Basically it would be good if you could post the content of such a DSN message.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Blotto

Messages: 27
Karma: 0
Send a private message to this user
DSN as follows;

This is an informative message sent by xxxxx.com.au.

The server was not able to deliver your email message

Subject: FW: New diploma for you
Date: Thu, 7 Aug 2008 00:04:13 -0800



to the following addresses:

<xxx<_a.t_>xxxxxx.com.au> (192.168.xx.x: 550 5.1.1 <xxx<_a.t_>xxxxxx.com.au>: Recipient address rejected: User unknown in local recipient table)
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
OK, now I understand. You get Spam to a user name that doesn't exist on your KMS system.

Do you have an SMTP relay server between the KMS and the Internet? I.e. in the Admin console under SMTP server, SMTP delivery, do you have "Use relay SMTP server" ticked?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jhawley

Messages: 4
Karma: 0
Send a private message to this user
This happens when forwarding mail for a domain off to another server. We have an exchange server that sits behind the kerio server.

1. Kerio recieves a message with <_a.t_>domain.com in it

2. It is forwarded to the internal mail server (exchange for example).

3. The exchange server rejects the mail. (no such user)

4. The kerio server sends a bounce message to the sender.


This seems like a good process, until you realize that a spammer can easily figure this out. All they would have to do is fake the sender address as the final destination address and then send email to fakeaddress<_a.t_>domain.com.

Turning on more black lists helped with this problem alot. as well as the spam repellent, but this still exists afaik.
  •  
Blotto

Messages: 27
Karma: 0
Send a private message to this user
Yes, i have a secondary mail server, that explains everything.

Thanks to both of you for clearing that up for me.

Guess i'll have to phase out that old mail server a little quicker!

Once again, thankyou!
  •  
jhawley

Messages: 4
Karma: 0
Send a private message to this user
It would be nice if you could have kerio do an LDAP search on the internal mail server to see if the user is valid before accepting the mail from the remote sender.

[Updated on: Thu, 07 August 2008 11:10]

  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
OK, this is important information to answer this problem. So your KMS acts as a relay host, at least for this domain.

There is nothing you can do on KMS to suppress the DSNs but you can change your Exchange so it accepts every recipient. Then, the bounce messages go away.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jhawley

Messages: 4
Karma: 0
Send a private message to this user
The way we ultimately fixed this is a little bit of DNS magic.
On an exchange server in most setups, the activedirectory domain is something.local. This means that users have an additional address of loginname<_a.t_>something.local. So according to the exchange server, the users have at least 2 addresses. One at something.com and one at something.local.

1. DNS server on KMS server. (KMS server not in AD)
We setup a DNS server on the KMS server and created a fake domain called something.local. This domain consists of 2 records. An A record for the internal mail server (with internal address) and a MX record for the domain(pointed at the A record). We gave it proper forwarders, and closed off inbound traffic to it. This way it can resolve and cache all DNS for the kerio server, and also support our domain redirects.

2. KMS Setup
Setup a domain called something.com (for the users public addresses) and create a user for each user on the exchange server. Then we forwarded each mailbox to its loginname<_a.t_>something.local counterpart.

With it setup this way, we can turn off domain forwarding. Now KMS can reject mail based on its local user list.
The only problem with this method is that it adds some management overhead. Everytime you change/add/delete an address, you have to do it both in KMS and on the Exchange server.

It seems a little difficult to setup, but it works very well. We have been using it for quite some time now.

Edit: Fixed some typos... It is 2:30am here...

[Updated on: Thu, 07 August 2008 11:32]

Previous Topic: iPhone 2.0 Exchange Settings for KMS 6.5
Next Topic: Quota Indicator in non-Webmail
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Sep 21 01:53:34 CEST 2017

Total time taken to generate the page: 0.00518 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.