Questions About Uncaught Bounce Notifications
I run an installation that has over 300 lists. Normally, for years, I received around 300 uncaught bounce notifications a day. In the past couple of months, it has dramatically increased to 3000 to 4000 a day. Some questions: what causes them? Can they be reduced? Do they hurt anything? Toes the increase mean a problem somewhere else?
Thanks!
Dave
On 7/17/19 4:23 PM, David Andrews wrote:
I run an installation that has over 300 lists. Normally, for years, I received around 300 uncaught bounce notifications a day. In the past couple of months, it has dramatically increased to 3000 to 4000 a day. Some questions: what causes them? Can they be reduced? Do they hurt anything? Toes the increase mean a problem somewhere else?
Most likely (you can tell by looking at them) they are spam sent to the listname-bounces address. They might also be out of office type responses sent by non compliant (RFC 5230) vacation programs or replies to list mail erroneously sent to the envelope sender.
What causes them is any message sent to a listname-bounces address that is not recognized as a delivery status notification by Mailman's bounce processing. At this point actual unrecognized DSNs are very rare, but if the message looks like a DSN and is unrecognized, you can post it here, and we will try to update the recognizers to recognize it.
You can set a list's Bounce processing -> bounce_unrecognized_goes_to_list_owner to No to eliminate the notices from that list, but then you will miss any real bounces which are unrecognized if there are any.
The only harm is the extra mail to deal with.
The increase is probably due to an increase in spam possibly due to various listname-bounces addresses getting on more spammers lists.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 7/17/19 8:18 PM, Mark Sapiro wrote:
On 7/17/19 4:23 PM, David Andrews wrote:
I run an installation that has over 300 lists. Normally, for years, I received around 300 uncaught bounce notifications a day. In the past couple of months, it has dramatically increased to 3000 to 4000 a day. Some questions: what causes them? Can they be reduced? Do they hurt anything? Toes the increase mean a problem somewhere else?
Most likely (you can tell by looking at them) they are spam sent to the listname-bounces address. They might also be out of office type responses sent by non compliant (RFC 5230) vacation programs or replies to list mail erroneously sent to the envelope sender.
What causes them is any message sent to a listname-bounces address that is not recognized as a delivery status notification by Mailman's bounce processing. At this point actual unrecognized DSNs are very rare, but if the message looks like a DSN and is unrecognized, you can post it here, and we will try to update the recognizers to recognize it.
You can set a list's Bounce processing -> bounce_unrecognized_goes_to_list_owner to No to eliminate the notices from that list, but then you will miss any real bounces which are unrecognized if there are any.
The only harm is the extra mail to deal with.
The increase is probably due to an increase in spam possibly due to various listname-bounces addresses getting on more spammers lists.
Here is a sample of one semi-regular bounce I get from a list I manage (I haved X'ed out the personal information included in the bounce). I suspect that one issue is that this is a bounce message, not a server refusing (thus they are probably back-scattering), and the bounce doesn't give the address that the message was sent to (though it is in the Delivered-To: header of the message that bounced that I trimmed).
Also, being a 'I think your a spammer' as opposed to 'That address isn't valid' message says I am not sure one really wants to count it as a bounce.
(pair.com/pairlist.net is my service provider, arlingtonlist.org is the domain for the mailing list, osiris.978.org is their domain)
Return-Path: <> X-Original-To: arlington-bounces@lists6.arlingtonlist.org Delivered-To: arlington-bounces@six.pairlist.net Received: from arjuna.pair.com (arjuna.pair.com [209.68.5.131]) by six.pairlist.net (Postfix) with ESMTP id D07DAA5F67 for <arlington-bounces@lists6.arlingtonlist.org>; Tue, 2 Jul 2019 08:30:16 -0400 (EDT) Received: (qmail 91008 invoked by uid 3409); 2 Jul 2019 12:30:16 -0000 Delivered-To: rdamon-arlingtonlist:org-arlington-bounces@arlingtonlist.org Received: (qmail 91002 invoked from network); 2 Jul 2019 12:30:16 -0000 Received: from mailwash50.pair.com (66.39.2.216) by arjuna.pair.com with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 2 Jul 2019 12:30:16 -0000 Received: from localhost (localhost [127.0.0.1]) by mailwash50.pair.com (Postfix) with SMTP id 710361322815 for <arlington-bounces@arlingtonlist.org>; Tue, 2 Jul 2019 08:30:16 -0400 (EDT) X-Virus-Check-By: mailwash50.pair.com Received: from localhost (localhost [127.0.0.1]) by mailwash50.pair.com (Postfix) with SMTP id 65CD31322778 for <arlington-bounces@arlingtonlist.org>; Tue, 2 Jul 2019 08:30:15 -0400 (EDT) Received: from osiris.978.org (osiris.978.org [98.110.203.122]) by mailwash50.pair.com (Postfix) with SMTP for <arlington-bounces@arlingtonlist.org>; Tue, 2 Jul 2019 08:30:11 -0400 (EDT) Received: (qmail 28339 invoked by uid 1000); 2 Jul 2019 08:30:09 -0400 Date: 2 Jul 2019 08:30:09 -0400 Message-ID: <20190702123009.28338.qmail@osiris.978.org> From: MAILER-DAEMON@osiris.978.org To: <arlington-bounces@arlingtonlist.org> Subject: failure notice In-Reply-To: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org> References: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org>
Hi. This is the bounce program. I'm afraid I've been instructed to return your message. It was refused by the recipient's junk mail controls.
To reach XXXXXXXXXXX, please telephone +1 888 XXXXXXX.
--- Below this line is a copy of the message.
-- Richard Damon
On 7/17/19 5:50 PM, Richard Damon wrote:
Here is a sample of one semi-regular bounce I get from a list I manage (I haved X'ed out the personal information included in the bounce). I suspect that one issue is that this is a bounce message, not a server refusing (thus they are probably back-scattering), and the bounce doesn't give the address that the message was sent to (though it is in the Delivered-To: header of the message that bounced that I trimmed).
Also, being a 'I think your a spammer' as opposed to 'That address isn't valid' message says I am not sure one really wants to count it as a bounce.
Yes, that is tricky, but assuming we do, I have some questions.
...
Subject: failure notice In-Reply-To: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org> References: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org>
These are Mailman generated Message-IDs indicating the message is some kind of Mailman generated notice and not a list post. Are they all like that or are some of them list posts?
Hi. This is the bounce program. I'm afraid I've been instructed to return your message. It was refused by the recipient's junk mail controls.
To reach XXXXXXXXXXX, please telephone +1 888 XXXXXXX.
--- Below this line is a copy of the message.
I could recognize this in simplematch <https://gitlab.com/warsaw/flufl.bounce/blob/master/flufl/bounce/_detectors/s...> with a start regexp of
^.*This is the bounce program. I'm afraid I've been instructed
and an address regexp of
^Delivered-To:\s*(?P<addr>[^\s@]+@[^\s@]+)\s*$')
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 7/17/19 10:36 PM, Mark Sapiro wrote:
On 7/17/19 5:50 PM, Richard Damon wrote:
Here is a sample of one semi-regular bounce I get from a list I manage (I haved X'ed out the personal information included in the bounce). I suspect that one issue is that this is a bounce message, not a server refusing (thus they are probably back-scattering), and the bounce doesn't give the address that the message was sent to (though it is in the Delivered-To: header of the message that bounced that I trimmed).
Also, being a 'I think your a spammer' as opposed to 'That address isn't valid' message says I am not sure one really wants to count it as a bounce.
Yes, that is tricky, but assuming we do, I have some questions.
...
Subject: failure notice In-Reply-To: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org> References: <mailman.1670.1561691523.13590.arlington@arlingtonlist.org>
These are Mailman generated Message-IDs indicating the message is some kind of Mailman generated notice and not a list post. Are they all like that or are some of them list posts?
The user is subscribed to the digest, and that is what was seen as spam. Digests of course have mailman generated Message-IDs.
Hi. This is the bounce program. I'm afraid I've been instructed to return your message. It was refused by the recipient's junk mail controls.
To reach XXXXXXXXXXX, please telephone +1 888 XXXXXXX.
--- Below this line is a copy of the message.
I could recognize this in simplematch <https://gitlab.com/warsaw/flufl.bounce/blob/master/flufl/bounce/_detectors/s...> with a start regexp of
^.*This is the bounce program. I'm afraid I've been instructed
and an address regexp of
^Delivered-To:\s*(?P<addr>[^\s@]+@[^\s@]+)\s*$')
One issue is that this is a shared instance of mailman (mailman is installed on *.pairlist.net) so I can't get to any of the files to make a change to try this.
-- Richard Damon
participants (3)
-
David Andrews -
Mark Sapiro -
Richard Damon