Subj : Re: wcsap filtering and alias/translations To : All From : DAVE GOURD Date : Thu Jan 31 2019 19:18:36 Date: Wed, 12 Apr 2006 10:32:43 -0400 From: DAVE GOURD To: DAVE GOURD Subject: Re: wcsap filtering and alias/translations Newsgroups: win.server.smtp.&.avs Message-ID: <1144852363.46.1144819812@winserver.com> References: <1144819812.46.1144797423@winserver.com> X-WcMsg-Attr: Rcvd X-Mailer: Wildcat! Interactive Net Server v7.0.454.5 Lines: 169 Just a followup... FWIW - I don't think this settings change had any impact, but overnight since making the change in wcsap.ini to saphost, the false bouncing we have been experiencing has fallen off drastically. Inbound smtp traffic still pretty high, but 'Rejected Recipient Address' entries are less than 50% when compared with 7hour (midnight to 7am local) sample periods from the previous 7 days. Maybe the spammers are regrouping? ;) On 4/12/06 1:30 AM, DAVE GOURD wrote to HECTOR SANTOS: -> On 4/11/06 7:15 PM, HECTOR SANTOS wrote to DAVE GOURD: -> -> -> wrote in message -> news:1144792859.46.0@winserver.com... -> -> -> -> > Has anyone had problems with wcsap and translated/alias -> -> > email addresses? -> -> -> -> Dave, -> -> -> -> There is no relationship with WCSAP and your aliased/translated email -> -> accounts. WCSAP checks the sender address. Not your address. -> -> -> -> > I have been seeing at least one of my aliased/translated email accounts -> -> > getting rejected on a few occasions. -> -> -> -> How? It is accepted here: -> -> -> -> > 14:12:59 C: MAIL FROM: -> -> > 14:12:59 S: 250 ... -> -> > Sender validation pending. Continue. -> -> > 14:12:59 C: RCPT TO:<~alias-account-here~@foxriver.net> -> -> > 14:13:07 ** WCX Process: wcsap ret: 552 (Rejected by WCSAP CBV) -> -> > 14:13:07 S: 550 Return Path not verifiable. -> -> I understand that wcsap testing doesn't proceed if the user doesn't exist. I -> should have word the inquiry differently. The message was NOT rec'd here, I -> [choke] assumed we (foxriver.net) was rejected/denied by M$, but didn't -> understand why. At first I thought we rejected -> as a bad return path, but it didn't -> make sense at all. -> -> I really I don't understand why its all been working for so long now, perhaps -> just the circumstances of with the particular aliased addy and M$/hotmail. -> I've been going over my log archives, I at least 3 other similar problems with -> the same alias only going back as far as January 8 2006 - all in sessions with -> hotmail and/or microsoft- they must be more strict than the majority of mail -> servers on the net. That aliased addy has no absolutley no problem via yahoo -> mail or another outside mail server we use. -> -> I'm trying to fine tune things here- we fell victim to a joe job/spoofing; -> litterally hundreds of thousands of false bounces over the past 2 weeks now. -> Had to redo our spf.txt record, not even certain if it's totally correct yet, but -> taking troubleshooting one thing at a time. I'd like to get my hands on the -> goof that did that to us! -> -> -> -> -> RCPT TO: must pass first before bothering to try calling WCSAP to validate -> -> the sender. WCSMPT waits to see if RCPT TO: is ok for efficiency reasons. -> -> If it was bad, it would not call WCSAP and you would see a different -> -> message: -> -> -> -> 55x User Not found -> -> -> -> > Most recently the rejection came from an inquiry to M$ regarding mail -> from -> -> > our domain not getting delivered to hotmail accounts, but a reply was -> -> > evidently rejected (not good since I accused them of blocking our domain -> -> > :( -> -> -> -> > 20060411 14:13:01 000000e2 C: HELO [foxriver.net] -> -> > 20060411 14:13:07 000000e2 S: 501 5.5.4 Invalid Address -> -> > 20060411 14:13:07 000000e2 sapcbv : 501 -> -> > 20060411 14:13:07 000000e2 result : reject (0) -> -> > 20060411 14:13:07 000000e2 smtp code : 552 -> -> > 20060411 14:13:07 000000e2 wcsap finish (7547 msecs) -> -> -> -> The problem is the HELO line. -> -> -> -> Remove your change in WCSAP for SAPHOST. -> -> -> -> Put it back to: -> -> -> -> SapHost [serverdomain] <<-- MACRO for your domain -> -> -> -> or put your domain without the brackets: -> -> -> -> Saphost foxriver.net -> -> -> -> or put it with an brackets and your address: -> -> -> -> SapHost [12.134.134.98] -> -> -> -> But using the default will automatically set it for you. -> -> -> -> -> -> Hope this helps -> -> I'll take your word for it, I remember making the change but that's been that -> way since wcsap was relased for our use, at least pre- ver 2. -> -> I simply modified the wcsap.ini's install default from: -> SapHost [serverdomain] ; ** USE YOUR WCSMTP MX DOMAIN! ** -> to: -> SapHost [foxriver.net] ; ** USE YOUR WCSMTP MX DOMAIN! ** -> and now it's back to: -> SapHost [serverdomain] ; ** USE YOUR WCSMTP MX DOMAIN! ** -> -> - just substituted foxriver.net for the serverdomain. I should've known better -> as long as I've been in this. Domain/ip pairs are normally seen as -> domain name [x.x.x.x], just didn't ring the bells I suppose. -> -> Maybe for future reference in case someone with less experience (or dummys -> like me who miss the forest cause the trees were in the way), the remark -> might indicate the difference between the two. -> -> Anyway, I changed the ini file setting to the macro [serverdomain] (with the -> brackets). -> -> Is it possible this setting is why I am not getting outbound mail to hotmail -> accounts? -> -> Anyhow, Thanks for the explanation, we'll see how it works (I'm sure it will), -> have really been glad to have the wcsap. Between wcsap and firewalling -> smtp traffic with most of APNIC and a great deal of RIPE allocations, our -> incoming spam is down to less than 2% right now! -> -> -- -> Dave -> -> -> -> -> -- -> -> Hector -> -> -> -> -> -> -> -> -> -> -> -> --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .