• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

"Backscattering" prevention is broke

qnet

Basic Pleskian
From 10.4.4 release notes:

[+] (Only for Linux) Mailboxes do not accept new mail if the mailbox quota is exceeded. Both Qmail and Postfix will reject incoming mail when the target mailbox is over quota instead of bouncing it as before. The previous behavior was known as backscattering and might have caused Plesk server getting in antispam DNS blacklists.

This new feature is broke for several reasons:

1) It completely changes the functionality of mail handling on the server.

2) It's not optional and is enabled by default.

3) You don't have the choice of selecting a 5xx or 4xx response if a customer's mailbox is full.

4) The server responds with "Command rejected" after DATA, not something useful like "Mailbox full".

Jan 9 21:48:13 plesk postfix/cleanup[26095]: A40DD600A71: milter-reject: END-OF-MESSAGE from [70.99.x.x]: 5.7.1 Command rejected; from=<> to=<> proto=ESMTP helo=<>

This either needs to be made configurable in the GUI or you need to tell us how to disable it via CLI because how it is now is broke.

Thank you.
 
From the lack of response to this issue, I suspect I'm the only one running 10.4.4, the only one having this problem, or the only one that thinks returning "5.7.1 Command rejected" in response to an over quota situation is unsatisfactory.

Has anyone else seen this problem?
 
---------------------------------------------------------------
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk, 10.4.4, Ubuntu 10.04 LTS, X64

PROBLEM DESCRIPTION AND STEPS TO REPRODUCE
When Postfix receives mail for a mailbox that is over quota, psa-pc-remote milter will reject the message causing a "5.7.1 Command rejected" response to the DATA command. The message is never queued and the sender never receives a necessary "Mailbox full" response.

ACTUAL RESULT
Jan 9 21:48:13 plesk postfix/cleanup[26095]: A40DD600A71: milter-reject: END-OF-MESSAGE from [70.99.x.x]: 5.7.1 Command rejected; from=<> to=<> proto=ESMTP helo=<>

EXPECTED RESULT
The sender of the email to the recipient with the full mailbox should receive a message that states the recipient's mailbox is full, not that the command was rejected. The psa-pc-remote milter should either be changed to do this, or the quota check should be removed. Returning "5.7.1 Command rejected" is hardly the proper response.
--------------------------------------------------------------
 
I agree with You. I think better is enable by default "Mailbox full", but not reject message without reason.
 
I have forwarded you request to developers from Plesk Service Team. I will update thread with results as soon as I receive them.
 
IgorG, do you have an update on this. You cannot image the support issue this is causing our company. It's bad enough when people can't read and/or understand "Mailbox full". Imagine what happens when they get "Command rejected".

Also, this is a generic response for any number of problems, one of which is when their mailbox is full. Since there can be multiple reasons that will generate a "Command rejected" response from the milter, it is a real pain in the rear to know what's really going on.

In the meantime, can I just comment out these lines from main.cf:

smtpd_milters = inet:localhost:12768
non_smtpd_milters = inet:localhost:12768
 
Request still under developer's investigation.
Did you try to restart pc-remote service?

# /etc/init.d/pc-remote stop
# /etc/init.d/pc-remote start
 
Igor, same problem here, I keep getting "milter-reject: END-OF-MESSAGE from unknown[xxx.xxx.xxx.xxx]: 5.7.1 Command rejected" log messages for over-quota mailboxes.
I have no problem with the bounce, but with the bounce message: "5.7.1 Command rejected" is meaningless.
 
Request still under developer's investigation.
Did you try to restart pc-remote service?

# /etc/init.d/pc-remote stop
# /etc/init.d/pc-remote start

I am certainly willing to try anything, but I don't think the problem is the service needing to be restarted. You added this "backscattering" milter to 10.4.0:

Mailboxes do not accept new mail if the mailbox quota is exceeded. Both Qmail and Postfix will reject incoming mail when the target mailbox is over quota instead of bouncing it as before. The previous behavior was known as backscattering and might have caused Plesk server to be included in in anti-spam DNS blacklists.

"Command rejected" is just plain the wrong response to a quota exceeded condition.

The proper response to a quota exceeded condition is either a "5xx", or better yet, a "4xx" response that says, "Mailbox is full" or "Mailbox quota has been exceeded". At a minimum, please make this "backscatter" nonsense an option in the mail configuration.

This is a REAL problem that needs to be addressed.

Thanks to others for chiming in. I have a feeling resolving this problem is falling on deaf ears at Plesk.
 
Last edited:
re: same issue here wirh 10.4.4 (postfix)

Hello there,
We can just emphasize this, had several customer complains about this recently, the last wrote us "please convey this to Parallels", I just did it!
User expects a Quota warning error ( they dont understand the command refused error and open a support ticket with us)
Philippe
 
Igor, while we're all waiting for a fix, can you provide safe instructions for disabling the backscatter milter? I'm thinking we only need to comment out the following lines from main.cf:

smtpd_milters = inet:localhost:12768
non_smtpd_milters = inet:localhost:12768

But some confirmation would be appreciated.
 
Better yet, how about making the milter open source and providing the source code so the community can take care of this issue??
 
qnet, vmonroigv, I've just submitted a ticket with Parallels for this and I'll try to keep this thread updated. In the meantime you can look at this post where I described how to replace Plesk's milter with spamass-milter:
http://forum.parallels.com/showpost.php?p=604266&postcount=59
You'll most likely lose mailbox quota checks and you'll have *all* the email scanned for spam on that server in the default configuration, but at least you'll benefit from having proper error messages returned back to Postfix with the corresponding SMTP code. Use the information in that post at your risk.
 
Ok, it would seem that Parallels has decided to completely ignore this problem. I will spend some time this evening to determine the steps required to disable this "backscatter" milter and post them here.
 
Try to use attached binaries for Plesk 10.4.4 for cos5x64 and update thread with results.
 

Attachments

  • cos5_x64.zip
    63.1 KB · Views: 18
Igor, I submitted the bug for Ubuntu 10.04. I'm pretty new to dealing with 1,000 flavors of Linux (we were forced to switch to Linux from FreeBSD due to Plesk dropping support for FreeBSD). I assume the zip you attached is CentOS 5. Is that binary-compatible with Ubuntu 10.04?
 
Back
Top