1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

"Backscattering" prevention is broke

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by qnet, Jan 9, 2012.

  1. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    From 10.4.4 release notes:

    [+] (Only for Linux) Mailboxes do not accept new mail if the mailbox quota is exceeded. Both Qmail and Postfix will reject incoming mail when the target mailbox is over quota instead of bouncing it as before. The previous behavior was known as backscattering and might have caused Plesk server getting in antispam DNS blacklists.

    This new feature is broke for several reasons:

    1) It completely changes the functionality of mail handling on the server.

    2) It's not optional and is enabled by default.

    3) You don't have the choice of selecting a 5xx or 4xx response if a customer's mailbox is full.

    4) The server responds with "Command rejected" after DATA, not something useful like "Mailbox full".

    Jan 9 21:48:13 plesk postfix/cleanup[26095]: A40DD600A71: milter-reject: END-OF-MESSAGE from [70.99.x.x]: 5.7.1 Command rejected; from=<> to=<> proto=ESMTP helo=<>

    This either needs to be made configurable in the GUI or you need to tell us how to disable it via CLI because how it is now is broke.

    Thank you.
     
  2. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    IgorG, are you the person that I should contact about resolving this issue?

    Thank you.
     
  3. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    From the lack of response to this issue, I suspect I'm the only one running 10.4.4, the only one having this problem, or the only one that thinks returning "5.7.1 Command rejected" in response to an over quota situation is unsatisfactory.

    Has anyone else seen this problem?
     
  4. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    ---------------------------------------------------------------
    PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
    Parallels Plesk, 10.4.4, Ubuntu 10.04 LTS, X64

    PROBLEM DESCRIPTION AND STEPS TO REPRODUCE
    When Postfix receives mail for a mailbox that is over quota, psa-pc-remote milter will reject the message causing a "5.7.1 Command rejected" response to the DATA command. The message is never queued and the sender never receives a necessary "Mailbox full" response.

    ACTUAL RESULT
    Jan 9 21:48:13 plesk postfix/cleanup[26095]: A40DD600A71: milter-reject: END-OF-MESSAGE from [70.99.x.x]: 5.7.1 Command rejected; from=<> to=<> proto=ESMTP helo=<>

    EXPECTED RESULT
    The sender of the email to the recipient with the full mailbox should receive a message that states the recipient's mailbox is full, not that the command was rejected. The psa-pc-remote milter should either be changed to do this, or the quota check should be removed. Returning "5.7.1 Command rejected" is hardly the proper response.
    --------------------------------------------------------------
     
  5. EgidijusS

    EgidijusS Regular Pleskian

    23
    23%
    Joined:
    Jan 22, 2010
    Messages:
    183
    Likes Received:
    0
    Location:
    Vilnius, Lithuania
    I agree with You. I think better is enable by default "Mailbox full", but not reject message without reason.
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,564
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    I have forwarded you request to developers from Plesk Service Team. I will update thread with results as soon as I receive them.
     
  7. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    IgorG, do you have an update on this. You cannot image the support issue this is causing our company. It's bad enough when people can't read and/or understand "Mailbox full". Imagine what happens when they get "Command rejected".

    Also, this is a generic response for any number of problems, one of which is when their mailbox is full. Since there can be multiple reasons that will generate a "Command rejected" response from the milter, it is a real pain in the rear to know what's really going on.

    In the meantime, can I just comment out these lines from main.cf:

    smtpd_milters = inet:localhost:12768
    non_smtpd_milters = inet:localhost:12768
     
  8. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,564
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Request still under developer's investigation.
    Did you try to restart pc-remote service?

    # /etc/init.d/pc-remote stop
    # /etc/init.d/pc-remote start
     
  9. burnleyvic

    burnleyvic Regular Pleskian

    17
    85%
    Joined:
    Nov 9, 2011
    Messages:
    174
    Likes Received:
    1
    Igor, same problem here, I keep getting "milter-reject: END-OF-MESSAGE from unknown[xxx.xxx.xxx.xxx]: 5.7.1 Command rejected" log messages for over-quota mailboxes.
    I have no problem with the bounce, but with the bounce message: "5.7.1 Command rejected" is meaningless.
     
  10. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    I am certainly willing to try anything, but I don't think the problem is the service needing to be restarted. You added this "backscattering" milter to 10.4.0:

    "Command rejected" is just plain the wrong response to a quota exceeded condition.

    The proper response to a quota exceeded condition is either a "5xx", or better yet, a "4xx" response that says, "Mailbox is full" or "Mailbox quota has been exceeded". At a minimum, please make this "backscatter" nonsense an option in the mail configuration.

    This is a REAL problem that needs to be addressed.

    Thanks to others for chiming in. I have a feeling resolving this problem is falling on deaf ears at Plesk.
     
    Last edited: Feb 16, 2012
  11. philippe henneau

    philippe henneau Basic Pleskian

    23
    57%
    Joined:
    Mar 15, 2009
    Messages:
    40
    Likes Received:
    0
    re: same issue here wirh 10.4.4 (postfix)

    Hello there,
    We can just emphasize this, had several customer complains about this recently, the last wrote us "please convey this to Parallels", I just did it!
    User expects a Quota warning error ( they dont understand the command refused error and open a support ticket with us)
    Philippe
     
  12. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    Igor, while we're all waiting for a fix, can you provide safe instructions for disabling the backscatter milter? I'm thinking we only need to comment out the following lines from main.cf:

    smtpd_milters = inet:localhost:12768
    non_smtpd_milters = inet:localhost:12768

    But some confirmation would be appreciated.
     
  13. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    Better yet, how about making the milter open source and providing the source code so the community can take care of this issue??
     
  14. vmonroigv

    vmonroigv New Pleskian

    13
    35%
    Joined:
    Sep 9, 2011
    Messages:
    14
    Likes Received:
    0
    Same problem here. Still no news?
     
  15. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    Still no news. I'm going to give Parallels a couple more days. If they continue to ignore this issue, I'll work on a procedure for disabling the backscatter milter and post it here.
     
  16. burnleyvic

    burnleyvic Regular Pleskian

    17
    85%
    Joined:
    Nov 9, 2011
    Messages:
    174
    Likes Received:
    1
    qnet, vmonroigv, I've just submitted a ticket with Parallels for this and I'll try to keep this thread updated. In the meantime you can look at this post where I described how to replace Plesk's milter with spamass-milter:
    http://forum.parallels.com/showpost.php?p=604266&postcount=59
    You'll most likely lose mailbox quota checks and you'll have *all* the email scanned for spam on that server in the default configuration, but at least you'll benefit from having proper error messages returned back to Postfix with the corresponding SMTP code. Use the information in that post at your risk.
     
  17. vmonroigv

    vmonroigv New Pleskian

    13
    35%
    Joined:
    Sep 9, 2011
    Messages:
    14
    Likes Received:
    0
    Worth a look. Thanks!
     
  18. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    Ok, it would seem that Parallels has decided to completely ignore this problem. I will spend some time this evening to determine the steps required to disable this "backscatter" milter and post them here.
     
  19. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,564
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Try to use attached binaries for Plesk 10.4.4 for cos5x64 and update thread with results.
     

    Attached Files:

  20. qnet

    qnet Basic Pleskian

    23
    23%
    Joined:
    Feb 11, 2004
    Messages:
    29
    Likes Received:
    0
    Igor, I submitted the bug for Ubuntu 10.04. I'm pretty new to dealing with 1,000 flavors of Linux (we were forced to switch to Linux from FreeBSD due to Plesk dropping support for FreeBSD). I assume the zip you attached is CentOS 5. Is that binary-compatible with Ubuntu 10.04?
     
Loading...