Endless deliver loop, what was the exact reason?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Endless deliver loop, what was the exact reason?

Post by prisma » 2010-07-23 15:40

Setup:
* Local network with hMailServer 5
* some accounts exist only external on a Mailserver from a ISP
* some accounts of the external domain also exist local on hMailServer. External Emails are pulled from their external account via POP.
* some accounts only exist internal on hMailServer. From external senders these mailboxes receive their emails via the catch-all address from the ISP. "Deliver to recipients in Mime-header" was activated, deliver to route-recipients WAS ALSO ACTIVATED <--- !!!!
* SMTP is configured as relay via the Mailserver of the ISP
* an RECIPIENT INDEPENDENT route for my domain existed, to send emails also via the ISPs mailserver. This is configured, to tell hMailServer, that there are accounts also outside, and he should try it external there.

Problem:
I tested everything, worked wonderful! We went productive and at night after going productive we received a spam mail. CC to "not.existent.person1@my.existing.domain" and "not.existent.person2@my.existing.domain". In the morning I came to work and found hmailserver in an endless receive-and-deliver-loop. He received 1 mail with 2 unknown recipients, so he sent 2 mails via route, received 2 mails from catch-all, send 4 mails via route, and so on, exponential.

I decided to deactivate "deliver to recipients in Mime-headers" AND the sub-item "deliver to route-recipients". Nothing happened. So I redefined also the route for my domain, to deliver only to specified external adresses. SAFETY FIRST. Nothing happened. After clearing the send-queue he came back to normal.

To re-define the route, every time an external account is created, is circuitous. And internal-only accounts won't receive mails at the moment. So I have to change something :) I think my only fault was to check the sub-item "deliver to route-recipients". The rest should have been OK. But before I change something, I want to have this discussed with some forum-guys extensively ;)

So, what's your opinion?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Endless deliver loop, what was the exact reason?

Post by ^DooM^ » 2010-07-23 15:49

I'm not sure why hmail should be relaying emails if they dont exist, seems like an overly complicated setup, Why do you use your external ISP's mailserver with accounts that exist locally and externally? Why not just use your hmailserver or isp server?
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: Endless deliver loop, what was the exact reason?

Post by prisma » 2010-07-23 16:52

Where are you from? In Germany we have the problem that it isn't that easy to have your own mailserver runnig without relayer.

I don't want to discuss the scenario, I want to discuss the source of error. But to answer all questions:

1. Why not a real own mailserver without relaying?
a) Static external IPs are only included in expensive ISP-packages.
b) Even if you have an static external IP, the IP-Ranges are nearly all marked as spam and rejected from SMTPs.
c) So you have to spend even more money....

2. Why not only a mailserver from ISP?
a) Because of privacy.
b) Because we want to save and archive the mails inhouse.

3. Why are some accounts only local?
a) Frequently changing workers, freelancers and so on. It's less work to administrate them local.

4. Why are more accounts in the first place external? Why not all accounts via one catch-all address hosted by the ISP?
a) Because of the BCCs. They will only work if you are not relaying.
b) Because my chief want it that way, ok?

So, could we go on with the originally problem? ;)

Bill48105
Developer
Developer
Posts: 6189
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Endless deliver loop, what was the exact reason?

Post by Bill48105 » 2010-07-23 22:09

Wow prisma.. Expecting a lot with all that attitude. Unless it's difference in culture or language barrier it certainly read as rude to me anyway. I almost didn't bother responding but thought I'd take a shot @ helping to be nice.

I'm not DooM but I would have likely asked similar things because often it helps in finding a solution, perhaps even doing it a different/better way rather than spinning wheels trying to make a 1/2 baked setup work especially if parts are done in ways not intended for those parts to work in the 1st place..

Anyway, I read your original post numerous times to try & understand your setup & your issue. It would be immensely helpful to see your hmail settings but I am wondering if the best/simple solution would be to have 2 different domains, one for at ISP & one for local.. Or if you don't want that way maybe sub-domain like @yourdomain.com for ISP & @local.yourdomain.com. It is very likely the issue is confusion in the routing and the mail servers are just trying to do what they are designed to do (deliver to local domains or forward on) but with an odd setup they loop or bounce which is obviously not what you want & clearly bad.. The best way to fix it is to ensure each server knows 100% where mail should go and that requires uniqueness and no ambiguity and there are likely a few ways to get that done.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: Endless deliver loop, what was the exact reason?

Post by prisma » 2010-07-25 00:25

I'm not bearish. If anybody felt pissed, I'm very sorry. Possibly it's also a too direct or bad translation from German in to English, German works different. And I tried to explain a very complicated scenario in as less as possible words. Therefore I could also neglected friendliness. Sorry for that again. PS: "I want to have this discussed with some forum-guys extensively" was ironic. For this reason the smiley.

Bill48105, you mentioned a subdomain for the local accounts? It's impossible to modify partial addresses from something like mr.x@mydomain.com to mr.x@sub.mydomain.com. Sure, you can use aliases to get the original address back. But the problem was caused by the combination of fetch the catch-all address from ISP, "Deliver to recipients in Mime-header" and the route back to ISP for the original domain. As long I'm not able and allowed to modify the domain foreign senders really write to, your suggestion won't help and disorder in routing could every time be suspected. Or am I wrong???

You suggested this in another post of mine before. I think it possible to configure it that way. But I think it isn't necessary, and hadn't helped in my situation.

I only wanted to know, if somebody else has the opinion, that my fault was to configure following (and I sad my fault, I never sad hmail did something wrong):

The loop was: Fetch the catch-all address from ISP, deliver to recipients in Mime-header local, but allow routing of these recipients (!!) if not found local, and have a route back to the ISP. If somebody writes to an non-existent recipient of my domain now, the circle is closed.

Un-checking "deliver to route-recipients" should prevent the loop, if I understood right, how martin programmed it, and if I interpreted the facts I found in that morning right. It would be very nice to hear several opinions from other IT professionals.

Bill48105
Developer
Developer
Posts: 6189
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Endless deliver loop, what was the exact reason?

Post by Bill48105 » 2010-07-25 00:47

prisma,
Yes likely issue with translation. No worries, was just stating how it read to me.

To me seems sub domain or different domain is BEST way to solve it but if you can't do that then I guess not an option. (Again the reason is it removes ambiguity of what email goes where & that is likely your issue)

Something else that might help would be to put external account for each hmail user & not use 'Delivery to MIME headers' or 'allow route recipients' at all since they would not be needed. Drawback is you get much more pop traffic & requires 1:1 local to external users & may not be possible for you.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20000
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Endless deliver loop, what was the exact reason?

Post by mattg » 2010-07-25 06:21

Perhaps what you need is addresses within the route - http://www.hmailserver.com/documentatio ... ence_route

If you set the known addresses of you domain, that aren't handled locally, this should stop that SPAM circle that has been created in your setup.
If there are lots of these, or they change sometimes, perhaps you could them from a script...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: Endless deliver loop, what was the exact reason?

Post by prisma » 2010-07-25 11:59

Thank you for your reply, mattg.
Perhaps what you need is addresses within the route
To be sure to break the loop, I did this already:
So I redefined also the route for my domain, to deliver only to specified external adresses.
But I think this shouldn't be necessary, as long the checkbox "deliver to recipients in Mime-headers" (POP-connector of the catch-all address) is checked and the sub-item "deliver to route-recipients" is NOT CHECKED. (I hope I translated these items correct vice versa).

I couldn't find the checkbox "deliver route-recipients" in the documentation of external accounts. Could anybody please bring some light in the meaning of this checkbox?

User avatar
mattg
Moderator
Moderator
Posts: 20000
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Endless deliver loop, what was the exact reason?

Post by mattg » 2010-07-25 14:04

prisma wrote:But I think this shouldn't be necessary, as long the checkbox "deliver to recipients in Mime-headers" (POP-connector of the catch-all address) is checked and the sub-item "deliver to route-recipients" is NOT CHECKED. (I hope I translated these items correct vice versa).

I couldn't find the checkbox "deliver route-recipients" in the documentation of external accounts. Could anybody please bring some light in the meaning of this checkbox?
I agree, that's the behaviour that I'd expect to.
I can't see any documentation about that setting either.
(In the English version this is 'Allow route recipients')
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: Endless deliver loop, what was the exact reason?

Post by prisma » 2010-07-25 21:45

OK, I'll open a new thread about this checkbox to simplify the context.

Post Reply