How to address spam bounce on exceeded quota issue?

Question

I'm investigating a mail server blacklist issue.

Our mail server had a user over quota, which resulted in emails being bounced back to senders with a"user over quota" message. Some of these emails are spam with forged From field. The messages are bounced to the forger From address. As a consequence, our server has been added to some blacklist. Does this make sense?

I'm not sure how to address this. I think the "user over quota" message is useful: as a sender, I want to be notified when my message was not delivered.

An option could be to not bounce the message if it is detected as spam. We're using postfix and spamassassin and when displaying such a message with postcat -q, I can see the message has a huge spam score.

How should we proceed?

In our configuration, spamassassin only marks the messages and each user may use sieve to filter / delete / move messages. Should spamassassin itself delete huge score messages? Should postfix check spam score before bouncing messages, or rather before trying to deliver it in the first place?

I don't want to reinvent the wheel so while my ideas above might work, I'd like to know how people usually solve this.

Rather than bouncing the message (sending a “new” message to the original or spoofed Sender announcing the over-quota situation ) after it was initially accepted for delivery , reject the message during the smtp negotiation. The “how” depends on the LDA . For postfix + dove it for instance an option appears to be: https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html — Bob, Aug 17 '20 at 21:55
@HermanB Worked like a charm, thanks. Make it an answer and I'll accept it. Your link provides both the explanation and the implementation. — Jérôme, Aug 17 '20 at 22:40

score 1 · Accepted Answer · answered Aug 18 '20 at 12:57

Rather than bouncing the message (sending a “new” message to the original or spoofed Sender announcing the over-quota situation ) after it was initially accepted for delivery , reject the message during the smtp negotiation.

The “how” depends on the LDA .

For postfix + dovecot for instance an option appears to be:

http://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html

First of all you need to activate and configure the quota-status-service in Dovecots dovecot.conf:

   plugin {
        ...
       quota_grace = 10%%
       # 10% is the default
       quota_status_success = DUNNO
       quota_status_nouser = DUNNO
       quota_status_overquota = "552 5.2.2 Mailbox is full"
        ...
     }
      
       service quota-status {
          executable = quota-status -p postfix
           inet_listener {
          port = 12340
          # You can choose any port you want
        }
              client_limit = 1
      }

In order to use your newly configured Dovecot policy-service, you need to tell Postfix to communicate with the service in main.cf:

    smtpd_recipient_restrictions =
       ...
       check_policy_service inet:mailstore.example.com:12340

How to address spam bounce on exceeded quota issue?

1 Answers1