Does Gmail ignore sending / discard DSN caused by rejects?

Sun Aug 8 01:48:24 CEST 2021

Hello Jean!

On Sunday 08 August 2021 01:13:27 Jean-Michel Brünn wrote:
> Hi there,
> 
> I've setup amavisd-new with amavisd-milter (amavisd-new 2.11.1,
> amavisd-milter 1.7.1, Postfix 3.5.6).
> 
> I'm using D_REJECT for $final_virus_destination. If I use telnet I can
> see that it does reject correctly:
> 
>     Connected to mail.no-uce.de.
>     Escape character is '^]'.
>     220 mail.no-uce.de ESMTP Postfix
>     EHLO example.com
>     250-mail.no-uce.de
>     250-PIPELINING
>     250-SIZE
>     250-VRFY
>     250-ETRN
>     250-STARTTLS
>     250-ENHANCEDSTATUSCODES
>     250-8BITMIME
>     250-DSN
>     250-SMTPUTF8
>     250 CHUNKING
>     MAIL FROM:<someone at example.com>
>     250 2.1.0 Ok
>     RCPT TO:<himself at jeanbruenn.info>
>     250 2.1.5 Ok
>     DATA
>     354 End data with <CR><LF>.<CR><LF>
>     << EICAR SIGNATURE HERE >>
> 
>     .
>     *554 5.7.0 Reject, id=06986-07 - INFECTED: Eicar-Signature*
>     quit
>     221 2.0.0 Bye
>     Connection closed by foreign host.
> 
> So that seems to work.
> 
> If I use my gmail address and send an E-Mail from gmail to my server I
> can see it rejected in the logs:
> 
>     Aug  8 01:00:00 mail amavis[6987]: (06987-07) Blocked INFECTED
>     (Eicar-Signature) {*RejectedInbound*}, AM.PDP-SOCK [209.85.208.41]
>     [209.85.208.41] <xxx at gmail.com> -> <himself at jeanbruenn.info>,
>     Queue-ID: C2D7113F99D, Message-ID:
>     <CAHJLFye_NLns9UekM=mEXNxbb8EfyXbO0a7+N99kyQQtPXLqYw at mail.gmail.com>,
>     mail_id: QNMup7dScVzw, Hits: -, size: 3173,
>     dkim_sd=20161025:gmail.com, 462 ms
>     Aug  8 01:00:00 mail postfix/cleanup[7313]: C2D7113F99D:
>     milter-reject: END-OF-MESSAGE from
>     mail-ed1-f41.google.com[209.85.208.41]:*5.7.0 Reject*, id=06987-07 -
>     INFECTED: Eicar-Signature; from=<xxx at gmail.com>
>     to=<himself at jeanbruenn.info> proto=ESMTP helo=<mail-ed1-f41.google.com>
> 
> (and no, xxx@ is not my real gmail address :-))
> 
> So that seems to work as well.
> 
> 
> But: I never get anything (DSN?) in my gmail mail. So I'm wondering if I
> configured something wrongly on my side or if google just discards some
> specific DSNs.
> 
> If I send an E-Mail from gmail to a non-existing mail address I get a
> message in my gmail inbox, that that address does not exist.

In this case when recipient email address does not exist, target SMTP
server usually returns error code for RCPT TO command.

But of course, it is possible to accept RCPT TO and then reject DATA
command.

Could you try to reconfigure your server to reject RCPT TO command? It
would be good to verify if something changes or not.

I do not see any obvious issue neither from telnet output nor from log.

> I was searching in all folders of that gmail web account but I couldn't
> find it anywhere.
> 
> 
> I'm curious: anyone else observed this behavior with gmail? If google
> does not inform their users about mails that were rejected, this might
> be very problematic, hence I'm a bit confused and wondering if I
> configured something wrong.

More people told me about similar issues with Gmail. Basically Gmail is
known to "eat" emails in both direction. Not exactly this issue but from
past I also have experiences when Gmail somewhere lost emails.

So I'm not surprised that on gmail you have not got any notification
that email was rejected.

Funny part is that sometimes also google services (e.g. google groups)
are not able to deliver emails to gmail account.

In past I got advice that for sending & receiving emails on gmail, just
use gmail account.

> Jean
> 
> 