Bounces are handled are TransientFailure

Bjarn · May 3, 2025, 1:43pm

Hello,

For some receiving parties we notice hard bounces are not handled correctly.

For example, we received a 550, but it was reported as a “KumoMTA internal”:

"responseContent": "KumoMTA internal: failed to connect to any candidate hosts: connect to SOME_IP:25 and read initial banner: Command rejected Response { code: 550, enhanced_code: Some(EnhancedStatusCode { class: 5, subject: 7, detail: 1 }), content: \"Connection refused - IB115. OUR_IP is blacklisted. If you\\nbelieve this to be in error please contact postmaster@XXX.com\\ni{XXXX}\", command: None }, connect to SOME_IP:25 and read initial banner: Command rejected Response { code: 550, enhanced_code: Some(EnhancedStatusCode { class: 5, subject: 7, detail: 1 }), content: \"Connection refused - IB115. OUR_IP is blacklisted. If you\\nbelieve this to be in error please contact postmaster@XXX.com\\ni{XXXX}\", command: None }"

This is then represented as TransientFailure with status code 400, causing it to retry after some minutes.

Is this something we should fix on our side or is caused by the receiving party?

Thanks a lot!

Areeb · May 3, 2025, 1:45pm

Well, the error you pasted isn’t a hard bounce

Areeb · May 3, 2025, 1:45pm

The remote server could be down, so the email should be reattempted after a while

Bjarn · May 3, 2025, 1:45pm

I accidentally omitted too much, but in this case it was a blacklisted IP

Areeb · May 3, 2025, 1:46pm

Aaahh

Mike · May 3, 2025, 1:46pm

That is not permanent in terms of the message, especially in terms of an IP pool.

Bjarn · May 3, 2025, 1:47pm

(I have updated the message now)

wez · May 3, 2025, 1:47pm

Since the error manifests at connect time, before we sent any per-message fields, we attribute it as a transport error; we don’t know that the destination has blocked everything.

transport errors are always considered to be transient.

You can use smtp_client_rewrite_delivery_status - KumoMTA Docs to override the disposition if you happen to know better.

Mike · May 3, 2025, 1:47pm

You can always rewrite the bounce or add a TSA action to bounce the queue.

Bjarn · May 3, 2025, 1:47pm

Ohhh interesting! Thanks a lot!

Bjarn · May 3, 2025, 1:48pm

I have seen it once some time ago, with t-online.de. They blocked the IP as it was fairly new and we never sent them anything yet. I found it strange, but that’s useful to know

Areeb · May 3, 2025, 1:48pm

T-Online blocks all new IPs by default, iirc

Areeb · May 3, 2025, 1:48pm

But they are quick to whitelist if you contact them

Bjarn · May 3, 2025, 1:49pm

Yep they were very quick

wez · May 3, 2025, 1:49pm

if we treated it as a permfail then you wouldn’t be able to fallback to an alternative source in a pool with better reputation

Bjarn · May 3, 2025, 1:49pm

Ahhh! That makes sense

Bjarn · May 3, 2025, 1:50pm

Thanks all