This a short specific technical question about an exchange between two MTAs. It is derived from this question in Superuser, which is broader and contains some rants about technical support from specific email providers. Below is a highly-sanitized version of log file entries taken from the logs of an outgoing MTA, where 1.2.3.4 is the IP address of the outgoing MTA, and 5.6.7.8 is the IP address of the receiving MTA. The original sender received no bounce message, and the mail was never delivered to the recipient (neither inbox nor spam folder nor trash). I would like to understand the meaning of the bounce="false" parameter in the 553 response from the receiving MTA. (Note that the entries are ordered newest-to-oldest, as shown by the timestamps). Thanks!
20210812 09:29:10.177 core sid="id1" id="id1id2"
ip="1.2.3.4" action="PERMERR" dstmta="5.6.7.8" age="61" code="553"
reason="553 5.3.0 198.71.225.36 Your message was rejected for possible spam/virus
content.Please ask your email provider to visit http://emailadmin.registeredsite.com
for resolution.\r\n" account="[email protected]""
fwd="0" bounce="false" mailfrom="[email protected]" fromdomain="sending-example.com"
recipient_list="[email protected]" todomain="receiving-example.com"
subject="Sad news" subject_hash="f35ba6823f3a91025f0a495ed7de3b59" script="" script_ip=""
20210812 09:28:09.658 core sid="id1" id="id1id2"
ip="1.2.3.4" action="ACCEPT" reason="CLEAN" account="[email protected]"
fwd="0" mailfrom="[email protected]" fromdomain="sending-example.com"
recipient_list="[email protected]" todomain="receiving-example.com" subject="Sad news"
subject_hash="f35ba6823f3a91025f0a495ed7de3b59" script="" script_ip=""
Edit 1:
This doesn't really answer the question as asked, but in subsequent support calls with the two email providers involved, there seemed to be some agreement that the receiving MTA that gave the 553 response to the sending MTA was the one that should have sent a bounce message to the envelope sender. However, an agent for the receiving MTA pointed out to me today that their 553 response itself contains a 3rd IP address: 198.71.225.36. And that that address is the one being complained about, and it is in fact blacklisted if you check at the url contained in the message. All this time I hadn't noticed that address as relevant (or even an address, could have been section numbers like 5.3.0 or something). The 1.2.3.4 was the IP address for the server identified by the MX entry in the zone file for the sending domain, so I assumed it was the one that must have been blacklisted! I haven't yet gotten an explanation for the 'bounce="false"' parameter, or which server generated it.