PDA

View Full Version : Considered UNSOLICITED BULK EMAIL, apparently from you


alextuturiga
16th June 2010, 21:20
Hi,

I have made my linux mail server from http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch .

Now I have a problem.
Every day all the users receive an email like this:

A message from <alex@mydomain.ro> to:
-> alex@mydomain.ro

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 11555-15/1IMO9LkTybnG

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [113.166.50.243]
According to a 'Received:' trace, the message originated at: [113.166.50.243],
[113.166.40.161] unknown [113.166.50.243]

Return-Path: <alex@mydomain.ro>
Message-ID: <20100616144148.91ACB1E19A@mail.mydomain.ro>
Subject: Pfizer's sex chargers. as

Delivery of the email was stopped!


dsn_status

Reporting-MTA: dns; mail.mydomain.ro.mydomain.ro
Received-From-MTA: smtp; mail.mydomain.ro ([127.0.0.1])
Arrival-Date: Wed, 16 Jun 2010 17:41:49 +0300 (EEST)

Original-Recipient: rfc822;alex@mydomain.ro
Final-Recipient: rfc822;alex@mydomain.ro
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=11555-15 - SPAM
Last-Attempt-Date: Wed, 16 Jun 2010 17:41:49 +0300 (EEST)
Final-Log-ID: 11555-15/1IMO9LkTybnG


header

Return-Path: <alex@mydomain.ro>
Received: from [113.166.40.161] (unknown [113.166.50.243])
by mail.mydomain.ro (Postfix) with ESMTP id 91ACB1E19A
for <alex@mydomain.ro>; Wed, 16 Jun 2010 17:41:48 +0300 (EEST)
To: alex@mydomain.ro
From: Force a <alex@mydomain.ro>
Date: Wed, 16 Jun 2010 21:42:28 +0700
Subject: Pfizer's sex chargers. as
Reply-To: <alex@mydomain.ro>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <20100616144148.91ACB1E19A@mail.mydomain.ro>


I have replaced my real domain with mydomain.com

I don't know how to stop it.
I've tried to send email from alex@mydomain.ro to alex@mydomain.ro without AUTH and it worked.
How can I tel to postfix to require AUTH for all users, not only for the users that send email outside the domain?

Thank you very much

sjau
17th June 2010, 09:40
do you have a static IP address?

alextuturiga
17th June 2010, 15:45
yes, i have a static IP address

falko
18th June 2010, 11:32
It seems as if spammers are using one of your addresses as the sender address for their spam. This is possible even if they don't use your server to send their spam, and there's nothing you can do about it.

Mark_NL
18th June 2010, 13:12
I got these on our servers mostly when they send a mail to abc@abc.com and FROM abc@abc.com .. also idd what falko says is true .. i just let those mails discard.. since then no more backscatter mails :)

/etc/amavis/20-debian_defaults:

$final_spam_destiny = D_DISCARD; // (default: BOUNCE)

alextuturiga
18th June 2010, 13:12
All the users receive this kind of email.
how could a spammer know all the passwords?

Like a sad before if a send an email inside the domain without auth it works.
How can I configure postfix to request auth even in the same domain like it do when relays outside the domain?

Thanks

Mark_NL
18th June 2010, 13:41
They don't know your password ..

i can fake it to .. i just send an email to user@domain.com with alextuturga@mydomain.com as FROM address .. simple .. no need to use any authentication then.

alextuturiga
18th June 2010, 14:19
I thinks I don't understand what do you mean because if I try to send a mail outside mydomain.com I can't and nobody can without authentication.

So sending an email to user@domain.com with alextuturga@mydomain.com as FROM address is not possible.

What I don't understand also is why when I send an email inside the domain I don't need authentication and how can I do to request authentication.

falko
19th June 2010, 15:08
What I don't understand also is why when I send an email inside the domain I don't need authentication and how can I do to request authentication.
http://www.howtoforge.com/forums/showpost.php?p=214430&postcount=4


You can use whatever FROM address you like - it's a weakness in the SMTP protocol.