HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   got this message today.... i am stumped (http://www.howtoforge.com/forums/showthread.php?t=13524)

MisterVlad 19th June 2007 23:18
got this message today.... i am stumped
 
Code:
Subject:
Considered UNSOLICITED BULK EMAIL, apparently from you
From:
"Content-filter at server.example.com" <postmaster@server.example.com>
Date:
Tue, 19 Jun 2007 07:21:59 -0400
To:
<my.email@domain.com>
To:
<my.email@domain.com>

A message from <my.email@domain.com> to:
-> my.email@domain..com

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 28519-09/itz2DK10W1zO

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [83.19.181.162]
  cyv162.internetdsl.tpnet.pl
According to a 'Received:' trace, the message originated at:
[83.19.181.162],
  exchange.questtgo.com  (port=3895 helo=vjuptammxkc)

Return-Path: <my.email@domain.com>
Message-ID: <000c01c7b264$00691970$00fae48c@vjuptammxkc>
Subject: And perhaps I have begun and himself to be found himself; King does
  not say!  He had just Sutt

Delivery of the email was stopped!
What was this? the mail server i have set up, is the tutorial on here, the mysql postfix virtual server for Debian Etch.

Any help?

till 20th June 2007 08:21
You should check if your server acts as a open relay:

http://www.abuse.net/relay.html

Please post the output of:

postconf -n | grep mynetworks

MisterVlad 20th June 2007 09:30
Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do?

And I did a test via that url, and it came back with 15 tests, all failed, meaning I don't have an open relay.

The reason I posted that, was because my client got that email sent to him, and asked me what it was, and I told him that I don't know... but I will find out ;)

falko 21st June 2007 16:09
Quote:
Originally Posted by MisterVlad
Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do?
Till wanted to see your mynetworks setting. 127.0.0.0/8 is ok (it means that only localhost can send without authentication). Lots of people have additional values there which means that also other hosts can send without authentication, making it easy to abuse the server. But this is not the case here.

But it's possible that spammers are abusing web forms (contact forms) hosted on your server. Maybe that's the reason you got that mail.

MisterVlad 21st June 2007 18:09
Ok, so what this tried to be sent out from my mail server? was this a message from my mail server to me telling me what was going on? or was this a remote message from someone else? Just trying to get an understanding of this.

Thanks!

falko 22nd June 2007 13:52
Hard to tell...

Quote:
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
It's possible that the spammers faked the sender address (using your customer's email address), but did not send the mail through your server.


All times are GMT +2. The time now is 19:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.