19th June 2007, 23:18
|
|
Member
|
|
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
|
|
got this message today.... i am stumped
Code:
Subject:
Considered UNSOLICITED BULK EMAIL, apparently from you
From:
"Content-filter at server.example.com" <postmaster@server.example.com>
Date:
Tue, 19 Jun 2007 07:21:59 -0400
To:
<my.email@domain.com>
To:
<my.email@domain.com>
A message from <my.email@domain.com> to:
-> my.email@domain..com
was considered unsolicited bulk e-mail (UBE).
Our internal reference code for your message is 28519-09/itz2DK10W1zO
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.
First upstream SMTP client IP address: [83.19.181.162]
cyv162.internetdsl.tpnet.pl
According to a 'Received:' trace, the message originated at:
[83.19.181.162],
exchange.questtgo.com (port=3895 helo=vjuptammxkc)
Return-Path: <my.email@domain.com>
Message-ID: <000c01c7b264$00691970$00fae48c@vjuptammxkc>
Subject: And perhaps I have begun and himself to be found himself; King does
not say! He had just Sutt
Delivery of the email was stopped!
What was this? the mail server i have set up, is the tutorial on here, the mysql postfix virtual server for Debian Etch.
Any help?
|
20th June 2007, 08:21
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,248 Times in 3,260 Posts
|
|
You should check if your server acts as a open relay:
http://www.abuse.net/relay.html
Please post the output of:
postconf -n | grep mynetworks
|
20th June 2007, 09:30
|
|
Member
|
|
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
|
|
Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do?
And I did a test via that url, and it came back with 15 tests, all failed, meaning I don't have an open relay.
The reason I posted that, was because my client got that email sent to him, and asked me what it was, and I told him that I don't know... but I will find out 
|
21st June 2007, 16:09
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
|
|
Quote:
|
Originally Posted by MisterVlad
Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do? |
Till wanted to see your mynetworks setting. 127.0.0.0/8 is ok (it means that only localhost can send without authentication). Lots of people have additional values there which means that also other hosts can send without authentication, making it easy to abuse the server. But this is not the case here.
But it's possible that spammers are abusing web forms (contact forms) hosted on your server. Maybe that's the reason you got that mail.
|
21st June 2007, 18:09
|
|
Member
|
|
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
|
|
Ok, so what this tried to be sent out from my mail server? was this a message from my mail server to me telling me what was going on? or was this a remote message from someone else? Just trying to get an understanding of this.
Thanks!
|
22nd June 2007, 13:52
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
|
|
Hard to tell...
Quote:
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
|
It's possible that the spammers faked the sender address (using your customer's email address), but did not send the mail through your server.
|
| Thread Tools |
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 23:42.
|
English | 
Deutsch
Recent comments
7 hours 16 min ago
8 hours 16 min ago
12 hours 3 min ago
13 hours 17 min ago
16 hours 53 min ago
1 day 8 min ago
1 day 9 hours ago
1 day 10 hours ago
2 days 1 hour ago
2 days 4 hours ago