Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th June 2007, 23:18
MisterVlad MisterVlad is offline
Member
 
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
Send a message via MSN to MisterVlad Send a message via Skype™ to MisterVlad
Default got this message today.... i am stumped

Code:
Subject:
Considered UNSOLICITED BULK EMAIL, apparently from you
From:
"Content-filter at server.example.com" <postmaster@server.example.com>
Date:
Tue, 19 Jun 2007 07:21:59 -0400
To:
<my.email@domain.com>
To:
<my.email@domain.com>

A message from <my.email@domain.com> to:
-> my.email@domain..com

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 28519-09/itz2DK10W1zO

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [83.19.181.162]
  cyv162.internetdsl.tpnet.pl
According to a 'Received:' trace, the message originated at:
[83.19.181.162],
  exchange.questtgo.com  (port=3895 helo=vjuptammxkc)

Return-Path: <my.email@domain.com>
Message-ID: <000c01c7b264$00691970$00fae48c@vjuptammxkc>
Subject: And perhaps I have begun and himself to be found himself; King does
  not say!  He had just Sutt

Delivery of the email was stopped!
What was this? the mail server i have set up, is the tutorial on here, the mysql postfix virtual server for Debian Etch.

Any help?
Reply With Quote
Sponsored Links
  #2  
Old 20th June 2007, 08:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,763
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

You should check if your server acts as a open relay:

http://www.abuse.net/relay.html

Please post the output of:

postconf -n | grep mynetworks
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 20th June 2007, 09:30
MisterVlad MisterVlad is offline
Member
 
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
Send a message via MSN to MisterVlad Send a message via Skype™ to MisterVlad
Default

Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do?

And I did a test via that url, and it came back with 15 tests, all failed, meaning I don't have an open relay.

The reason I posted that, was because my client got that email sent to him, and asked me what it was, and I told him that I don't know... but I will find out
Reply With Quote
  #4  
Old 21st June 2007, 16:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by MisterVlad
Code:
server:/home# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
server:/home#
OK... now, just curious, but what did that do?
Till wanted to see your mynetworks setting. 127.0.0.0/8 is ok (it means that only localhost can send without authentication). Lots of people have additional values there which means that also other hosts can send without authentication, making it easy to abuse the server. But this is not the case here.

But it's possible that spammers are abusing web forms (contact forms) hosted on your server. Maybe that's the reason you got that mail.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st June 2007, 18:09
MisterVlad MisterVlad is offline
Member
 
Join Date: Jun 2007
Location: Windsor, Ontario, CANADA
Posts: 61
Thanks: 1
Thanked 1 Time in 1 Post
Send a message via MSN to MisterVlad Send a message via Skype™ to MisterVlad
Default

Ok, so what this tried to be sent out from my mail server? was this a message from my mail server to me telling me what was going on? or was this a remote message from someone else? Just trying to get an understanding of this.

Thanks!
Reply With Quote
  #6  
Old 22nd June 2007, 13:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Hard to tell...

Quote:
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
It's possible that the spammers faked the sender address (using your customer's email address), but did not send the mail through your server.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rejecting outbound mail tristanlee85 General 11 20th May 2007 17:04
How to increase Message size problem AngelDrago Installation/Configuration 2 19th May 2007 16:24
I can´t send message to hotmail, yahoo. leeeonardo Server Operation 2 7th April 2007 14:32
Change Postfix Quota exceeded error message steowimmy Installation/Configuration 3 16th November 2006 15:20
Maximim message size HackerJL Installation/Configuration 2 19th August 2006 10:17


All times are GMT +2. The time now is 07:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.