Mail System Error - Returned Mail

[tristanlee85]

As of about 5 days ago I started getting a ton of these messages and I'm not sure why. I'm able to send out mail because I tested with some of my friends. I searched on RoadRunner's site, but that didn't give me any information. Does this mean anything to you guys?

HTML Code:

This Message was undeliverable due to the following reason:

Your message was not delivered because the destination computer was
not reachable within the allowed queue period.  The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.

Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.

Your message was not delivered within 4 days and 0 hours.
Host localhost.localdomain.vasceria.com is not responding.

The following recipients did not receive this message:

     <admispconfig@localhost.localdomain.vasceria.com>

The following websites may contain more information to assist you:

http://help.rr.com/HMSLogic/rrmail.aspx

http://security.rr.com/help.htm

http://security.rr.com/contact.htm

Please do not reply to this message, as it will go to an unread
mailbox



Reporting-MTA: dns; hrndva-qmta04.mail.rr.com
Arrival-Date: Tue, 19 Feb 2008 22:53:52 +0000
Received-From-MTA: dns; server.vasceria.com (24.93.105.27)

Original-Recipient: rfc822;admispconfig@localhost.localdomain.vasceria.com
Final-Recipient: RFC822; <admispconfig@localhost.localdomain.vasceria.com>
Action: failed
Status: 4.4.7
Remote-MTA: dns; localhost.localdomain.vasceria.com



Subject:
Mailsize: tlee
From:
Tristan Lee <tlee@server.vasceria.com>
Date:
Tue, 19 Feb 2008 17:53:49 -0500
To:
undisclosed-recipients:;

2851

[Rockdrala]

This is spam.


Basically some spammer maybe sending email using your domain name even though its not really coming for there. there faked headers spammers use.
So your the one stuck with the reply because you got a catch all email box that just grabs all email like a *@mydomain.com


The Bounce Email option is not available in ISPconfig so just disable the Catch ALL email options for each email and you wont get this.
Also make sure you spam filter is on.

One day i hope to see the bounce email feature it really rocks.

[tristanlee85]

The thing is it isn't a specific mailbox. It's all of them. The mailbox that I use on my forums gets the most, but I also send a lot of mail out of that account. An account I made 1 week ago is also getting them.

Would this be a relay? I did relay testing and the tests say remote users can't relay from my server.

[tristanlee85]

I don't know if this helps or not, but:

Code:

Feb 24 03:06:22 server postfix/qmgr[26388]: AA1FD10F9F9: removed
Feb 24 03:06:23 server postfix/smtpd[29769]: disconnect from ip-122-160.sn2.eutelia.it[83.211.122.160]
Feb 24 03:06:36 server postfix/smtpd[29769]: connect from auh-b13639.alshamil.net.ae[83.110.21.83]
Feb 24 03:06:38 server postfix/smtpd[29769]: 4683B10F9F9: client=auh-b13639.alshamil.net.ae[83.110.21.83]
Feb 24 03:06:39 server dovecot: pop3-login: Login: user=<orders>, method=PLAIN, rip=::ffff:192.168.1.1, lip=::ffff:192.168.1.130
Feb 24 03:06:39 server dovecot: pop3-login: Login: user=<phpbb>, method=PLAIN, rip=::ffff:192.168.1.1, lip=::ffff:192.168.1.130
Feb 24 03:06:39 server dovecot: POP3(phpbb): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb 24 03:06:39 server dovecot: POP3(orders): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb 24 03:06:39 server postfix/cleanup[29773]: 4683B10F9F9: message-id=<001401c876bc$31a204d0$c6d74343@tujq>
Feb 24 03:06:39 server postfix/qmgr[26388]: 4683B10F9F9: from=<romeu@jw.bm>, size=969, nrcpt=1 (queue active)
Feb 24 03:06:39 server postfix/local[29777]: 4683B10F9F9: to=<tristan@plastikracing.net>, relay=local, delay=2.2, delays=2.2/0/0/0, dsn=2.0.0, status=sent (d
elivered to maildir)
Feb 24 03:06:39 server postfix/qmgr[26388]: 4683B10F9F9: removed
Feb 24 03:06:40 server postfix/smtpd[29769]: disconnect from auh-b13639.alshamil.net.ae[83.110.21.83]
Feb 24 03:07:09 server dovecot: pop3-login: Login: user=<tlee_kwh>, method=PLAIN, rip=::ffff:192.168.1.1, lip=::ffff:192.168.1.130
Feb 24 03:07:09 server dovecot: pop3-login: Login: user=<admin>, method=PLAIN, rip=::ffff:192.168.1.1, lip=::ffff:192.168.1.130
Feb 24 03:07:09 server dovecot: pop3-login: Login: user=<tlee>, method=PLAIN, rip=::ffff:192.168.1.1, lip=::ffff:192.168.1.130
Feb 24 03:07:10 server dovecot: POP3(tlee_kwh): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb 24 03:07:10 server dovecot: POP3(admin): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb 24 03:07:10 server dovecot: POP3(tlee): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Feb 24 03:07:26 server postfix/smtpd[29769]: connect from unknown[211.37.21.241]
Feb 24 03:07:28 server postfix/smtpd[29769]: 5D3B710F9F9: client=unknown[211.37.21.241]
Feb 24 03:07:29 server postfix/cleanup[29773]: 5D3B710F9F9: message-id=<758890690.49084435843157@bodymindacupressure.com>
Feb 24 03:07:29 server postfix/qmgr[26388]: 5D3B710F9F9: from=<zojbodymindacupressurebyk@bodymindacupressure.com>, size=4220, nrcpt=1 (queue active)
Feb 24 03:07:29 server postfix/local[29777]: 5D3B710F9F9: to=<tristan@plastikracing.net>, relay=local, delay=1, delays=1/0/0/0, dsn=2.0.0, status=sent (deliv
ered to maildir)

[Rockdrala]

Quote:

Originally Posted by tristanlee85

I don't know if this helps or not, but:

disconnect from ip-122-160.sn2.eutelia.it[83.211.122.160]----

Spammer email qued using fake TLD
Feb 24 03:06:39 server postfix/qmgr[26388]: 4683B10F9F9: from=<romeu@jw.bm>, size=969, nrcpt=1 (queue active)

Feb 24 03:06:39 server postfix/local[29777]: 4683B10F9F9: to=<tristan@plastikracing.net>, relay=local, delay=2.2, delays=2.2/0/0/0

Your people checking there email.
Login: user=<tlee_kwh>, 192.168.1.130
Login: user=<admin>, 192.168.1.130

Spammer email incoming
Feb 24 03:07:26 server postfix/smtpd[29769]: connect from unknown[211.37.21.241]
Feb 24 03:07:28 server postfix/smtpd[29769]: 5D3B710F9F9: client=unknown[211.37.21.241]


Feb 24 03:07:29 server postfix/cleanup[29773]: 5D3B710F9F9: message-id=<758890690.49084435843157@bodymindacupressure.c om>

Feb 24 03:07:29 server postfix/qmgr[26388]: 5D3B710F9F9: from=<zojbodymindacupressurebyk@bodymindacupressur e.com>, size=4220, nrcpt=1 (queue active)

Spammer emailed Delivered.
Feb 24 03:07:29 server postfix/local[29777]: 5D3B710F9F9: to=<tristan@plastikracing.net>, relay=local, delay=1, delays=1/0/0/0, dsn=2.0.0, status=sent (deliv
ered to maildir)
[/code]

Enable your spam protection? Your spam detection should have blocked it for the simple fact (.bm) is not a valid TLD.

[tristanlee85]

I went through and enabled spam protection on the accounts so we'll see if that helps. How is someone else able to use my server to send spam? I have SASL turned off because I had an issue in the past with a generic user/pass combo and a spammer was sending out thousands of emails by logging in and sending mail out.