Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th June 2010, 21:20
alextuturiga alextuturiga is offline
Junior Member
 
Join Date: Sep 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Considered UNSOLICITED BULK EMAIL, apparently from you

Hi,

I have made my linux mail server from http://www.howtoforge.com/virtual_us...ix_debian_etch.

Now I have a problem.
Every day all the users receive an email like this:

Quote:
A message from <alex@mydomain.ro> to:
-> alex@mydomain.ro

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 11555-15/1IMO9LkTybnG

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [113.166.50.243]
According to a 'Received:' trace, the message originated at: [113.166.50.243],
[113.166.40.161] unknown [113.166.50.243]

Return-Path: <alex@mydomain.ro>
Message-ID: <20100616144148.91ACB1E19A@mail.mydomain.ro>
Subject: Pfizer's sex chargers. as

Delivery of the email was stopped!


dsn_status

Reporting-MTA: dns; mail.mydomain.ro.mydomain.ro
Received-From-MTA: smtp; mail.mydomain.ro ([127.0.0.1])
Arrival-Date: Wed, 16 Jun 2010 17:41:49 +0300 (EEST)

Original-Recipient: rfc822;alex@mydomain.ro
Final-Recipient: rfc822;alex@mydomain.ro
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=11555-15 - SPAM
Last-Attempt-Date: Wed, 16 Jun 2010 17:41:49 +0300 (EEST)
Final-Log-ID: 11555-15/1IMO9LkTybnG


header

Return-Path: <alex@mydomain.ro>
Received: from [113.166.40.161] (unknown [113.166.50.243])
by mail.mydomain.ro (Postfix) with ESMTP id 91ACB1E19A
for <alex@mydomain.ro>; Wed, 16 Jun 2010 17:41:48 +0300 (EEST)
To: alex@mydomain.ro
From: Force a <alex@mydomain.ro>
Date: Wed, 16 Jun 2010 21:42:28 +0700
Subject: Pfizer's sex chargers. as
Reply-To: <alex@mydomain.ro>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <20100616144148.91ACB1E19A@mail.mydomain.ro>
I have replaced my real domain with mydomain.com

I don't know how to stop it.
I've tried to send email from alex@mydomain.ro to alex@mydomain.ro without AUTH and it worked.
How can I tel to postfix to require AUTH for all users, not only for the users that send email outside the domain?

Thank you very much
Reply With Quote
Sponsored Links
  #2  
Old 17th June 2010, 09:40
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

do you have a static IP address?
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #3  
Old 17th June 2010, 15:45
alextuturiga alextuturiga is offline
Junior Member
 
Join Date: Sep 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes, i have a static IP address
Reply With Quote
  #4  
Old 18th June 2010, 11:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

It seems as if spammers are using one of your addresses as the sender address for their spam. This is possible even if they don't use your server to send their spam, and there's nothing you can do about it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 18th June 2010, 13:12
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

I got these on our servers mostly when they send a mail to abc@abc.com and FROM abc@abc.com .. also idd what falko says is true .. i just let those mails discard.. since then no more backscatter mails

/etc/amavis/20-debian_defaults:

$final_spam_destiny = D_DISCARD; // (default: BOUNCE)
Reply With Quote
  #6  
Old 18th June 2010, 13:12
alextuturiga alextuturiga is offline
Junior Member
 
Join Date: Sep 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

All the users receive this kind of email.
how could a spammer know all the passwords?

Like a sad before if a send an email inside the domain without auth it works.
How can I configure postfix to request auth even in the same domain like it do when relays outside the domain?

Thanks
Reply With Quote
  #7  
Old 18th June 2010, 13:41
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

They don't know your password ..

i can fake it to .. i just send an email to user@domain.com with alextuturga@mydomain.com as FROM address .. simple .. no need to use any authentication then.
Reply With Quote
  #8  
Old 18th June 2010, 14:19
alextuturiga alextuturiga is offline
Junior Member
 
Join Date: Sep 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I thinks I don't understand what do you mean because if I try to send a mail outside mydomain.com I can't and nobody can without authentication.

So sending an email to user@domain.com with alextuturga@mydomain.com as FROM address is not possible.

What I don't understand also is why when I send an email inside the domain I don't need authentication and how can I do to request authentication.
Reply With Quote
  #9  
Old 19th June 2010, 15:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by alextuturiga View Post
What I don't understand also is why when I send an email inside the domain I don't need authentication and how can I do to request authentication.
http://www.howtoforge.com/forums/sho...30&postcount=4


You can use whatever FROM address you like - it's a weakness in the SMTP protocol.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to stop "Considered UNSOLICITED BULK EMAIL, apparently from you" notice soskamoka HOWTO-Related Questions 11 5th August 2010 15:45
Considered UNSOLICITED BULK EMAIL, apparently from you magdalenam HOWTO-Related Questions 1 21st May 2010 08:57
Debian Postfix UNSOLICITED BULK EMAIL, apparently from you unclecameron HOWTO-Related Questions 15 11th May 2009 00:10
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 03:39
Getting 'UNSOLICITED BULK EMAIL' using Squirrelmail spaceuser HOWTO-Related Questions 4 14th June 2008 21:54


All times are GMT +2. The time now is 09:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.