Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th June 2007, 19:16
unclecameron unclecameron is offline
Senior Member
 
Join Date: Apr 2006
Posts: 115
Thanks: 2
Thanked 8 Times in 7 Posts
Default Debian Postfix UNSOLICITED BULK EMAIL, apparently from you

I followed the How-To for Debian Etch/Postfix/Virtual and after a week of successful testing started getting the following error:

Code:
From: Content-filter at mail1.server.com
 [postmaster@mail1.server.com]
Sent: Sunday, June 24, 2007 1:01 PM To: name@server.com 
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you

A message from <name@server.com> to: -> somename@yahoo.com was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 15973-07/ipyPfF8DMCzg The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. 

First upstream SMTP client IP address: [xx.xx.152.161] xxxxx.res.rr.com According to a 'Received:' trace, the message originated at: [xx.xx.152.161], design1 (xxxx.res.rr.com [xx.xx.152.161]) Return-Path: <name@server.com> Message-ID: <6A6ED8E39D444ECCB967390EFA5A9DE2@design1> Subject: RE: Question about shipping for xxxxxxx

 Delivery of the email was stopped!
this is sent from my wife's Outlook account, although I also get similar messages from Logwatch and other local processes where I can guarantee I am the sender. I have run the test at abuse.net for relaying and it passed. What process is blocking this? Is it postfix or something amavisd is calling up?

BTW, I'm a supporter with a subscription, but the forum doesn't list me as one, how do I change that?

Thanks,
Cameron
San Diego
Reply With Quote
Sponsored Links
  #2  
Old 26th June 2007, 09:05
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,172 Times in 4,055 Posts
Default

Quote:
Originally Posted by unclecameron
I followed the How-To for Debian Etch/Postfix/Virtual and after a week of successful testing started getting the following error:

Code:
From: Content-filter at mail1.server.com
 [postmaster@mail1.server.com]
Sent: Sunday, June 24, 2007 1:01 PM To: name@server.com 
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you

A message from <name@server.com> to: -> somename@yahoo.com was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 15973-07/ipyPfF8DMCzg The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. 

First upstream SMTP client IP address: [xx.xx.152.161] xxxxx.res.rr.com According to a 'Received:' trace, the message originated at: [xx.xx.152.161], design1 (xxxx.res.rr.com [xx.xx.152.161]) Return-Path: <name@server.com> Message-ID: <6A6ED8E39D444ECCB967390EFA5A9DE2@design1> Subject: RE: Question about shipping for xxxxxxx

 Delivery of the email was stopped!
this is sent from my wife's Outlook account, although I also get similar messages from Logwatch and other local processes where I can guarantee I am the sender. I have run the test at abuse.net for relaying and it passed. What process is blocking this? Is it postfix or something amavisd is calling up?
Is your server located in a adatacenter or do you host it on a dynamic IP address?


Quote:
BTW, I'm a supporter with a subscription, but the forum doesn't list me as one, how do I change that?
http://www.howtoforge.com/howtoforge_supporter_howto
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 26th June 2007, 18:01
unclecameron unclecameron is offline
Senior Member
 
Join Date: Apr 2006
Posts: 115
Thanks: 2
Thanked 8 Times in 7 Posts
Default

I am at a datacenter as a colo box running a mailserver on dom2 on a Debian Etch xen SMP Xeon. I just added a valid reverse DNS entry, and the IP isn't blacklisted anywhere.

Thanks,
Cameron
San Diego

Last edited by unclecameron; 26th June 2007 at 18:27.
Reply With Quote
  #4  
Old 26th June 2007, 23:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,715 Times in 2,557 Posts
Default

Quote:
Originally Posted by unclecameron
I just added a valid reverse DNS entry
Do you manage your IP address yourself, or is it managed by your ISP? Usually the ISP does that, and then he'd have to create the reverse record.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 27th June 2007, 02:40
unclecameron unclecameron is offline
Senior Member
 
Join Date: Apr 2006
Posts: 115
Thanks: 2
Thanked 8 Times in 7 Posts
Default

My ISP created the reverse DNS record, well, I sent a ticket in to them to have it done.

I just editted /etc/amavis/conf.d/20-debian_defaults and added my domain to the read hash list:

# read_hash("/var/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
....
'.server.com' => -8.0,

and it fixed it, but I doubt I really fixed it, I can't do this for all the virtual hosts , yet I don't want to raise the detection much above the standard 6.31, that's higher than I'm used to having it.

Thanks,
Cameron
San Diego
Reply With Quote
  #6  
Old 9th March 2008, 23:20
tiscarabee tiscarabee is offline
Junior Member
 
Join Date: Jan 2008
Posts: 4
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi !
I have the same problem... No fresh idea to help me ?
I have not change my reverseDNS, seems not to be a good idea at all... ?!
I've haded my domain in /etc/amavis/conf.d/20-debian_defaults too...
I don't receive the logwatch emails, it's not practical.
Recently, on one of my two servers encounter the problem, the mail arrived, but that this day there...
Probably a ghooost
Falko, an idea ?
Thx,
Tisc

Last edited by tiscarabee; 9th March 2008 at 23:28.
Reply With Quote
  #7  
Old 10th March 2008, 12:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,715 Times in 2,557 Posts
Default

Any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 31st March 2008, 11:45
tiscarabee tiscarabee is offline
Junior Member
 
Join Date: Jan 2008
Posts: 4
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Falko,

Sorry for long time, little holidays
The problem is checked, I received again my logwatch mails : I've modified the /etc/amavis/conf.d/20-debian_defaults and added my domain to the read hash list, like uncleCameron, with -18
I've made the modification too, proposed here :
http://www200.pair.com/mecham/spam/c...avisd-new.html

Clamav don't speak anymore in my logwatch to annonce his updates (freshclam), so I've just modified my freshclam.conf and putting true on the following options : LogVerbose true & LogSyslog true. Wait and see my tomorrow logwatch.

have a nice day !
Reply With Quote
The Following User Says Thank You to tiscarabee For This Useful Post:
falko (1st April 2008)
  #9  
Old 10th February 2009, 20:54
wanabewired wanabewired is offline
Junior Member
 
Join Date: Dec 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Is your server located in a a datacenter or do you host it on a dynamic IP address?
Hi,

I'm having this same problem after moving the virtual domains onto another identical etch set up as described in the howto but on another server on a different IP.

Most addresses have moved over okay but a couple of addresses are having UBE problems when they send. Is this a local configuration which is causing the problem?

One user uses microsoft outlook express and the other uses microsoft outlook 2003. Not sure if this has any impact but I thought I'd add it in.

Is there anything reported in the below code which might be a symptom of my mis-configuring anything in the howto?

Any help would be greatly appreciated.

Code:
Return-Path: <>
X-Original-To: problemaddress@problemdomain.co.uk
Delivered-To: problemaddress@problemdomain.co.uk
Received: from localhost (localhost.localdomain [127.0.0.1])
        by serverdomain.co.uk (Postfix) with ESMTP id 13D9E15199
        for <problemaddress@problemdomain.co.uk>; Wed,  4 Feb 2009 14:44:32 +0000 (GMT)
Content-Type: multipart/report; report-type=delivery-status;
 boundary="----------=_1233758672-15655-0"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAI3rdRyPkWFLnHwKoEQrVgDCgAAAEAAAAKN/BOt2OcRAjMwvSqvBd28BAAAAAA==@problemdomain.co.uk>
Message-ID: <SSidKKN469WFto@serveraddress.co.uk>
From: "Content-filter at serverdomain.co.uk" <postmaster@serverdomain.co.uk>
To: <problemaddress@problemdomain.co.uk>
Date: Wed,  4 Feb 2009 14:44:32 +0000 (GMT)

This is a multi-part message in MIME format...

------------=_1233758672-15655-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

A message from <problemaddress@problemdomain.co.uk> to:
-> anyaddress@anydomain.co.uk

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 15655-02/idKKN469WFto

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [xxx.xxx.xxx.xxx] unknown
According to a 'Received:' trace, the message originated at:
  [xxx.xxx.xxx.xxx], ParkwoodPC (unknown [xxx.xxx.xxx.xxx])

Return-Path: <problemaddress@problemdomain.co.uk>
Message-ID:
  <!&!AAAAAAAAAAAYAAAAAAAAAI3rdRyPkWFLnHwKoEQrVgDCgAAAEAAAAKN/BOt2OcRAjMwvSqvBd28BAAAAAA==@problemdomain.co.uk>
Subject: test

Delivery of the email was stopped!

------------=_1233758672-15655-0
Content-Type: message/delivery-status; name="dsn_status"
Content-Disposition: inline; filename="dsn_status"
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report

Reporting-MTA: dns; serverdomain.co.uk
Received-From-MTA: smtp; serverdomain.co.uk ([127.0.0.1])
Arrival-Date: Wed,  4 Feb 2009 14:44:29 +0000 (GMT)

Original-Recipient: rfc822;anyaddress@anydomain.co.uk
Final-Recipient: rfc822;anyaddress@anydomain.co.uk
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 554 5.7.1 Rejected, id=15655-02 - SPAM
Last-Attempt-Date: Wed,  4 Feb 2009 14:44:32 +0000 (GMT)

------------=_1233758672-15655-0
Content-Type: text/rfc822-headers; name="header"
Content-Disposition: inline; filename="header"
Content-Transfer-Encoding: 7bit
Content-Description: Message headers

Return-Path: <problemaddress@problemdomain.co.uk>
Received: from ParkwoodPC (unknown [xxx.xxx.xxx.xxx])
        by serverdomain.co.uk (Postfix) with ESMTP id 48E7B150F0
        for <anyaddress@anydomain.co.uk>; Wed,  4 Feb 2009 14:44:29 +0000 (GMT)
Return-Receipt-To: "Senders Name" <problemaddress@problemdomain.co.uk>
From: "Senders Name" <problemaddress@problemdomain.co.uk>
To: <anyaddress@anydomain.co.uk>
Subject: test
Date: Wed, 4 Feb 2009 14:44:21 -0000
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAI3rdRyPkWFLnHwKoEQrVgDCgAAAEAAAAKN/BOt2OcRAjMwvSqvBd28BAAAAAA==@problemdomain.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0000_01C986D7.1747EC90"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcmG1xB5HDi1RrI/QS+DebUcG1cRwA==
Content-Language: en-gb

------------=_1233758672-15655-0--
Reply With Quote
  #10  
Old 11th February 2009, 19:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,715 Times in 2,557 Posts
 
Default

Please make sure that the MX, PTR, and SPF records for your domains are ok.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Etch Postfix Sasl2 issues switchtower HOWTO-Related Questions 15 27th May 2007 20:05
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 13:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.