got this message today.... i am stumped

Discussion in 'Installation/Configuration' started by MisterVlad, Jun 19, 2007.

  1. MisterVlad

    MisterVlad New Member

    Code:
    Subject:
    Considered UNSOLICITED BULK EMAIL, apparently from you
    From:
    "Content-filter at server.example.com" <[email protected]>
    Date:
    Tue, 19 Jun 2007 07:21:59 -0400
    To:
    <[email protected]>
    To:
    <[email protected]>
    
    A message from <[email protected]> to:
    -> my.email@domain..com
    
    was considered unsolicited bulk e-mail (UBE).
    
    Our internal reference code for your message is 28519-09/itz2DK10W1zO
    
    The message carried your return address, so it was either a genuine mail
    from you, or a sender address was faked and your e-mail address abused
    by third party, in which case we apologize for undesired notification.
    
    We do try to minimize backscatter for more prominent cases of UBE and
    for infected mail, but for less obvious cases of UBE some balance
    between losing genuine mail and sending undesired backscatter is sought,
    and there can be some collateral damage on both sides.
    
    First upstream SMTP client IP address: [83.19.181.162]
      cyv162.internetdsl.tpnet.pl
    According to a 'Received:' trace, the message originated at:
    [83.19.181.162],
      exchange.questtgo.com  (port=3895 helo=vjuptammxkc)
    
    Return-Path: <[email protected]>
    Message-ID: <000c01c7b264$00691970$00fae48c@vjuptammxkc>
    Subject: And perhaps I have begun and himself to be found himself; King does
      not say!  He had just Sutt
    
    Delivery of the email was stopped!
    
    What was this? the mail server i have set up, is the tutorial on here, the mysql postfix virtual server for Debian Etch.

    Any help?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. MisterVlad

    MisterVlad New Member

    Code:
    server:/home# postconf -n | grep mynetworks
    mynetworks = 127.0.0.0/8
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    server:/home#
    
    OK... now, just curious, but what did that do?

    And I did a test via that url, and it came back with 15 tests, all failed, meaning I don't have an open relay.

    The reason I posted that, was because my client got that email sent to him, and asked me what it was, and I told him that I don't know... but I will find out ;)
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Till wanted to see your mynetworks setting. 127.0.0.0/8 is ok (it means that only localhost can send without authentication). Lots of people have additional values there which means that also other hosts can send without authentication, making it easy to abuse the server. But this is not the case here.

    But it's possible that spammers are abusing web forms (contact forms) hosted on your server. Maybe that's the reason you got that mail.
     
  5. MisterVlad

    MisterVlad New Member

    Ok, so what this tried to be sent out from my mail server? was this a message from my mail server to me telling me what was going on? or was this a remote message from someone else? Just trying to get an understanding of this.

    Thanks!
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Hard to tell...

    It's possible that the spammers faked the sender address (using your customer's email address), but did not send the mail through your server.
     

Share This Page