[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Trash mails to nonexistent users?
- Subject: RE: [cobalt-users] Trash mails to nonexistent users?
- From: "Dan Kriwitsky" <list3@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu Feb 12 12:29:02 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> To better describe what's going on. Yes, this is a Raq4.
> Here's a typical email that gets sent to the postmaster for
> the server from the MAILER-DAEMON on our server:
> --------------------------------------------------------------
> ----------
> -
> The original message was received at Thu, 12 Feb 2004
> 07:43:43 -0800 from localhost with id i1CFhh011243
>
> ----- The following addresses had permanent fatal errors
> ----- <llbackfalsel@xxxxxxxxxx>
> (reason: 550 <>: No thank you rejected: Account
> unavailable. Possible forgery)
>
> ----- Transcript of session follows -----
> ... while talking to hsuchi-net-bk.mr.outblaze.com.:
> >>> RCPT To:<llbackfalsel@xxxxxxxxxx>
> <<< 550 <>: No thank you rejected: Account unavailable.
> Possible forgery 550 5.1.1 <llbackfalsel@xxxxxxxxxx>... User unknown
> --------------------------------------------------------------
> ----------
> --
>
> Note that our server does not serve mail for hsuchi.net or
> outblaze.com. Opening up the transcript (an attachment to
> this email) shows:
> --------------------------------------------------------------
> ----------
> --
> The original message was received at Thu, 12 Feb 2004
> 07:43:29 -0800 from [218.155.196.13]
>
> ----- The following addresses had permanent fatal errors
> ----- <qnlhnwm@xxxxxxxx>
>
> ----- Transcript of session follows -----
> 553 5.3.0 <qnlhnwm@xxxxxxxx>... No such user here
> --------------------------------------------------------------
> ----------
> ----
>
> Note that jbgn.com is a domain that we host, but that there
> is no user qnlhnwm. There is also an attachment to this
> message that is an obvious spam message ("Get Sexy Girls Now!
> " hoo hoo!).
>
> Perhaps I'm deciphering this incorrectly. The story I'm
> getting is that the original spam was sent to
> qnlhnwm@xxxxxxxx, and our server is trying to respond "no
> such user" to the sender. Unfortunately, the sender doesn't
> exist, so the postmaster gets notified.
>
> I get about 200 of these on an average day, and would like to
> just throw out any mails addressed to a user that does not
> exist on our server.
>
It appears to me that someone sent spam to llbackfalsel@xxxxxxxxxx with
the fake reply of qnlhnwm@xxxxxxxxx Now, you say you host that domain,
but the DNS says the MX record is www.jbglobalnetwork.com which responds
Recipient OK for that email address.
--- verify e-mail "qnlhnwm@xxxxxxxx"
--- contacting host www.jbglobalnetwork.com [216.55.140.241] on port 25
220 216-55-140-241.colo.abac.net ESMTP Sendmail 8.10.2-SOL3/8.10.2; Thu,
12 Feb 2004 12:25:02 -0800
> RCPT TO: <qnlhnwm@xxxxxxxx>
250 2.1.5 <qnlhnwm@xxxxxxxx>... Recipient ok
Is your MX on another server, e.g. not the RaQ4 and then is attempting
to forward the email to the hosting server for qnlhnwm@xxxxxxxx? Where
is mail for jbgn.com actually delivered? Are you forwarding it
somewhere? If it's on the same RaQ and there is No such user as
qnlhnwm@xxxxxxxx then I shouldn't be getting an OK for it.
--
C2003 Dan Kriwitsky
Please reply to the list only. Off list replies are not read.