[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] spam errors??
- Subject: Re: [cobalt-users] spam errors??
- From: flash22@xxxxxxx
- Date: Fri Mar 30 12:32:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 30 Mar 2001, Mike Ciesiensky, Jr. wrote:
> Ok, I'm getting the message below in /var/log/maillog. I've been getting
> these 'Postmaster notify' messages send to 'root' and can't figure out why.
>
> I think someone is trying to send stuff through my server, but I'm not sure
I think so too...;)
postmaster gets forwarded to root so you will read them ;)
bounces are getting bounced to postmaster because the errors are
unrecoverable...(The message couldn't be returned to the original sender
because a second (return) delivery error happened)
> Mar 30 15:27:27 www sendmail[20915]: f2ULR9c20915: from=<>, size=34651,
note the <> , hint it's a bounce...
look further back in your logs for the origin...
> class=0, nrcpts=1, msgid=<200103302127.f2ULR9c20915@www.[SNIP].com>,
> proto=SMTP, daemon=MTA, relay=ppp-208-188-24-37.dialup.rcsntx.swbell.net
> [208.188.24.37]
(But if it was really a bounce, it wouldn't be going to a dialup ;)
is [SNIP] your server? if so it's a hint the headers were incomplete and
your server tried fixed them...
> Mar 30 15:27:27 www sendmail[20940]: f2ULR9c20915:
to=<ecscrubb@xxxxxxxxxx, michaelc@xxxxxxxxxxxxxx,>
Why you got multiple bounce errors...(what's interesting is nrcpts=1 but
there's 2 recipients, no expansion was performed)
, delay=00:00:18, xdelay=00:00:00, mailer=esmtp,
> pri=64651, relay=mail2.masterlink.com. [209.176.33.71], dsn=5.1.1, stat=User
> unknown
> Mar 30 15:27:27 www sendmail[20940]: f2ULR9c20915: f2ULRRc20940: postmaster
> notify: User unknown
> Mar 30 15:27:27 www sendmail[20940]: f2ULRRc20940: to=admin, delay=00:00:00,
> xdelay=00:00:00, mailer=local, pri=64751, dsn=2.0.0, stat=Sent
That's the delivered postmaster bounce to you / admin
[there's still only 1 message-id for 2 recipients, the second one is for
the postmaster bounce]
------------------------------------------
This bounce is from a different message...
>
> The original message was received at Fri, 30 Mar 2001 15:28:48 -0600
> from ppp-208-188-24-37.dialup.rcsntx.swbell.net [208.188.24.37]
> with id f2ULSmc21022
^^^ The id is what you want to find in the earlier logs, that will give
you the true sender ...(if it exists..)
>
> ----- The following addresses had permanent fatal errors -----
> <Ysobelle@xxxxxxx by imo-r18.mx.aol.com (mail_out_v29.14.)>
This looks somewhat malformed....
> 550 5.1.2 <Ysobelle@xxxxxxx by imo-r18.mx.aol.com (mail_out_v29.14.)>...
> Host unknown (Name server: aol.com.by.imo-r18.mx.aol.com: host not found)
You need to find the original incoming message and see who it was to..
ps: aol's 'imo' named servers are for their outgoing email, having it as a
target address is kinda suspiscous (imo = internet mail outgoing, their
incoming servers are interestingly enough, named mailin....)
--------------
I'm guessing an attempt to use a bounce with a added cc to relay a
second message back out....kinda stupid trick tho, since the sender gets a
copy, and it doesn't seem to work all that well , tho it seems to work a
little, you attempted delivery to one address...
Confused yet? lol
gsh