Hi,
I have another problem as i was trying to figure out what caused 550 denied by policy issue. I have ASSP up and running as always. Today, i happen to scan through the maillog.txt under assp folder and noticed that some people have been trying to use our domain to send email to one of our co-workers as follows
Sep-3-07 blah blah 208.78.69.74 <rocjhso@mydomain.com.au> to: michael.bella@mydomain.com.au ... (treated as spam though)
Not just one, a couple more went in yesteday and the day before from the following address, 208.78.69.71 and 204.13.249.71.
Fear that our domain has been used as a spam relay for sending spams. Is there any way of stopping this?
Thank you in advance
used as a spam relay
-
harddiskman
- New user
- Posts: 7
- Joined: 2007-04-07 19:09
SMTP relay and Spam
Martin,
Can you explain this issue a little bit more please.
I'm receiving thousands of mails daily which seems that undelivered messages responses, mail-delivery system erors, post-master erors etc. Some one uses our hmail server to send spams to the world I think.
I checked mail relay test, it is ok..
Thanks in advance..
Can you explain this issue a little bit more please.
I'm receiving thousands of mails daily which seems that undelivered messages responses, mail-delivery system erors, post-master erors etc. Some one uses our hmail server to send spams to the world I think.
I checked mail relay test, it is ok..
Thanks in advance..
-
harddiskman
- New user
- Posts: 7
- Joined: 2007-04-07 19:09
Yes I'm using SPDF record in DNS server.
Some NDR's ; (these mails didn't send from our server)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1-) - These recipients of your message have been processed by the mail server:
theo.vonbernstorff@virgilio.it; Failed; 5.2.2 (mailbox full)
Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<theo.vonbernstorff@virgilio.it> Mailbox disk quota exceeded
------------------------------------------------------------------------------------
2-) This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
uluk@pro-serv.co.il
uluz@pro-serv.co.il
-------------------------------------------------------------------------------------
3-) We're sorry. There's a problem with the e-mail address(es) you're trying to send to. Please verify the address(es) and try again. If you continue to have problems, please contact Customer Support at (480) 624-2500.
<arrut@cloudcity.com>:
child status 100...The e-mail message could not be delivered because there are no users here by that name.
--- Below this line is a copy of the message.
Return-Path: <oafullsu@radius.com.tr>
Received: (qmail 25640 invoked from network); 9 Sep 2007 14:47:45 -0000
Received: from unknown (HELO pre-smtp35-02.prod.mesa1.secureserver.net) ([64.202.166.93])
(envelope-sender <oafullsu@radius.com.tr>)
by dbp-smtp02-01.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
for <arrut@cloudcity.com>; 9 Sep 2007 14:47:45 -0000
Received: (qmail 17913 invoked from network); 9 Sep 2007 14:47:45 -0000
Received: from admf58.neoplus.adsl.tpnet.pl (HELO radius.com.tr) ([79.185.35.58])
(envelope-sender <oafullsu@radius.com.tr>)
by pre-smtp35-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <arrus@cloudcity.com>; 9 Sep 2007 14:47:44 -0000
Message-ID: <OHKSNSI.4147615481@radius.com.tr>
Reply-To: "FAddie ZBritton" <oafullsu@radius.com.tr>
From: "FAddie ZBritton" <oafullsu@radius.com.tr>
Subject: ma man
To: <arrus@cloudcity.com>, <arrut@cloudcity.com>, <arruth@cloudcity.com>, <arruthers@cloudcity.com>
Date: Sun, 09 Sep 2007 16:47:05 +0100
MIME-Version: 1.0
Content-Type: text/plain
buddy Bernardo
Next youtube, enter before its bought,
symbol-chvc
Get in now, else regret later
Mathew
-------------------------------------------------------------------------------------
4-) The following message to <art_324@twcny.rr.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'5.1.1 unknown or illegal alias: art_324@twcny.rr.com'
-----------------------------------------------------------------------------------
5-) The original message was received at Sun, 9 Sep 2007 14:41:52 +0100 from 59-117-188-96.dynamic.hinet.net [59.117.188.96]
----- The following addresses had permanent fatal errors ----- <icolae@severnvale.co.uk>
(reason: 550 5.1.1 <icolae@severnvale.co.uk>... User unknown)
----- Transcript of session follows ----- ... while talking to isolde.merula.net.:
>>> DATA
<<< 550 5.1.1 <icolae@severnvale.co.uk>... User unknown 550 5.1.1 <icolae@severnvale.co.uk>... User unknown <<< 503 5.0.0 Need RCPT (recipient)
---------------------------------------------------------------------------------
6) The original message was received at Sun, 09 Sep 2007 12:02:06 -0400 EST from radius.com.tr [200.155.55.161]
----- The following addresses had permanent fatal errors ----- <antonio_terrazasmx@yahoo.com.mx>
----- Transcript of session follows -----
>>> DATA
<<< 554 delivery error: dd Sorry your message to antonio_terrazasmx@yahoo.com.mx cannot be delivered. This account has been disabled or discontinued [#102]. - mta479.mail.mud.yahoo.com
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
There are lost of NDR's like this..
Some NDR's ; (these mails didn't send from our server)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1-) - These recipients of your message have been processed by the mail server:
theo.vonbernstorff@virgilio.it; Failed; 5.2.2 (mailbox full)
Remote MTA ims1b.cp.tin.it: SMTP diagnostic: 552 RCPT TO:<theo.vonbernstorff@virgilio.it> Mailbox disk quota exceeded
------------------------------------------------------------------------------------
2-) This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
uluk@pro-serv.co.il
uluz@pro-serv.co.il
-------------------------------------------------------------------------------------
3-) We're sorry. There's a problem with the e-mail address(es) you're trying to send to. Please verify the address(es) and try again. If you continue to have problems, please contact Customer Support at (480) 624-2500.
<arrut@cloudcity.com>:
child status 100...The e-mail message could not be delivered because there are no users here by that name.
--- Below this line is a copy of the message.
Return-Path: <oafullsu@radius.com.tr>
Received: (qmail 25640 invoked from network); 9 Sep 2007 14:47:45 -0000
Received: from unknown (HELO pre-smtp35-02.prod.mesa1.secureserver.net) ([64.202.166.93])
(envelope-sender <oafullsu@radius.com.tr>)
by dbp-smtp02-01.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
for <arrut@cloudcity.com>; 9 Sep 2007 14:47:45 -0000
Received: (qmail 17913 invoked from network); 9 Sep 2007 14:47:45 -0000
Received: from admf58.neoplus.adsl.tpnet.pl (HELO radius.com.tr) ([79.185.35.58])
(envelope-sender <oafullsu@radius.com.tr>)
by pre-smtp35-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <arrus@cloudcity.com>; 9 Sep 2007 14:47:44 -0000
Message-ID: <OHKSNSI.4147615481@radius.com.tr>
Reply-To: "FAddie ZBritton" <oafullsu@radius.com.tr>
From: "FAddie ZBritton" <oafullsu@radius.com.tr>
Subject: ma man
To: <arrus@cloudcity.com>, <arrut@cloudcity.com>, <arruth@cloudcity.com>, <arruthers@cloudcity.com>
Date: Sun, 09 Sep 2007 16:47:05 +0100
MIME-Version: 1.0
Content-Type: text/plain
buddy Bernardo
Next youtube, enter before its bought,
symbol-chvc
Get in now, else regret later
Mathew
-------------------------------------------------------------------------------------
4-) The following message to <art_324@twcny.rr.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'5.1.1 unknown or illegal alias: art_324@twcny.rr.com'
-----------------------------------------------------------------------------------
5-) The original message was received at Sun, 9 Sep 2007 14:41:52 +0100 from 59-117-188-96.dynamic.hinet.net [59.117.188.96]
----- The following addresses had permanent fatal errors ----- <icolae@severnvale.co.uk>
(reason: 550 5.1.1 <icolae@severnvale.co.uk>... User unknown)
----- Transcript of session follows ----- ... while talking to isolde.merula.net.:
>>> DATA
<<< 550 5.1.1 <icolae@severnvale.co.uk>... User unknown 550 5.1.1 <icolae@severnvale.co.uk>... User unknown <<< 503 5.0.0 Need RCPT (recipient)
---------------------------------------------------------------------------------
6) The original message was received at Sun, 09 Sep 2007 12:02:06 -0400 EST from radius.com.tr [200.155.55.161]
----- The following addresses had permanent fatal errors ----- <antonio_terrazasmx@yahoo.com.mx>
----- Transcript of session follows -----
>>> DATA
<<< 554 delivery error: dd Sorry your message to antonio_terrazasmx@yahoo.com.mx cannot be delivered. This account has been disabled or discontinued [#102]. - mta479.mail.mud.yahoo.com
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
There are lost of NDR's like this..
None of those NDRs seems to be generated by hMailServer.
The SMTP protocol doesn't have built in verification of sender addresses. This means that I can send an email which appears to come from your address. If this email then bounces, the NDR may be sent to you since the email appears to come from you. If the recipients SMTP server uses SPF, it may not send a NDR to you since it can determine that the sender address was forged. But most SMTP servers does not use SPF.
The SMTP protocol doesn't have built in verification of sender addresses. This means that I can send an email which appears to come from your address. If this email then bounces, the NDR may be sent to you since the email appears to come from you. If the recipients SMTP server uses SPF, it may not send a NDR to you since it can determine that the sender address was forged. But most SMTP servers does not use SPF.
-
harddiskman
- New user
- Posts: 7
- Joined: 2007-04-07 19:09