Solved

unidentified bounced emails hundreds of them from no where in imail 7.07 que

Posted on 2004-09-28
8
300 Views
Last Modified: 2012-08-14
we are running imail 7.07 and since 4-5  the smtp service crashes oftern, there are hundreds of bounced emails from different emails and ip in the que. i have disabled list server and we use norton av corp.  the messages are not the same, and more likely not from single source.. we dont relay emails until authorised ,so how come so many emails come in que ?
0
Comment
Question by:dotsandcoms
8 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
Comment Utility
Which que is it? Incoming mails from your domain? Or mails bounced from other domains?

Could you pls post some sample message headers? You should strip sensitive data.
0
 

Author Comment

by:dotsandcoms
Comment Utility
Here is one of the typical messages, If that helps.

****************************************


Date:     Fri, 24 Sep 2004 21:25:24 -0700
Message-Id: <10409242125.AA04216@myserver.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From:     "Postmaster" <postmaster@myserver.net>
Sender:   <postmaster@myserver.net>
To:       <xkwdlq@yahoo.com>
Subject:  Undeliverable Mail
X-Mailer: <SMTP32 v20020515>

User mailbox exceeds allowed size: useracccount@userdomain.com


Original message follows.

Received: from 63.172.52.127 [219.241.111.115] by myserver.net
  (SMTPD32-7.07) id A32639E0140; Fri, 24 Sep 2004 21:25:10 -0700
X-Message-Info: 5D13LDijd4zdJNkPO83EBZ77jPtbXNO2
Received: from j-81-90-05-73.YFDCL60.xkwdlq@yahoo.com ([235.197.72.110]) by ua7030-slc777.xkwdlq@yahoo.com with Microsoft SMTPSVC(5.0.1950.3443);
       Mon, 27 Sep 2004 03:30:54 -0100
Message-ID: <6888388246.07209@xkwdlq@yahoo.com>
X-Originating-IP: [233.72.51.46]
X-Originating-Email: [xkwdlq@yahoo.com]
X-Sender: xkwdlq@yahoo.com
Reply-To: "Wilmer Henley" <xkwdlq@yahoo.com>
From: "Wilmer Henley" <xkwdlq@yahoo.com>
To: "Bt" <bt@useraccounts.com>
Subject: Do NOT be FOOLED by "COUNTERFEIT" pills on OTHER SITES !! piroshki 5 shadows
Date: Mon, 27 Sep 2004 03:25:54 -0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="--=====7934393056152=_"

----=====7934393056152=_
Content-Type: text/plain;
      charset="iso-0882-4"
Content-Transfer-Encoding: quoted-printable

Bt,(

valiumXanaxCialis and_more
Get Hydrocodone, or Soma.!
2 of the best pain killers out!
please LQQk(

http://uwkylxsquvro.blackguard7109tads.com/15


nope, not for me:  http://mwklww.applymed.biz/b.html


--
bradbury tokyo rainfall curvilinear scary amorous trim embargo papery cice=
ro bradford annuity archbishop fibration buxom descartes guenther abut wor=
kman buckshot aida poncho quahog marketwise roberta abovementioned=20.

----=====7934393056152=_--
0
 

Author Comment

by:dotsandcoms
Comment Utility
OKAY ....  This one is better....  
**************

Received: from 28.Red-81-39-121.pooles.rima-tde.net [81.39.121.28] by MYSERVER.net
  (SMTPD32-7.07) id A85060F005A; Fri, 01 Oct 2004 23:18:56 -0700
X-Message-Info: OHRJ+pk58+q+WDB+596/31323847273
Received: (qmail 55580 invoked by uid 0); Sat, 02 Oct 2004 10:21:07 +0300
Date: Sat, 02 Oct 2004 04:29:07 -0300
Received: from tumble.xoklyfl@list.ru ([126.0.104.30]) by gnh59-rx90.xoklyfl@list.ru with Microsoft SMTPSVC(5.0.6920.5987);
       Sat, 02 Oct 2004 06:27:07 -0100
Received: from maltreat.xoklyfl@list.ru ([50.137.212.48]) by orthodontic.xoklyfl@list.ru with MailEnable ESMTP; Sat, 02 Oct 2004 04:20:07 -0300
Message-Id: <086722555568.97607@xoklyfl@list.ru>
From: New Photo-blocker <xoklyfl@list.ru>
To: Hmtrade <hmtrade@CUSTOMERDOMAIN.com>
Subject: no more tickets!
MIME-Version: 1.0 (produced by antennaebeater 4.2)
Content-Type: multipart/alternative;
      boundary="--951027210403313"

----951027210403313
Content-Type: text/html;
      charset="iso-1548-6"
Content-Transfer-Encoding: quoted-printable
Content-Description: compagnie buttercup danish

<center>
 <a href=3D"http://123wneiis.info/index.php?id=3D173&affid=3D6539"><img sr=
c=3D"http://123wneiis.info/ads/bnr_300x200.gif" border=3D"0">
 </a>
 
  <p><strong><font color=3D"#FF0000">Don't Let Them Take Your CASH in a FL=
ASH!!!</font><br>
  <font color=3D"#9933CC">make your licence plate invisible</font><br><fon=
t color=3D"#FF00FF"></font><strong><br>
  <a href=3D"http://123wneiis.info/index.php?id=3D173&affid=3D6539">
  Cl<!--%RANDOM_WORD-->ick Here For Information</a></strong><br></p>


 
  </font> <br><br><br>
  <p></p></p>
 <p><font color=3D"#000000" size=3D"2" face=3D"arial, helvetica, sans-seri=
f">cli<!--%RANDOM_WORD-->ck
 <a href=3D"http://123wneiis.info/gone.php">here</a> if you would not like=
 to receive future mai<!--%RANDOM_WORD-->lings.</font></p>
 </center>
 
 
   </body>
 </strong>
 </html>

----951027210403313--
0
 
LVL 1

Accepted Solution

by:
naha earned 250 total points
Comment Utility
This is SPAM.

It is probably using a faked "From" address that points to you.

How can you be sure you weren't "responsible" for the spam?: Every email sent over the internet contains information called header data. Some of that header data can be forged, some of it cannot. Spammers typically forge a large percentage of their header data. If you can,  I encourage you to examine the full headers. Most email clients (Software) have a 'show full headers' feature/capability. Examine the IP addresses in the header, you will likely find that much of the data is forged, and you will also find that the header data does not point back to your mail server(s).

If you are unsure how to read/interpret the header data try looking at http://www.stopspam.org/email/headers.html

Doing this will enable you to check that you are not being used as a "relay".
Either way I would report it to your ISP - If you are being used as a "relay" they may be able to advise you on what to do & if (as is more likely) the From address is being faked at least you can reassure them that it's not you sending the spam.

It can be almost impossible to stop this sort of activity, but it's worth a go.

 
0
 
LVL 31

Assisted Solution

by:rid
rid earned 250 total points
Comment Utility
The first one seems like a non-delivery report, coming from your server. I advise you to check settings for non-delivery reports and disable them entirely. If you are trying to send NDRs for incoming SPAM, you'll have the machine occupied 200%, and none of these reports ever reaches the sender anyway. The only proper action for an incoming undeliverable is to deny it, otherwise you'll fill up your queue with undeliverable non-delivery reports...
/RID
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now