Spam bounce from myself

Posted on 2006-06-29
Last Modified: 2008-01-09
Here is the situation.

    I am blocking all emails from my own domain on my relay server, since no
email from my organization will originate from the outside.

    I think this is what is happening.  Spammers are sending emails to my
ISP smtp backup server like this:


    My relay server is rejecting them.  The ISP smtp server is receiving the
smtp rejection and creating a postmaster bounce to me, since my email was in
the from: field.  The bounced message has the original spam email attached.  This means the
spammer was successful in getting me the email.  I.E. one of my users could
open the attachment and allow whatever is in the email to happen. (tojan,
phishing, etc.)

    My question is:  how do I stop this from happening?

    Here is the bounce message.

-----Original Message-----
From: System Administrator []
Sent: June 26, 2006 9:00 PM
To: ME
Subject: Undeliverable: Roolex for you

Your message

  To:      ME
  Subject: Roolex for you
  Sent:    Mon, 26 Jun 2006 20:59:07 -0400

did not reach the following recipient(s):

ME on Mon, 26 Jun 2006 21:00:22 -0400
    The e-mail system was unable to deliver the message, but did not report
a specific reason.  Check the address and try again.  If it still fails,
contact your system administrator.
    < #5.0.0 X-Postfix;
host[] said:
550    5.7.1 Message rejected. (in reply to end of DATA command)>
Question by:dauyeung
LVL 97

Expert Comment

ID: 17010832
Greetings, dauyeung !

Instead of your relay server rejecting the spam emails, have it delete them.  Then there will be nothing to bounce.

Best wishes!

Author Comment

ID: 17011182
I'm not sure if this would work.

Wouldn't the relay server still send an NDR to the sender, which is one of my users?

LVL 34

Expert Comment

ID: 17011253
First, you can't stop spammers from sending E-Mails claiming to be from you.

Second, you can't stop mailservers the world over from accepting E-Mail claiming to be from your Domain but clearly originating from elsewhere.

Third, you can't stop those mailservers - which are accepting E-Mail with detectable bogosity - from generating an NDR back to the faked FROM address and thus annoying your users.

About the only way to shield your users would be to construct a mail filter that examined incoming NDRs for plausability, perhaps by checking the mail server logs for recently transmitted messages to the same Domain.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 17

Accepted Solution

upul007 earned 250 total points
ID: 17012067
I disagree with PsiCop. If you have set up email servers to check and reject emails based on the sending domains spf records, there is hope. Perhaps your back up servers are not set to do this. Some servers do not even accept emails from domains without reverse dns records. You should check further and seek a solution through your isp.

Author Comment

ID: 17012101
Good idea upul007.

Hadn't thought of ISP filtering.  As for SPF, I wonder how many servers actually use it.  I do have an spf record for our domains.

Anyone have other ideas?

LVL 17

Expert Comment

ID: 17015810
SPF is supported by Exchange 2003 SP 2 and Alt-N's MDeamon. Here in Sri Lanka certain ISP's actually use this facility to promote their services.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question