SPAM problem

I'm receiving thousands of emails like that in my email acount, I don't know what are them.

¿How can I solve this?

I'm the server admin.

Thanks in advance
> The attached message had PERMANENT fatal delivery errors!
> After one or more unsuccessful delivery attempts the attached message has
> been removed from the mail queue on this server.  The number and frequency
> of delivery attempts are determined by local configuration parameters.
> Failed address:
> --- Session Transcript ---
> Thu 2008-02-07 20:32:55: Parsing message
> <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\pd90000006273.msg>
> Thu 2008-02-07 20:32:55: *  From:
> Thu 2008-02-07 20:32:55: *  To:
> Thu 2008-02-07 20:32:55: *  Subject: ¶à©Ì<\ à©Card/Ô	Ý\
> <È(D7.5~12%)55305
> Thu 2008-02-07 20:32:55: *  Message-ID:
> Thu 2008-02-07 20:32:55: Attempting SMTP connection to []
> Thu 2008-02-07 20:32:55: Resolving MX records for [] (DNS Server:
> Thu 2008-02-07 20:32:55: *  P=010 S=000 TTL=(7)
> MX=[] {}
> Thu 2008-02-07 20:32:55: Attempting SMTP connection to []
> Thu 2008-02-07 20:32:55: Waiting for socket connection...
> Thu 2008-02-07 20:32:55: *  Connection established ( ->
> Thu 2008-02-07 20:32:55: Waiting for protocol to start...
> Thu 2008-02-07 20:32:56: <-- 541 5.6.0 Your message was rejected.
> Thu 2008-02-07 20:32:56: --> QUIT
> --- End Transcript ---

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Most likely, your emails are seen as spoof

In line 14, you have the following "From:"

You are probably sending an email with a from: address that does not match your real registered domain name. So this mismatch is seen as Spoof and some anti-spam systems reject your emails.

Is this the case for you?
robertosantanaAuthor Commented:
That's not my case, the following "From:" is just an example, to hide the real email address on this post.

And I'm not sending these emails, btw most of them has their subject in Japanese.
OK then, you need to also make sure that the domain address you are sending from (for ex. also matches your SMTP address (ex. and that MX records in DNS are pointing to this SMTP address ( and Reverse DNS resolves the IP of the MX to the actual domain (

You may check the MX, and reverse by doing the following from command prompt:

>nslookup -q=ns

This should give you address of MX, such as


This should give you the IP of your MX such as a.b.c.d

>nslookup a.b.c.d

This should give you back something like or
Any other domain this gives you back means your Reverse DNS is not set correctly
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

robertosantanaAuthor Commented:
That's correct, and is set correct but this email server has more than 100 domains and I can't solve the reverse DNS to all of them, all I can do is set 1 reverse DNS to the main domain on the server. What about SPF?
I assume the addresses you are sending out as your email addresses do not match the main domain.

I am not that familiar with SPF, but thanks, I checked the site you referred me to (but had to change es. to en.).

It seems, according to the site, that some antispam systems are aware of SPF; but this also means other antispam systems are not aware. So, perhaps the domains that are giving you this error are related to those systems that are not SPF-aware.

This is my opinion on this matter.
robertosantanaAuthor Commented:
Sorry about the link, this is the english version 

I share your opinion but I can't understand why I'm receiving thousand of errors of emails that I haven't sent...
Ohhh.... that changes everything

You are asking "why emails are being sent out without your knowledge?" -  I was understanding your question to be "why emails are getting rejected?"

My 1st guess is that you might have infected machines in your network that are sending spam; you can block internal machines from accessing outgoing ports 25 through your firewall and only allow your mail server to do that.
robertosantanaAuthor Commented:
Sorry about my explanation, but my english is not perfect :)

I've attached some captures, I think that everything is OK on the server, I've tested it and isn't an open relay.

My suggestion was not related to your server acting as a relay server but rather your clients acting as their own SMTP servers.

If one of your clients has a virus or any sort of SPAM generating software, it can send emails directly to the Internet without using your server as an SMTP relay; as such you should have some rule in the firewall to block such clients from accessing port 25 to the outside world to avoid such situations.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
robertosantanaAuthor Commented:
It seems to be logic, I'll try to study some returned emails to know who are infected.

Thanks for your help
robertosantanaAuthor Commented:
¡Thanks for your help!
Few suggestions if I may.
1)1.png remove the exclusion unless sent from trusted IP. You are using as trusted IP which means that your server is allowed to relay since the will translate this into a server address. This effectively negates first rule that instructs "DO NOT RELAY".

I am not that familliar with MDeamon so I would confirm but there is something funny in the way the bove is set, it would appear that the second statement negates the first one.

2)Check if you have "catch all enabled". If you do and someone has spoofed a message to appear as it is coming from you and is using it to launch a massive spam broadcast, chances are that there will be plenty of receiving servers that will be misconfigured to be dumb enough not to recognize the message was spoofed and therefore returning the NDR report.

I had a case few days ago with client reciving 80K + messages an hour from a massive spam attack using his e-mail address in a spoofed message. He effectively shut his mail server (small company) by himslef (brought it to a stand still chewing all bandwidth).

Just a suggestion.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.