This morning I had about 20 Spam messages that were really strange - these were all sent to [EMAIL PROTECTED] - where somedomain is a hosted domain on our mail servers. When the mail server rejects the sales@ as an invalid address it seems that it parses off the domain and delivers it to [EMAIL PROTECTED] which is an alias that resolves to my mail address. Why doesn't Imail bounce the message for invalid user - (PS - I advise you to block Neovisiongroup.com) See the other Incident.
----------------Imail Log showing behavior--------------------------------------- 06:11 03:56 SMTPD(4CFF031E) [207.174.143.226] connect 66.150.197.50 port 49522 06:11 03:56 SMTPD(4CFF031E) [66.150.197.50] HELO localhost 06:11 03:56 SMTPD(4CFF031E) [66.150.197.50] MAIL FROM: [EMAIL PROTECTED] 06:11 03:56 SMTPD(3AC303F2) [207.174.143.226] connect 200.24.5.133 port 58357 06:11 03:56 SMTPD(4CFF031E) [66.150.197.50] RCPT TO: [EMAIL PROTECTED] 06:11 03:56 SMTPD(4CFF031E) [66.150.197.50] ERR mail.warp8.com invalid user TO: [EMAIL PROTECTED] 06:11 03:56 SMTPD(4CFF031E) [66.150.197.50] F:\IMAIL\spool\Dfcd431e.SMD 1867 06:11 03:56 SMTP-(0000035B) processing F:\IMAIL\spool\Qfcd431e.SMD 06:11 03:56 SMTP-(0000035B) ldeliver mail.warp8.com chasjs-main (1) <[EMAIL PROTECTED]> 2148 06:11 03:56 SMTP-(0000035B) finished F:\IMAIL\spool\Qfcd431e.SMD status=1 ------------------------------End------------------------------------------- ---------------------- Second weird occurance - This one went to sales@ and all of a sudden the log says it is going to a domain [EMAIL PROTECTED] - we do not host lesliemarshall.com and their dns does not point to us. When I checked the declude log - this message failed our weight 10 test which calls for the mail to be held - but it was not held. Anyone have a clue what is happening. --------------------Imail Log------------------------------------------------------- 06:11 06:19 SMTPD(58E503D2) [66.227.71.163] MAIL FROM: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58E503D2) [66.227.71.163] RCPT TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58E503D2) [66.227.71.163] ERR leslielowry.com invalid user TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58E503D2) [66.227.71.163] RCPT TO: sales 06:11 06:20 SMTPD(58E503D2) [66.227.71.163] ERR leslielowry.com invalid user TO: sales 06:11 06:20 SMTPD(58ED03D2) [204.188.100.67] connect 66.227.71.163 port 48248 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] HELO localhost 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] MAIL FROM: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] RCPT TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] ERR leslielowry.com invalid user TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] RCPT TO: sales 06:11 06:20 SMTPD(58ED03D2) [66.227.71.163] ERR leslielowry.com invalid user TO: sales 06:11 06:20 SMTPD(58EE03D2) [207.174.143.226] connect 66.227.71.163 port 48266 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] HELO localhost 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] MAIL FROM: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] RCPT TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] ERR mail.warp8.com invalid user TO: [EMAIL PROTECTED] 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] RCPT TO: sales 06:11 06:20 SMTPD(58EE03D2) [66.227.71.163] F:\IMAIL\spool\D1e753d2.SMD 1998 --------------------------Declude Log--------------------------------------------------- 06/11/2003 06:20:17 Q1e753d2 Msg failed MX; testing A (HELOBOGUS localhost) [1 1 0 ] 06/11/2003 06:20:17 Q1e753d2 SPAMCOP:7 IPWHOIS:3 REVDNS:3 . Total weight = 13 06/11/2003 06:20:17 Q1e753d2 Using [outgoing] CFG file F:\IMAIL\Declude\$default$.junkmail. 06/11/2003 06:20:17 Q1e753d2 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?66.227.71.163). 06/11/2003 06:20:17 Q1e753d2 Msg failed IPWHOIS (Inaccurate or missing WHOIS data). 06/11/2003 06:20:17 Q1e753d2 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 66.227.71.163 with no reverse DNS entry.). 06/11/2003 06:20:17 Q1e753d2 Msg failed WEIGHT10 (Weight of 13 reaches or exceeds the limit of 10.). 06/11/2003 06:20:17 Q1e753d2 Subject: Flash logo animation and design 06/11/2003 06:20:17 Q1e753d2 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Any insight is appreciated. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
