Thanks for the detailed reply. I was able to determine who owns that server -- a local credit union. Supposing I get a hold of their IT department, what do I tell them about the misconfigured Exchange server? What is misconfigured about it? How do they set it right?
I'm still confused how the server could send mail by bouncing it back. The list is set up with a list of allowed "posters," but I don't see how the Exchange server could read a poster address. How do I prevent this in the future? The list is supposed to be secure in terms of who is allowed to post to it. Thanks again, Ben ----- Original Message ----- From: "Thomas J. Mann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 02, 2003 8:03 PM Subject: Re: [IMail Forum] list server bombardment > Ben, > > I have seen this happen a few times unfortunately. It's usually caused > when a list subscriber installs Microsoft Exchange and configures it to > pick up mail from their ISP mail server. Basically the user misconfigured > Exchange and when it goes to pick the messages up it actually sends the > message back to the list as if it were the original sender (which causes > people to keep seeing the message over and over). The intended recipient > never gets the message. Typically this causes an endless loop until you > remove the problem recipient or take other actions to stop the loop. > > The way that I have tracked them down was to carefully review the > headers. It looks like "hines2" and "65.174.217.35" are going to be your > starting points. I telnet'ed to that IP and it looks like it may be > Exchange (it's a mail server in any case!). Perhaps you can send a message > to abuse, postmaster, etc and see if someone will respond. > > If the person gives you are hard time about the Exchange issue feel free to > e-mail me for more information. I don't remember the exact cause but I can > ask a few people who have caused this problem what Microsoft told them to > change. Good luck, tell them they have no business running Exchange > because (a) they don't need it and (b) they can't support it! > > Thomas Mann, Esq. > Director of Technology > National Network of Estate Planning Attorneys, Inc. > > At 05:32 PM 10/2/2003, you wrote: > >Here's a strange problem... > > > >We use the IMail List Server (v.7.x) for a client that sends out regular > >announcements to their members. This has always worked fine until > >yesterday, when we hit the twilight zone. We sent out an announcement to a > >list containing perhaps a hundred members. A number of people then reported > >receiving 30-40 copies of the announcement. How could this happen? > > > >I checked the list, and it doesn't show any duplicate names. Then I looked > >at a typical duplicate message. Here is a sample header: > > > >*************************************************************************** * > >** > >Received: from SMTP32-FWD by salemorrotary.org > > (SMTP32) id A000007B4; Wed, 1 Oct 2003 13:30:42 -0700 > >Received: from hines2 [65.174.217.35] by bcw6.bcwebhost.net with ESMTP > > (SMTPD32-7.15) id A970B210070; Wed, 01 Oct 2003 13:30:40 -0700 > >Received: from mail pickup service by hines2 with Microsoft SMTPSVC; > > Wed, 1 Oct 2003 13:17:38 -0700 > >Received: from salemorrotary.org ([66.224.41.7]) by hines2 with Microsoft > >SMTPSVC(5.0.2195.5329); > > Wed, 1 Oct 2003 12:32:55 -0700 > >Received: from hines2 [65.174.217.35] by bcw6.bcwebhost.net with ESMTP > > (SMTPD32-7.15) id AD1AA920070; Wed, 01 Oct 2003 12:38:02 -0700 > >Received: from mail pickup service by hines2 with Microsoft SMTPSVC; > > Wed, 1 Oct 2003 12:28:01 -0700 > >Received: from salemorrotary.org ([66.224.41.7]) by hines2 with Microsoft > >SMTPSVC(5.0.2195.5329); > > Wed, 1 Oct 2003 12:01:52 -0700 > >Received: from hines2 [65.174.217.35] by bcw6.bcwebhost.net with ESMTP > > (SMTPD32-7.15) id A5BE7CF005C; Wed, 01 Oct 2003 12:06:38 -0700 > >Received: from mail pickup service by hines2 with Microsoft SMTPSVC; > > Wed, 1 Oct 2003 12:00:00 -0700 > >Received: from salemorrotary.org ([66.224.41.7]) by hines2 with Microsoft > >SMTPSVC(5.0.2195.5329); > > Wed, 1 Oct 2003 11:44:59 -0700 > >Received: from bcw5.bcwebhost.net [66.224.41.2] by bcw6.bcwebhost.net with > >ESMTP > > (SMTPD32-7.15) id A120791005C; Wed, 01 Oct 2003 11:46:56 -0700 > >Received: from mail pickup service by bcw5.bcwebhost.net with Microsoft > >SMTPSVC; > > Wed, 1 Oct 2003 11:46:56 -0700 > >From: <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Subject: [Salem Rotary News] Salem Rotary Program Preview > >Date: Wed, 1 Oct 2003 11:46:56 -0700 > >MIME-Version: 1.0 > >Content-Type: multipart/alternative; > > boundary="----=_NextPart_000_0018_01C38811.B749BB30" > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > >Message-ID: <[EMAIL PROTECTED]> > >X-OriginalArrivalTime: 01 Oct 2003 18:46:56.0943 (UTC) > >FILETIME=[63C7B3F0:01C3884C] > >X-Sender: [EMAIL PROTECTED] > >Return-Path: [EMAIL PROTECTED] > >X-Sender: [EMAIL PROTECTED] > >X-Sender: [EMAIL PROTECTED] > >Precedence: bulk > >Sender: [EMAIL PROTECTED] > >Status: U > >X-UIDL: 987134888 > > > > This is a multi-part message in MIME format. > >*************************************************************************** * > >** > > > >I also looked in the log file, but couldn't pick out anything obvious. > > > >Any ideas on what could cause this or how to track it down? > > > >Thanks, > > > >Ben > >BC Web > > > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
