Hi,
A colleague of mine gets a lot of weird Delivery Status Notifications,
Failure Notice and Rejected messages. Yesterday she got 200 of them..
They all come from different servers and they are most from Russia and
Japan and they are countries that we have no connection to at all.
I've looked at the message headers and I can't figure out Why he
receives so many messages..
All the mail-servers that send them to us have PTR-records so they look
legit to me.
They all come from MAILER-DAEMON and the content is pretty much rubbish.
I attached a message with headers and everything, just changed the
address for my colleague.
Is there some way that I can block these kind of things?
Is someone sending out spam using her email-address and when the
receiving server can't deliver they send the notice to the real address?
This is the only address this i happening for and we have over 100
addresses on this server..
If you need more information just tell me.
We use Amavisd-new/spamassassin and they don't seem to trigger much on
these messages.
Bellow is my postconf -n:
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 200
inet_interfaces = all
mailbox_size_limit = 1073741824
message_size_limit = 52428800
mydestination = localhost
myhostname = smtp3.domain.com
mynetworks = 127.0.0.0/8 10.0.0.0/24
myorigin = domain.com
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
recipient_bcc_maps = regexp:/etc/postfix/recipient_bcc
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql/mysql_relay_domains_maps.cf
relayhost =
smtp_generic_maps = hash:/etc/postfix/smtp_generic
smtp_host_lookup = native
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unauth_pipelining, reject_invalid_hostname,
reject_unknown_recipient_domain, reject_unverified_recipient,
check_policy_service inet:127.0.0.1:60000, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps =
proxy:mysql:$config_directory/mysql/mysql_virtual_alias_maps.cf,
proxy:mysql:$config_directory/mysql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:$config_directory/mysql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_base = /usr/local/vmail/
virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:$config_directory/mysql/mysql_virtual_alias_domain_mailbox_maps.cf
X-Greylist: delayed 494 seconds by postgrey-1.31 at sexan; Wed, 24 Nov
2010 09:20:34 CET
Received: from vogclub.com (vogclub.com [72.233.55.58])
by smtp3.domain.com (Postfix) with ESMTP id A8FB610A0D7
for <a...@domain.com>; Wed, 24 Nov 2010 09:20:34
+0100 (CET)
Received: by vogclub.com (Postfix)
id 29AB038B9D7; Wed, 24 Nov 2010 03:12:19 -0500 (EST)
Date: Wed, 24 Nov 2010 03:12:19 -0500 (EST)
From: mailer-dae...@vogclub.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: a...@domain.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="5267738B9D6.1290586339/vogclub.com"
Content-Transfer-Encoding: 8bit
Message-Id: <20101124081219.29ab038b...@vogclub.com>
This is a MIME-encapsulated message.
--5267738B9D6.1290586339/vogclub.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host vogclub.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<i...@sklad.vinco.ru>: mail for sklad.vinco.ru loops back to myself
--5267738B9D6.1290586339/vogclub.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; vogclub.com
X-Postfix-Queue-ID: 5267738B9D6
X-Postfix-Sender: rfc822; a...@domain.com
Arrival-Date: Wed, 24 Nov 2010 03:12:18 -0500 (EST)
Final-Recipient: rfc822; i...@sklad.vinco.ru
Original-Recipient: rfc822;i...@sklad.vinco.ru
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for sklad.vinco.ru loops back to
myself
--5267738B9D6.1290586339/vogclub.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Received: from bzq-84-109-46-109.red.bezeqint.net
(bzq-84-109-46-109.red.bezeqint.net [84.109.46.109])
by vogclub.com (Postfix) with ESMTP id 5267738B9D6
for <i...@sklad.vinco.ru>; Wed, 24 Nov 2010 03:12:18 -0500 (EST)
Received: from [84.109.46.109] by smtp.domain.com; Wed, 24 Nov 2010
11:05:12 +0300
Message-ID: <01cb8bc7$76ea2400$6d2e6...@anna.schough>
From: =?koi8-r?B?IuzJzMnRIPPF0sHGyc3P187BIg==?=
<a...@domain.com>
To: <i...@sklad.vinco.ru>
Subject:
=?koi8-r?B?+vfl+uT5IPPl8uXh7O/3IPP08yA1IOTl6+Hi8vEg9yDz8OXr9OHr7A==?=
=?koi8-r?B?5SAi9fLv6+kg7ODi9+ki?=
Date: Wed, 24 Nov 2010 11:05:12 +0300
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="koi8-r";
reply-type=original
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
5 äåëáâòñ × 19-30
÷ ôÅÁÔÒÉÕÍÅ ÎÁ óÅÒÐÕÈÏ×ËÅ (ÕÌ.ðÁ×ÌÏ×ÓËÁÑ, Ä.6, Í.óÅÒÐÕÈÏ×ÓËÁÑ) Ô.
236-85-04
ú×ÅÚÄÙ ÓÅÒÅÁÌÏ× "íÁÒÇÏÛÁ" É "ïÄÎÁ ÚÁ ×ÓÅÈ" × ÓÐÅËÔÁËÌÅ
õÒÏËÉ ÌÀÂ×É
ìÉÒÉÞÅÓËÁÑ ËÏÍÅÄÉÑ ÷ÁÌÅÒÉÑ óÁÒËÉÓÏ×Á
üÔÁ ÉÓÔÏÒÉÑ ÚÁÂÁ×ÎÙÍ É ÉÎÔÒÉÇÕÀÝÉÍ ÏÂÒÁÚÏÍ ÐÅÒÅ×ÏÒÁÞÉ×ÁÅÔ ÉÚ×ÅÓÔÎÙÊ
ÍÉÆ Ï ÓËÕÌØÐÔÏÒÅ ðÉÇÍÁÌÉÏÎÅ, ÏÖÉ×É×ÛÉÍ ÍÒÁÍÏÒÎÕÀ ÓÔÁÔÕÀ ÓÉÌÏÊ Ó×ÏÅÊ
ÌÀÂ×É.
ïÄÎÁËÏ ÔÁËÁÑ ÐÏÐÙÔËÁ ÐÒÅÏÂÒÁÖÅÎÉÑ ÔÅÒÐÉÔ ËÒÁÈ × ÕÓÌÏ×ÉÑÈ ÓÏ×ÒÅÍÅÎÎÏÊ
ÒÏÓÓÉÊÓËÏÊ ÄÅÊÓÔ×ÉÔÅÌØÎÏÓÔÉ.
çÅÒÏÉÎÑ ÓÐÅËÔÁËÌÑ ÏÞÁÒÏ×ÁÔÅÌØÎÁ, ÎÏ ÁÂÓÏÌÀÔÎÏ ÎÅ×ÅÖÅÓÔ×ÅÎÎÁ É ÓÔÒÁÛÎÏ
ÎÅ×ÏÓÐÉÔÁÎÎÁ. éÓÐÕÇÁ×ÛÉÓØ ÚÁ Ó×ÏÀ ÒÅÐÕÔÁÃÉÀ, ÅÅ ÓÏÖÉÔÅÌØ,
ÎÏ×ÏÉÓÐÅÞÅÎÎÙÊ ÒÕÓÓËÉÊ ÍÉÌÌÉÏÎÅÒ, ÎÁÎÉÍÁÅÔ ÄÌÑ ÎÅÕËÒÏÔÉÍÏÊ ÄÁÍÙ
ÕÞÉÔÅÌÑ ÉÚÑÝÎÙÈ ÍÁÎÅÒ. îÁÓÔÁ×ÎÉË ÂÙÓÔÒÏ ÚÁÂÙ×ÁÅÔ Ï ÐÅÄÁÇÏÇÉÞÅÓËÏÊ
ÜÔÉËÅ É ×ÓËÏÒÅ ÓÁÍ ÐÒÏ×ÏÃÉÒÕÅÔ ÎÅÓÌÙÈÁÎÎÙÊ ÓËÁÎÄÁÌ.
òÅÖÉÓÓÅÒ - ÷ÁÌÅÒÉÊ óÁÒËÉÓÏ×
÷ ÒÏÌÑÈ: áÎÎÁ áÒÄÏ×Á\ íÁÒÉÑ âÅÒÓÅÎÅ×Á, ïÌÅÇ íÁÓÌÅÎÎÉËÏ×-÷ÏÊÔÏ×\íÉÈÁÉÌ
ðÏÌÉÃÅÊÍÁËÏ/áÌÅËÓÁÎÄÒ èÏ×ÁÎÓËÉÊ, éÇÏÒØ âÏÞËÉÎ\òÏÍÁÎ íÁÄÑÎÏ×\CÅÒÇÅÊ
îÁÓÉÂÏ×, ÷ÁÌÅÎÔÉÎ óÍÉÒÎÉÔÓËÉÊ\áÌÅËÓÁÎÄÒ ûÁ×ÒÉÎ, ü×ÅÌÉÎÁ âÌÅÄÁÎÓ\ìÁÒÉÓÁ
âÏÇÕÓÌÁ×ÓËÁÑ, é×ÁÒ ëÁÌÎÙÎØÛ\çÅÏÒÇÉÊ íÁÒÔÉÒÏÓØÑÎ.
óÃÅÎÏÇÒÁÆÉÑ -äÍÉÔÒÉÊ äÒÏÂÙÛÅ×
èÕÄÏÖÎÉË ÐÏ ËÏÓÔÀÍÁÍ - ñÎÉÎÁ ëÒÅÍÅÒ
âÉÌÅÔÙ ÍÏÖÎÏ ÐÒÉÏÂÒÅÓÔÉ × ËÁÓÓÁÈ ÇÏÒÏÄÁ, Á ÔÁË ÖÅ ÐÏ ÔÅÌ. 778-11-71,
517-11-62
--5267738B9D6.1290586339/vogclub.com--
