Hi,
We use Postfix - Dovecot ā Sympa ā spamassassin ā clamav on an Ubuntu 14.04
server.
Last week we sent out a message to a Sympa mailing list and one of the e-mail
addresses was in Costa-Rica. (@ucr.ac.cr)
Since then we keep receiving an e-mail from their Cisco Iron Port system about
every 10 seconds and we are unable to stop it, even after installing
spamassassin and clamav.
This is the message:
- - quote - - - - - - -
From: SYMPA <sy...@sympa.iode.org>
To: Listmaster listmas...@sympa.iode.org
Subject: Listmaster: internal server error.
User "Iron Port Bounce Messages" <ironp...@ucr.ac.cr> has encountered an
internal server error
(message diffusion - MSG_ID: <c4992b$cf...@ironportvirtual.ucr.ac.cr> - LIST:
oceandocscommun...@sympa.iode.org):
Impossible to forward a message to oceandocscommunity-owner : undefined in
this list
See the logs for more details.
- - unquote - - - - - - -
This it the original message as it gets stopped by the mailing list server
because the sender is not a list member.
At this point I receive the above e-mail.
In the e-mail details below, I can find that the message is sent by
ironp...@ucr.ac.cr but even adding this e-mail address to the Postfix blacklist
has no effect.
This is new to me so any advise about what Iām doing wrong and how to stop this
is very welcome.
Have a nice weekend,
Mark
- - quote - - - -
root@mail:/home/sympa/spool/msg# more
oceandocscommunity-ow...@sympa.iode.org.1484660591.438
X-Sympa-To: oceandocscommunity-ow...@sympa.iode.org
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost [127.0.0.1])
by mail.iode.org (Postfix) with ESMTP id F04F71CAB
for <oceandocscommunity-owner+sympa.iode.org@sympalist>; Tue,
17 Jan 2017 14:43:11 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail.iode.org
Received: from mail.iode.org ([127.0.0.1])
by localhost (mail.iode.org [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id 40K8jY3dGAFm
for <oceandocscommunity-owner+sympa.iode.org@sympalist>;
Tue, 17 Jan 2017 14:43:02 +0100 (CET)
Received: from relay.vliz.be (unknown [192.168.5.217])
by mail.iode.org (Postfix) with ESMTPS id 026047C0B
for <oceandocscommunity-ow...@sympa.iode.org>; Tue, 17 Jan 2017
14:42:57 +0100 (CET)
X-ASG-Debug-ID: 1484660575-0ab9595f3b144d50001-JGkER2
Received: from litio.ucr.ac.cr (litio.ucr.ac.cr [163.178.174.20]) by
relay.vliz.be with ESMTP id 4HXbovzmQeqq83KP (version=TLSv1.2 cipher=RC4-SHA
bits=128 veri
fy=NO) for <oceandocscommunity-ow...@sympa.iode.org>; Tue, 17 Jan 2017 14:42:58
+0100 (CET)
X-Barracuda-Envelope-From:
X-Barracuda-Effective-Source-IP: litio.ucr.ac.cr[163.178.174.20]
X-Barracuda-Apparent-Source-IP: 163.178.174.20
Received: from localhost by litio.ucr.ac.cr;
17 Jan 2017 07:42:58 -0600
Message-Id: <c4992b$cq...@ironportvirtual.ucr.ac.cr>
Date: 17 Jan 2017 07:42:58 -0600
To: oceandocscommunity-ow...@sympa.iode.org
From: "Iron Port Bounce Messages" <ironp...@ucr.ac.cr>
Subject: Delivery Status Notification (Failure)
MIME-Version: 1.0
X-ASG-Orig-Subj: Delivery Status Notification (Failure)
Content-Type: multipart/report; report-type=delivery-status;
boundary="pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW"
X-Barracuda-Connect: litio.ucr.ac.cr[163.178.174.20]
X-Barracuda-Start-Time: 1484660577
X-Barracuda-Encrypted: RC4-SHA
X-Barracuda-URL: https://relay.vliz.be:443/cgi-mod/mark.cgi
X-Barracuda-Scan-Msg-Size: 230
X-Virus-Scanned: by bsmtpd at vliz.be
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.20
X-Barracuda-Spam-Status: No, SCORE=0.20 using global scores of TAG_LEVEL=3.0
QUARANTINE_LEVEL=4.0 KILL_LEVEL=5.0 tests=ANY_BOUNCE_MESSAGE, BOUNCE_MESSAGE,
BSF_
SC0_SA590, EMPTY_ENV_FROM
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.35864
Rule breakdown below
pts rule name description
---- ----------------------
--------------------------------------------------
0.00 EMPTY_ENV_FROM Empty Envelope From Address
0.20 BSF_SC0_SA590 Custom Rule SA590
0.00 BOUNCE_MESSAGE MTA bounce message
0.00 ANY_BOUNCE_MESSAGE Message is some kind of bounce
message
--pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW
content-type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
The following message to <ironp...@ucr.ac.cr> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'5.1.1 <ironp...@ucr.ac.cr>: Recipient ad=
dress rejected: User unknown in virtual mailbox table'
--pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW
content-type: message/delivery-status
Reporting-MTA: dns; litio.ucr.ac.cr
Final-Recipient: rfc822;ironp...@ucr.ac.cr
Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; [163.178.163.178]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'5.1.1
<ironp...@ucr.ac.cr>: Recipient address rejected: User unknown in virtual
mailbox table' (deliv
ery attempts: 0)
--pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW
content-type: message/rfc822
IronPort-PHdr: =?us-ascii?q?9a23=3ABBkzixKmSHBBlHKHbdmcpTZWNBhigK39O0sv0rFi?=
=?us-ascii?q?tYgRLP3xwZ3uMQTl6Ol3ixeRBMOAuq4C0LWd7/2ocFdDyK7JiGoFfp1IWk1Nou?=
=?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?=
=?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDWwbal8IRi0ogncuckbipZ+J6gszRfEvmFGcP?=
=?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?=
=?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?=
=?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?=
=?us-ascii?q?bIUBAOUBM+hGsofyu1QAoxylCAmpB+7i0CVFi2Xq0aEk1ekqDAHI3BYnH9ILqH?=
=?us-ascii?q?nasdf6OqAIX+2p0aLFyi7DbvNT2Tfl8ofFaQshoPGJXbJoa8Xd00gvFwTYgVqO?=
=?us-ascii?q?s4DlOCmV1usUvmWd8uFuVvqvhnY6pwx1rDWj3Nogh43Uio4P11zJ+yp0zJwxKN?=
=?us-ascii?q?C+VUV1e8SrEIFKuCGfL4Z2Qt0tQ2VvuCsiz70Jo5+7fCwQxJQmwB7QduKIf5KP?=
=?us-ascii?q?4hL5W+adOTZ4hHR7d7Kjnxu+7Eytx+PmWsWp1FtGszBJnsTCu30CzRDe7tCLSv?=
=?us-ascii?q?5n8Ueg3TaP2RrT6uZBIU0skqrUN4AuzaQ2lpUOtkTMAjT2l1nxjK+Tc0Uk5+6o?=
=?us-ascii?q?6+X7YrTmv5OcMIF1igfgPaQ0gcG/GuQ5Mg0WX2eB4+i81brj8lDnT7lQif02iK?=
=?us-ascii?q?bZvIjAJcsHvq65HxNV0oE75ha+FTem19IYnWEALFJfZBKKlJXpNE3UIPziF/iw?=
=?us-ascii?q?n06gnytxx6OOArq0SLTXKX6LqLD7Yf5X7FNawwd76N1E/JtbB6pLaKbyQEj3rN?=
=?us-ascii?q?vCEjckOBbyyu2hA88rha0EXmfaOZ68CIqa5USZ4/omC/KdYZcc/jf6J/Vj4OTh?=
=?us-ascii?q?2yxq0WQBdLWkiMNEIEuzGe5rdgDAOSLh?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GuIgBOE35YlwmGv8FdDg4BAQQBAQoBA?=
=?us-ascii?q?RcBAQQBAQoBAYMOAQEBAQGCB4MDTpwAiFCMfIpBSA8BAQEBAQEBAQEBAQIQAQE?=
=?us-ascii?q?BAQEIFghNQhIBgV4bAYJEDwGBFQ4CIQ0xE4kHnx6QAYIhBIo/hkSCC4cGCYMcg?=
=?us-ascii?q?l4FiHMYh16KPRQbgTCBBY8PG4FchQ6JaJJsSQKBXgiELoIDPD01hVlRgi4BAQE?=
X-IPAS-Result: =?us-ascii?q?A0GuIgBOE35YlwmGv8FdDg4BAQQBAQoBARcBAQQBAQoBAYM?=
=?us-ascii?q?OAQEBAQGCB4MDTpwAiFCMfIpBSA8BAQEBAQEBAQEBAQIQAQEBAQEIFghNQhIBg?=
=?us-ascii?q?V4bAYJEDwGBFQ4CIQ0xE4kHnx6QAYIhBIo/hkSCC4cGCYMcgl4FiHMYh16KPRQ?=
=?us-ascii?q?bgTCBBY8PG4FchQ6JaJJsSQKBXgiELoIDPD01hVlRgi4BAQE?=
X-IronPort-AV: E=Sophos;i="5.33,244,1477980000";
d="scan'208";a="13460557"
Received: from mail.iode.org ([193.191.134.9])
by litio.ucr.ac.cr with ESMTP; 17 Jan 2017 07:42:55 -0600
Received: by mail.iode.org (Postfix, from userid 1001)
id B109A20F3; Tue, 17 Jan 2017 14:42:49 +0100 (CET)
Message-Id: <sympa.1484660569.32128....@sympa.iode.org>
Date: Tue, 17 Jan 2017 14:42:49 +0100
MIME-Version: 1.0
Auto-Submitted: auto-replied
From: SYMPA <sy...@sympa.iode.org>
To: "Iron Port Bounce Messages" <ironp...@ucr.ac.cr>
Subject: Message distribution: Internal server error
Content-Type: multipart/mixed;
boundary="----------=_<sympa.1484660569.32128...@sympa.iode.org>"
Content-Transfer-Encoding: 8bit
X-Mailer: Sympa 6.1.19
--pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW--
- - unquote - - - -
