Heyo Just had to analyze a quite strange problem of our and a customer's Mailserver being mailbombed...
It turned out, that the customer sent an email to about 50 recipients. He put all the Recipients in the 'To:' Line. Shortly after that, his Exchange Server was Mailbombed to death. He called me and I tool a look into our logfiles and noticed a huge amount of entries with his domainname. Mostly from Bluewin and Cybernet. I first tought of a new very heave Virus outbreak, because our Mailserver is not MX nor Backup MX for the customer's Domain. After a closer look I saw that all those mails were addressed to our customers, but arrived from many different IP's @bluewin and @cybernet. The 'From:' line was the customer who originaly sent that email to those 50 recipients. So I connected one pop3 box of a affected customer to have a closer look at the headers. All the mails that keep being resent had all original 'Receive:' lines removed. The oldest one is: Received: from mail pickup service by [$customersserver] with Microsoft SMTPSVC; After talking to the Mailadmin of the Exchange Server, this seams what happens: This M$ POP3 Connector for Exchange get's the Emails from a POP3 Account, looks at the To: line and delivers them to the recipients found there. Great! Now we have about 5 Servers on the net in Switzerland playing Email-Ping-Pong with each other and filling up the inboxes of those original 50 recipients... :-/ Does somebody know about this Bug or config problem and has a quick fix? Regards -Benoit- -- SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can Tastes fine, saves time. / If you want something grand, / Ask for SPAM! - Hormel's 1937 jingle for SPAM _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
