'Undeliverable Mail' SPAM

Similar Messages

• 'Undeliverable Mail Return To Sender' spam?

  As of late, we have been getting 'undeliverable mail' which appears to be spam. The long headers appear to indicate that it is indeed coming from our mail server and the body of the message goes something like this:
  This is the Postfix program at host nopali.com.
  I'm sorry to have to inform you that your message could not be
  be delivered to one or more recipients. It's attached below.
  For further assistance, please send mail to <postmaster>
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  The Postfix program
  <[email protected]>: host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
  content rejected, UBE, id=21361-04 (in reply to end of DATA command)
  Reporting-MTA: dns; nopali.com
  X-Postfix-Queue-ID: 7260D27DAB9
  X-Postfix-Sender: rfc822; [email protected]
  Arrival-Date: Sat, 23 Dec 2006 04:10:46 -0500 (EST)
  Final-Recipient: rfc822; [email protected]
  Action: failed
  Status: 5.0.0
  Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
  content rejected, UBE, id=21361-04 (in reply to end of DATA command)
  From: "Ronald Myers" <[email protected]>
  Date: December 23, 2006 4:11:11 AM EST (CA)
  To: [email protected]
  Subject: Because that is curious girdle, and Hormah, and some therefore,
  ...and there is generally a spamish content underneath.
  Has anyone encountered this?
  I thought perhaps that somehow others were able to use my mail cue, but I closed the firewall for SMTP mail to only favourable IPs. However, when I look at my mail cue, I see a bunch of things waiting to be sent out. They appear to be a bunch of spam that the server trying to return. The cue would typically have this message:
  Message ID: 266692764C8
  Date: Thu Dec 21 13:31:52
  Size: 6742
  Sender: MAILER-DAEMON
  Recipient(s) & Status:
  [email protected]:
  connect to wc.wachovia.com[169.200.182.108]: Operation timed out
  It appears that the server is trying to return spammed mail to sender and it is timing out. I am not sure, though. This would not make sense since I have spam being redirected to a separate spam_depot account.
  Any ideas on how to figure this one out?

  I can't tell you if this is a wise decision for your setup, you need to make that call.
  You are getting into settings which stray far from the GUI and the support of Apple, venture forward carefully..
  The comments within the amavisd.conf file and threads in this forum contain most/all of what you may require. Spend time reviewing the config file. all of it's options, the flow of amavis (well documented) and how amavis links to postfix...... then out of thousands of possible configurations you can make the decision of what is best for your server.
  Some hints... (which were documented in an earlier thread)
  The GUI sets tag2 and sakill_leveldflt the same:
  $sakill_leveldeflt = $satag2_leveldeflt;
  You can change this so that one set of actions is performed at tag2 and a more extreme action at the kill level. something like this works well for a well trained server:
  $satag2_leveldeflt = 3.0
  $sakill_leveldeflt = 6.0;
  When the kill level is reached, the finalspamdestiny action is performed. If you bounce or reject, you will generate bounces in your queue. If you discard, the no bounce is generated. Even if you discard, you still have a quarantine.
  The default is to quarantine the spam as files in /var/virusmails Many people never look in this folder, and it can easily fill-up. Look in your settings for something like this:
  $QUARANTINEDIR = '/var/virusmails';
  you can comment this to:
  #$QUARANTINEDIR = '/var/virusmails';
  to disable the quarantining to a directory.
  You can quarantine to an email address, read the file, it's pretty clear.
  Take the time to read through the file. Make changes one at a time and allow plenty of testing between changes. Make any files you change. Be sure to stop/start mail service to activate changes.
  Jeff

• Mail spam suddenly

  Running 10.7.5,  I have mail setup it has been working great for months.  In the last week though I have started getting tons of spam in the following format.
  From: Mail Delivery System
  To: My email address on the server
  Subject: Undelivered Mail Returned to Sender
  Body:  Is basically my mail server telling me I sent something to a user but I never did.
  To verify this I checked my smtp logs and I can see that nothing went out of my mail server,  but I can see all the undeliverables pouring into my system and the end result is tons and tons of junk mail in my inbox.
  Does anyone have any ideas on how I might fight this spam? 
  Thanks for all the help guys!

  Does anyone have any ideas on how I might fight this spam?
  Grab yourself a beer and go sit by the pool. That's about all you can do.
  If the mail isn't going through your server, you have zero influence or opportunity to affect it. The likelyhood is that someone's just generating span using a random/dummy email address that happens to map back to you.
  SMTP was never really designed to authenticate mail and while you can lock down your own server there is very little you can do to prevent others generating mail (spam) in your name.
  If you're really interested, look at implementing SPF and/or DomainKeys. These add a layer of authentication to your messages that can elevate the trust of your real emails, but there's no guarantee that any remote mail server will honor them, or reject mail that comes from an invalid address (SPF) or isn't properly signed (DomainKeys).
  I suppose as a good domain owner you should be implementing SPF and DomainKeys anyway, since these systems are only really effective when used by the majority, but it's not going to be a golden arrow that magically makes this problem go away, hence the beer.

• Undeliverable mail question

  hi,
  What does this dsn mean? And could it be spam?
  the subject is "Undeliverable mail"
  Message body:
  Failed to deliver to '[email protected]'
  SMTP module(domain yyyyy.com) reports:
  yyyyy.com: no response
  Two attachments came along with the message. One of them is:
  Reporting-MTA: dns; mail.zzzzz.net
  Original-Recipient: rfc822;<[email protected]>
  Final-Recipient: rfc822;<[email protected]>
  Action: failed
  Status: 4.0.0
  I checked mail.log_current and grepped for zzzzz.net:
  mail.log_yesterday:07-Mar-2006 21:16:12.76 tcp_local ims-ms E 5 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
  mail.log_yesterday:07-Mar-2006 21:19:56.49 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
  mail.log_yesterday:07-Mar-2006 21:38:36.74 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
  mail.log_yesterday:07-Mar-2006 21:55:07.28 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
  mail.log_yesterday:07-Mar-2006 22:42:36.60 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
  thx

  thx for the explanation .Now things are clearer. Few
  more questions if you don't mind Jay:
  what about the E entries in the log:
  mail.log_yesterday:07-Mar-2006 21:16:12.76 tcp_local
  ims-ms E 5 rfc822;[email protected]
  myuser@ims-ms-daemon swip.net (mailfe05.swip.net
  [83.180.141.95]) "E" means, "Enqueue". That's when your server puts the message in the queue. Has nothing to do with sending a message. In fact, this log entry shows the message
  Coming from the tcp_local channel (external to your systems),
  and addressed to your user on the local store.
  >
  Does it mean that the my mail server was trying to
  re-send the spam again?No
  Also, when you said 'original address is bad', the
  original address is [email protected]? and the
  remote server checked that email address and found
  out that it does not exist?No.
  the address to: was "[email protected]", or whatever was there, before you changed it.
  >
  Finally, what about the aol and yahoo emails that I
  found in the FROM and TO in the attached file?
  Received: from d83-180-141-95.cust.tele2.es
  ([83.180.141.95] verified)
  by mailfe05.swip.net (CommuniGate Pro SMTP 5.0.8)
  with SMTP id 39743822; Thu, 02 Mar 2006 22:57:17
  17 +0100
  Message-ID: <000b01c63e01$377fa740$5f8db453@ppdtdv>
  From:
  =?Windows-1251?Q?=D2=E8=EC=EE=F4=E5=E9_=D2=E0=F0=E0=F1
  =EE=E2=E8=F7_=CA=EE=ED=E4=E5=E5=E2?=
  <[email protected]>
  To:
  =?Windows-1251?Q?=C1=EE=E3=E4=E0=ED_=C5=E2=E3=E5=ED=FC
  =E5=E2=E8=F7_=CC=F3=F5=E0=EC=E5=E4=E8=ED=EE=E2?=
  <[email protected]>
  Those have nothing to do with the current mail itself. They're attached/forwarded/replied previously.

• Copy Undeliverable Mail To / luser_relay no worky?

  Hi everyone,
  I know it's a despised feature, but I just need it working until I'm confident everything has been migrated well. I'm of course referring to "Copy Undeliverable Mail To:". When I first turned it on, and tested in, mail was still bouncing:
  Jun 7 14:07:23 server postfix/pipe[2354]: DDD381CA53F: to=<[email protected]>, relay=dovecot, delay=2180, delays=2180/0/0/0.01, dsn=4.1.1, status=SOFTBOUNCE (user unknown)
  I assumed that Server Admin was just enabling luser_relay in /etc/postfix/main.cf, but it was not, Rather, it was changing /etc/MailServicesOther.plist:
  <key>lmtpluserrelay</key>
  <string>catchalluser</string>
  <key>lmtpluser_relayenabled</key>
  <true/>
  I disabled it there and tried manually setting luser_relay in /etc/postfix/main.cf.
  Neither solution seemed to work. Anyone successfully have this working?

  OK. I can see your problem.
  Well, at least users are forced to fix the faulty address immediately. By getting a bounce later most users won't
  I know this is not the answer you were looking for so here you go (although I actually think user education never hurts and have not implemented this on my high traffic servers ;-):
  Are your users being forced to use SMTP authentication to send? If not make sure you have this in place as the first step. This is important so that your security is not compromised.
  Now look at your /etc/postfix/main.cf and towards the end look for
  smtpdrecipientrestrictions = .......
  You'll see something along these lines:
  smtpdrecipientrestrictions = permitsaslauthenticated, rejectunauthdestination, permit_mynetworks, rejectrblclient sbl-xbl.spamhaus.org, rejectrblclient relays.ordb.org, permit
  See if it includes rejectunauthdestination and/or rejectunverifiedrecipient and remove those.
  This should do the trick (not knowing your configuration there is always a chance something doesn't work as expected).
  The drawback is that this is now true for all senders and thus mail will get accepted first and bounced later if for unknown users.
  You can "finetune" this so that it applies only to your local users, but this requires quite a bit of fiddling around with your configuration and will "break" Server Admin. If you don't mind, see the following page for more info or ask again
  http://www.postfix.org/postconf.5.html
  Alex

• Suggest a feature page results in undeliverable mail

  I've been trying to submit a feature request, but all I get is an email response that my submission could not be delivered. Since bug reporting doesn't seem to include bugs in their website/mail delivery, I figured posting here might get some response.
  Delivery has failed to these recipients or distribution lists:
  [email protected]
  Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
  Sent by Microsoft Exchange Server 2007
  Diagnostic information for administrators:
  Generating server: corp.adobe.com
  [email protected]
  #550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##rfc822;[email protected]
  The Actual feature request was…
  *******Enhancement / FMR*********
  Brief title for your desired feature: Table Sort
  How would you like the feature to work?
  Have a sort icon show in table headers and be able to choose multiple columns to sort the table by.
  Why is this feature important to you?
  Apartment directories often have the same info twice, once sorted by Apartment Number then Last Name then First Name, and a second table is used sorted by Last Name then First Name then Apartment Number.
  Having to create two import files with the sort criteria and import each as a table then format each table is inefficient. Better to import single table, format, then make as many duplicates as necessary and change sorting within InDesign.

  I'm afraid sending me to the same page that I am reporting as having a problem is no solution. My fault since I didn't specify Adobe - Feature Request/Bug Report Form as where I was getting the results I mentioned, but the title of my post should have made it easy to make that connection
  (Suggest a feature page results in undeliverable mail)
  Yes, I used the real form on the real web page and got nothing useful for my effort… and that hasn't changed yet.

• Undeliverable Mail in Postfix

  I would like to redirect all undeliverable messages to another host for delivery. There are options to redirect undeliverable mail to an email address but this is not what I want. I need it to go to another mail host.
  Does anyone know how to do this? Thanks.

  hmmmm
  I may have an answer for you, but am not totally sure of your problem.
  At home, I have several e-mail addresses.. some for AOL, one for work and a few for my ISP at home, and each e-mail account has been set to use a separate outgoing mail server.
  So I send an e-mail to someone from home from my work e-mail address(which is set to use my work outgoing mail server), and for some reason, it is not deliverable... Mail gives me a pop up asking if I'd like to send via another method.
  So I select to send via my home ISP. This simply changes the outgoing mail server for that single message. The mail is received by the reciepent, as if it were sent from my work e-mail address, even though it went out thru my home ISP mail server.
  Now perhaps you are aware of this and wish to have Mail automatically take care of this for you..but I am unaware of a way to make this happen. What you CAN do is this: If you have an outgoing mail server that doesn't "play nice" all the time, and you have a mail server that DOES, simply change the outgoing mail server on the account that is giving you problems to the "nice" mail server.
  Ugh.. this sounds twisetd and mixed up.. let me know if this helps whatsoever.

• Undeliverable Mail for Postfix

  I would like to redirect all undeliverable messages to another host for delivery. There are options to redirect undeliverable mail to an email address but this is not what I want. I need it to go to another mail host.
  Does anyone know how to do this? Thanks.

  Are you trying to work around the issue of ISPs like AOL and Roadrunner blocking any mail from your postfix smtp server because your computer, that is running postfix, lives in dynamic IP space?

• Undeliverable mail - error message

  When I try to send mail, I get an Undeliverable mail error message/response. I don't know if it makes a difference if I select the me.com or mac.com as my outgoing server. I also work at a university, but I don't think that should be a problem since this just surfaced today. I've posted some additional technical details below. Has anyone else experienced this problem recently?
  Error message details:
  SMTP module(domain mac.com) reports:
  host smtp-mx2.mac.com says:
  550 5.1.1 unknown or illegal alias
  Reporting-MTA: dns; regor.[myuniversity].edu

  First of all test the other mail host. Do nslookup on the mx record for the domain. Maybe also check it from somewhere else on the internet to make sure your dns server doesnt still have an old entry cached. Once you know dns is going to the right server, try to telnet to port 25 on that server to see if you can connect to the other mail server and get a header back. If you want you could go a step further and send a message via command line but not usually necessary.
  If that server seems fine, look at your own mail server. Check dns, delivery to other addresses etc..

• Can't copy Undeliverable Mail

  I am running Mail on a Mac OS 10.4.2 xServer and find that the GUI setting "Copy undeliverable messages to" does not work as explained in the manual. When I check this option and enter the postmaster account, it does not copy but forwards all undeliverable messages to the postmaster's account. When I check the file /etc/postfix/mail.cf the line is added luser_relay = postmaster.
  On page 70 of Apples Mail Service Administration Manual, it indicates that the /etc/postfix/mail.cf file needs to be modified to add luser_relay = postmaster "To set up forwarding of undeliverable incoming mail;" not copy.
  The problem is if I forward undeliverable mail to the postmaster, the user does not get a message like they did on a 10.2 server indicating the message was not delivered.
  Does anyone know how I can get the message to bounce back to the original sender and have a copy go to the postmaster at the same time?

  OK. I can see your problem.
  Well, at least users are forced to fix the faulty address immediately. By getting a bounce later most users won't
  I know this is not the answer you were looking for so here you go (although I actually think user education never hurts and have not implemented this on my high traffic servers ;-):
  Are your users being forced to use SMTP authentication to send? If not make sure you have this in place as the first step. This is important so that your security is not compromised.
  Now look at your /etc/postfix/main.cf and towards the end look for
  smtpdrecipientrestrictions = .......
  You'll see something along these lines:
  smtpdrecipientrestrictions = permitsaslauthenticated, rejectunauthdestination, permit_mynetworks, rejectrblclient sbl-xbl.spamhaus.org, rejectrblclient relays.ordb.org, permit
  See if it includes rejectunauthdestination and/or rejectunverifiedrecipient and remove those.
  This should do the trick (not knowing your configuration there is always a chance something doesn't work as expected).
  The drawback is that this is now true for all senders and thus mail will get accepted first and bounced later if for unknown users.
  You can "finetune" this so that it applies only to your local users, but this requires quite a bit of fiddling around with your configuration and will "break" Server Admin. If you don't mind, see the following page for more info or ask again
  http://www.postfix.org/postconf.5.html
  Alex

• Mail spam filters and phishing

  Yesterday's UK Sunday Times gave an email address to which sufferers were advised to forward bank phishing emails - it is, presumably, a bank sponsored site which allows them to try and trace and/or stem this ever increasing tide of spam.
  Most of these bank phishing emails are caught by me ISP before I even get them, but several do make it into my spam folder or in-tray. If the latter, I mark them as spam manually.
  If I were to forward the emails that do reach me (after being manually marked or automatically filtered as spam) to the suggested address, would that affect the "learning" process of my Apple Mail spam filter?
  I can't think how it could and I'm keen to help the banks reduce this tiresome avalanche of rubbish (which seems to be increasing) but I don't want to confuse my filtering process.
  Thanks.

  Thanks, mhunter, most helpful.
  The article, for those interested, is about 2/3 the way down this page:
  http://www.timesonline.co.uk/article/0,,2097-2382411.html
  and is entitled "Website that deals with dodgy emails".
  The Bank Safe Online website is at
  http://www.banksafeonline.org.uk
  but, even though obviously UK orientated, it has some good generic advice which would be valid in other countries.
  The email address to which UK victims can forward bank scam/phishing eMails (after they have been identified as spam of course is [email protected]

• Mail Spam gone mad

  Mail spam filtering is too strong!
  I ask here, as I don't mind delving into XML files and doing search and replace with Textwrangler if someone has an idea how to isolate what is spam and what is not.    So is there a file I can edit that forces it to only consider certain keywords and e-mail addresses spam?
  I want to create an automatic filter that is neither too strong, nor too weak.
  Thank you.

  Hi Tim.
  This kind of problems are caused by some corruption in one or more of the files used by the junk filter. Try this first:
  1. Go to Preferences > Junk Mail and disable junk mail filtering.
  2. Quit Mail, then open it again.
  3. Go to Preferences > Junk Mail, enable junk mail filtering, and configure it however you wish.
  4. Reset the junk database (Preferences > Junk Mail > Reset).
  Alternatively, instead of (or in addition to) disabling/enabling the junk filter, you may try switching from Automatic to Training mode, quitting Mail, then switching back to Automatic mode.

• How do I configure Server 3.0 to deliver "undeliverable" mail to a specific "catchall email address?

  How do I configure Server 3.0 to deliver "undeliverable" mail to a specific "catchall email address?
  I had this working in Server 2.0  dunno why it doesn't now, but I can't find the config.

  It's fairly straight forward and there is a GUI option to help you.
  In the Server app, go to Users. Select the User you want to create email aliases for. Right click, or hold down Shift-Ctrl and click on the name. Select 'Advanced Options...' from the menu. You can then enter as many aliases as you want in the 'Aliases'.
  For example: [email protected], @xyz.co.uk, [email protected]
  My example is overkill as I only really needed to add '@xyz.co.uk' as a catch all get everything sent to that domain delivered to that users email address.

• HT4061 I am receiving return e-mails saying undeliverable mail was sent using my e-mail addy as the "from" addy. It is spam mail and some has been sent to U.S. military. It is not coming directly from my e-mail/ i-cloud account. How do I stop it?

  I am receiving returne postmaster e-mails saying e-mails were not deliverable, and some say they were blocked as being spam mail because they were sent to U.S. military addresses. The e-mails are coming from an outside source and are not being sent directly from my e-mail, but whoever is doing it is putty my address in as the sender. How do I stop this?

  at this point the best you could do would be to delete your email account, or ignore the emails

• Undeliverable Mail using Apple mail

  I recently decided to transition from Outlook for Mac to Apple mail for obvious reasons - I don't like Microsoft.  However, 50% of the emails, I am sending are being returned to me.  These are the same people I have been emailing for years, some I am just replying to their message.
  Why is this happening?  Here is a string from the bounced email:
  The original message was received at Thu, 6 Jun 2013 11:08:38 -0400
  from [10.30.71.209]
  *** ATTENTION ***
  This email is being returned to you because the remote server would not
  or could not accept the message. The registeredsite servers are just
  reporting to you what happened and are not the source of the problem.
  The address which was undeliverable is in the section labeled:
  "----- The following addresses had permanent fatal errors -----".
  The reason your mail is being returned to you is in the section labeled:
  "----- Transcript of Session Follows -----".
  This section describes the specific reason your e-mail could not be
  delivered.
  Please direct further questions regarding this message to your e-mail
  administrator.
  --Registeredsite Postmaster
    ----- The following addresses had permanent fatal errors -----
  <[email protected]>
     (reason: 554 5.7.1 Service unavailable; Client host [209.17.115.51] blocked using zen.spamhausdnsbl; http://www.spamhaus.org/query/bl?ip=209.17.115.51)
    ----- Transcript of session follows -----
  ... while talking to mail.mailroute.net.:
  DATA
  <<< 554 5.7.1 Service unavailable; Client host [209.17.115.51] blocked using zen.spamhausdnsbl; http://www.spamhaus.org/query/bl?ip=209.17.115.51
  554 5.0.0 Service unavailable
  <<< 554 5.5.1 Error: no valid recipients
  Reporting-MTA: dns; atl4mhob13.myregisteredsite.com
  Received-From-MTA: DNS; [10.30.71.209]
  Arrival-Date: Thu, 6 Jun 2013 11:08:38 -0400
  Final-Recipient: RFC822; [email protected]
  Action: failed
  Status: 5.7.1
  Remote-MTA: DNS; mail.mailroute.net
  Diagnostic-Code: SMTP; 554 5.7.1 Service unavailable; Client host [209.17.115.51] blocked using zen.spamhausdnsbl; http://www.spamhaus.org/query/bl?ip=209.17.115.51
  Last-Attempt-Date: Thu, 6 Jun 2013 11:08:39 -0400
  Any light you can shed would be appreciated!

  The recipient's mail server has blacklisted the server you use for spamming.