• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Help with spammer

hardbrasil

Regular Pleskian
Hello fellas,
could you help me to identify what is going on?

i have one customer that receive a lot of bounce messages saying that "email was not able to be delivered - ".
BUT, the issue is my customer is not sending this email.

i am afraid of someone is sending spam and putting my customer like a "catch all bounce".


here is a copy of an example:

Code:
This is the mail system at host admin.myhost.com.br.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: host mx4.hotmail.com[104.44.194.235] said: 550
    Requested action not taken: mailbox unavailable (in reply to RCPT TO
    command)

<[email protected]> (expanded from <[email protected].>): host
    vip-us-br-mx.terra.com[208.84.244.133] said: 550 5.1.1 5.1.1
    <[email protected]>: Recipient address rejected (in reply to RCPT
    TO command)
Reporting-MTA: dns; admin.myhost.com.br
X-Postfix-Queue-ID: EBFE61E2025
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Tue, 17 Jan 2017 17:39:22 -0200 (BRST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected].
Action: failed
Status: 5.1.1
Remote-MTA: dns; vip-us-br-mx.terra.com
Diagnostic-Code: smtp; 550 5.1.1 5.1.1 <[email protected]>: Recipient
    address rejected
Return-Path: <[email protected]>
Received: from luiz (unknown [191.181.82.108])
    by admin.myhost.com.br (Postfix) with ESMTPA id EBFE61E2025;
    Tue, 17 Jan 2017 17:39:22 -0200 (BRST)
Message-ID: <4382CC8542EF47D08875DEB6DDD3CCB0@luiz>
From: "Luiz" <[email protected]>
To: <Undisclosed-Recipient:;>
Subject: Fw:    EMMANUEL /  Recanto de Paz...
Date: Tue, 17 Jan 2017 17:38:11 -0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_005B_01D270E8.7959AF50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: mycustomer.com.br

second example

Code:
This is the mail system at host admin.myhost.com.br.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: connect to
    gmail.com.br[2607:f8b0:4006:80e::2005]:25: Connection timed out
Reporting-MTA: dns; admin.myhost.com.br
X-Postfix-Queue-ID: DB44A1E1E19
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 12 Jan 2017 17:12:39 -0200 (BRST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; connect to
    gmail.com.br[2607:f8b0:4006:80e::2005]:25: Connection timed out
Return-Path: <[email protected]>
Received: from luiz (unknown [191.181.82.108])
    by admin.myhost.com.br (Postfix) with ESMTPA id DB44A1E1E19;
    Thu, 12 Jan 2017 17:12:39 -0200 (BRST)
Message-ID: <D5900C5F29CA4E3395A0F50A6330BFAA@luiz>
From: "Luiz" <[email protected]>
To: <Undisclosed-Recipient:;>
Subject: Fw:    BELGICA / Guia de viagem - Bruxelas
Date: Thu, 12 Jan 2017 17:09:46 -0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_004F_01D26CF6.ACD2B390"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: mycustomer.com.br
 
Last edited:
I can't also send from my email address no message to Hotmail/Microsoft.

I made an support request but no answer.


Gesendet von meinem D6603 mit Tapatalk
 
Spammers sometimes use a random, but existing email address as sender. This is done for mainly these 2 reasons:

1) the errors don't come back to the server they are abusing, 5000 errors less in the queue are 5000 changes less someone will pick up on a large queue and stop them.
2) spamfilters that test if the sender exist can be tricked by this.

The best thing you can do about this is using a strict spf record. This only works if the receiver checks spf, but hotmail does, so the hotmail server will not accept the spam from the spammers mailserver with your client as sender.

more on spf http://www.openspf.org/SPF_Record_Syntax

hope this helps a bit

regards
Jan
 
Back
Top