Server is Plesk v11.0.9 on CentOS 6.2;
For the last day or so, legitimate outbound emails from the Plesk server appear to be having spam email addresses being BCC'ed onto them.
This results in bouncebacks coming back from the spam addresses being appended, indicating the spam addresses are no longer valid, or are no longer accepting email.
This is happening across multiple clients and multiple domains on this Plesk server, leading me to believe it is something taking place on the server itself.
Can anyone provide any insight on what I should check or what I can do to investigate this further? It seems as though the legitimate emails are being sent and delivered properly, but with BCCing taking place to several invalid email addresses at the time of sending.
Here is an example of a failure notice received back from the server, after a legitimate email was sent --
====
-----Original Message-----
From: [email protected]
[mailto:MAILER-DAEMON@hosting6.somedomain.com]
Sent: Tuesday, February 16, 2016 12:22 PM
To: [email protected]
Subject: failure notice
Hi. This is the qmail-send program at hosting6.somedomain.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
Sorry, I couldn't find any host named mtnpublicom.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
216.82.251.33 does not like recipient.
Remote host said: 550-Invalid recipient
<[email protected]>
550 (#5.1.1)
Giving up on 216.82.251.33.
<[email protected]>:
209.85.147.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does
not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/answer/6596 b3si10011812igl.101 -
gsmtp Giving up on 209.85.147.27.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 11330 invoked from network); 16 Feb 2016 15:21:29 -0500
Received: from unknown (HELO DESKTOPNNUUHM7) (65.94.239.218)
by hosting6.somedomain.com with ESMTPSA (DHE-RSA-AES256-GCM-SHA384
encrypted, authenticated); 16 Feb 2016 15:21:29 -0500
From: "Suzy Jones" <[email protected]>
To: "'Sally MARTIN'" <[email protected]>,
"'JOHN Smith'" <[email protected]>
In-Reply-To:
Subject: RE: BERK TEK PO 4500884318
Date: Tue, 16 Feb 2016 15:23:03 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFkyoSi6rTG/ta0FmgTfxsK3WeRWQGORaMgn/XW/nCABkOTcA==
Content-Language: en-us
Hi sally,
Your order will be shipped today by UPS, tracking # abc.
Thank you,
Suzy Jones
For the last day or so, legitimate outbound emails from the Plesk server appear to be having spam email addresses being BCC'ed onto them.
This results in bouncebacks coming back from the spam addresses being appended, indicating the spam addresses are no longer valid, or are no longer accepting email.
This is happening across multiple clients and multiple domains on this Plesk server, leading me to believe it is something taking place on the server itself.
Can anyone provide any insight on what I should check or what I can do to investigate this further? It seems as though the legitimate emails are being sent and delivered properly, but with BCCing taking place to several invalid email addresses at the time of sending.
Here is an example of a failure notice received back from the server, after a legitimate email was sent --
====
-----Original Message-----
From: [email protected]
[mailto:MAILER-DAEMON@hosting6.somedomain.com]
Sent: Tuesday, February 16, 2016 12:22 PM
To: [email protected]
Subject: failure notice
Hi. This is the qmail-send program at hosting6.somedomain.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
Sorry, I couldn't find any host named mtnpublicom.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
Sorry, I couldn't find any host named baylor-pidc.idi.co.ug. (#5.1.2)
<[email protected]>:
216.82.251.33 does not like recipient.
Remote host said: 550-Invalid recipient
<[email protected]>
550 (#5.1.1)
Giving up on 216.82.251.33.
<[email protected]>:
209.85.147.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does
not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/answer/6596 b3si10011812igl.101 -
gsmtp Giving up on 209.85.147.27.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 11330 invoked from network); 16 Feb 2016 15:21:29 -0500
Received: from unknown (HELO DESKTOPNNUUHM7) (65.94.239.218)
by hosting6.somedomain.com with ESMTPSA (DHE-RSA-AES256-GCM-SHA384
encrypted, authenticated); 16 Feb 2016 15:21:29 -0500
From: "Suzy Jones" <[email protected]>
To: "'Sally MARTIN'" <[email protected]>,
"'JOHN Smith'" <[email protected]>
In-Reply-To:
Subject: RE: BERK TEK PO 4500884318
Date: Tue, 16 Feb 2016 15:23:03 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFkyoSi6rTG/ta0FmgTfxsK3WeRWQGORaMgn/XW/nCABkOTcA==
Content-Language: en-us
Hi sally,
Your order will be shipped today by UPS, tracking # abc.
Thank you,
Suzy Jones