Facebook
Twitter
D
Dale Johnson
Guest
Hey Guys,
Im not an expert by any means at this stuff, so I will try to provide as much information as possible and hopefully somebody will know what problem I am having.
I have done a fair amount of searching and found examples of backscatter and joe job's, but don't think either of these are what im having.
The Problem
Lately, I have been getting bounced messaged that look like the following.
------------
Hi. This is the qmail-send program at xxxxxxxxx.onlinehome-server.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
Sorry, I couldn't find any host named channeltrend.co.uk. (#5.1.2)
<[email protected]>:
209.85.223.55 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 27si17601392iwn.8
Giving up on 209.85.223.55.
<[email protected]>:
217.8.243.182 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.8.243.182.
<[email protected]>:
213.171.206.109 does not like recipient.
Remote host said: 550 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table
Giving up on 213.171.206.109.
<[email protected]>:
209.85.223.84 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 16si4319588iwn.33
Giving up on 209.85.223.84.
<[email protected]>:
217.8.243.182 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.8.243.182.
<[email protected]>:
82.69.206.26 failed after I sent the message.
Remote host said: 571 Delivery not authorized, message refused
<[email protected]>:
82.117.37.108 does not like recipient.
Remote host said: 550 unknown user
Giving up on 82.117.37.108.
<[email protected]>:
74.52.18.2 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable or not local
Giving up on 74.52.18.2.
<[email protected]>:
85.158.136.35 does not like recipient.
Remote host said: 550-Invalid recipient <[email protected]>
550 (#5.1.1)
Giving up on 85.158.136.35.
<[email protected]>:
Sorry, I couldn't find any host named bowski.co.uk. (#5.1.2)
<[email protected]>:
91.151.209.68 does not like recipient.
Remote host said: 550 5.1.1 <[email protected]>... User unknown
Giving up on 91.151.209.68.
<[email protected]>:
Sorry, I couldn't find any host named blairhammond.co.uk. (#5.1.2)
<[email protected]>:
80.94.196.22 does not like recipient.
Remote host said: 550 unknown user <[email protected]>
Giving up on 80.94.196.22.
<[email protected]>:
207.126.147.10 does not like recipient.
Remote host said: 550 No such user - psmtp
Giving up on 207.126.147.10.
<[email protected]>:
217.112.88.147 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.112.88.147.
<[email protected]>:
217.33.44.2 does not like recipient.
Remote host said: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in relay recipient table
Giving up on 217.33.44.2.
<[email protected]>:
90.152.57.70 failed after I sent the message.
Remote host said: 550 Message refused
<[email protected]>:
93.93.131.52 does not like recipient.
Remote host said: 550-Verification failed for <[email protected]>
550-Previous (cached) callout verification failure
550 Sender verify failed
Giving up on 93.93.131.52.
<[email protected]>:
217.174.253.141 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.174.253.141.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 27377 invoked by uid 0); 27 Apr 2010 20:39:01 -0700
Date: 27 Apr 2010 20:39:01 -0700
Message-ID: <20100428033901.27374.qmail@<hidden>.com>
From: [email protected]
To: [email protected]
Subject: Example Email Subject
Example email Body
-------------------------------------------------------------------
The Circumstances
I have noticed a pattern for this --> anytime an email is received by my server and has to redirect it to another ISP OR if my server itself has to send out a message it will successfully send the message, but also create a bounce record back to the original sender with the addresses of people they had no intention of sending the message to.
The list above with all the bounced email addresses, I have no idea who they are or where they came from...for a while I thought perhaps it was the individual sending the email having some sort of virus on their end that was attempting to attach multiple EXTRA recipients to their email, but last night I had a Plesk notification sent to off-server admin account and I ALSO got a bounce message saying that it couldnt deliver to all of these extra accounts.
If a Plesk email originating on a plesk setup is producing this, it makes me think that the qmail program might be compromised in some way. Again, Im not an expert, so i have no idea how this might be possible or what to do to fix it.
------------------------------------------------------------
My Setup
In my Plesk Mail config I have the following settings.
Relaying: closed
DomainKeys: OFF
Switch on SPF spam protection: On
SPF checking mode: Reject Mail when SPF resolves to "fail" (deny)
SPF local rules: include:spf.trusted-forwarder.org
DNS zones for DNSBL service: sbl.spamhaus.org;zen.spamhaus.org;dnsbl.ahbl.org;dnsbl.njabl.org;dnsbl.sorbs.net;blackholes.five-ten-sg.com
------------------------------------------------------------
What Ive Done So Far
When this problem originated I was using Plesk 8.4 and have since done incremental updates to Plesk 9.3 - my wishful thinking hoped that this problem would simply go away on its own by doing these updates, but clearly it hasnt.
I have looked over qmail log files, but given that im not really sure what to be looking for i obviously havn't found much. Ive tried looking for the email addresses above, but they don't seem to appear in there anywhere.
Ive also scoured the forums and Google looking for similar problems, but nobody has quite the same issue that im having (that ive been able to find)...I understand the concept of backscatter and joe job's, but again, this doesnt seem to be along the same lines
If anyone has some understanding of what im experience your help would be GREATLY appreciated. If you need any more information please inform me and ill do what I can to provide you with what you need. This problem is of great importance and hopefully with your guys help I can get it resolved soon.
Thank-you
Im not an expert by any means at this stuff, so I will try to provide as much information as possible and hopefully somebody will know what problem I am having.
I have done a fair amount of searching and found examples of backscatter and joe job's, but don't think either of these are what im having.
The Problem
Lately, I have been getting bounced messaged that look like the following.
------------
Hi. This is the qmail-send program at xxxxxxxxx.onlinehome-server.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
Sorry, I couldn't find any host named channeltrend.co.uk. (#5.1.2)
<[email protected]>:
209.85.223.55 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 27si17601392iwn.8
Giving up on 209.85.223.55.
<[email protected]>:
217.8.243.182 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.8.243.182.
<[email protected]>:
213.171.206.109 does not like recipient.
Remote host said: 550 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table
Giving up on 213.171.206.109.
<[email protected]>:
209.85.223.84 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 16si4319588iwn.33
Giving up on 209.85.223.84.
<[email protected]>:
217.8.243.182 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.8.243.182.
<[email protected]>:
82.69.206.26 failed after I sent the message.
Remote host said: 571 Delivery not authorized, message refused
<[email protected]>:
82.117.37.108 does not like recipient.
Remote host said: 550 unknown user
Giving up on 82.117.37.108.
<[email protected]>:
74.52.18.2 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable or not local
Giving up on 74.52.18.2.
<[email protected]>:
85.158.136.35 does not like recipient.
Remote host said: 550-Invalid recipient <[email protected]>
550 (#5.1.1)
Giving up on 85.158.136.35.
<[email protected]>:
Sorry, I couldn't find any host named bowski.co.uk. (#5.1.2)
<[email protected]>:
91.151.209.68 does not like recipient.
Remote host said: 550 5.1.1 <[email protected]>... User unknown
Giving up on 91.151.209.68.
<[email protected]>:
Sorry, I couldn't find any host named blairhammond.co.uk. (#5.1.2)
<[email protected]>:
80.94.196.22 does not like recipient.
Remote host said: 550 unknown user <[email protected]>
Giving up on 80.94.196.22.
<[email protected]>:
207.126.147.10 does not like recipient.
Remote host said: 550 No such user - psmtp
Giving up on 207.126.147.10.
<[email protected]>:
217.112.88.147 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.112.88.147.
<[email protected]>:
217.33.44.2 does not like recipient.
Remote host said: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in relay recipient table
Giving up on 217.33.44.2.
<[email protected]>:
90.152.57.70 failed after I sent the message.
Remote host said: 550 Message refused
<[email protected]>:
93.93.131.52 does not like recipient.
Remote host said: 550-Verification failed for <[email protected]>
550-Previous (cached) callout verification failure
550 Sender verify failed
Giving up on 93.93.131.52.
<[email protected]>:
217.174.253.141 does not like recipient.
Remote host said: 550 <[email protected]> No such user here
Giving up on 217.174.253.141.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 27377 invoked by uid 0); 27 Apr 2010 20:39:01 -0700
Date: 27 Apr 2010 20:39:01 -0700
Message-ID: <20100428033901.27374.qmail@<hidden>.com>
From: [email protected]
To: [email protected]
Subject: Example Email Subject
Example email Body
-------------------------------------------------------------------
The Circumstances
I have noticed a pattern for this --> anytime an email is received by my server and has to redirect it to another ISP OR if my server itself has to send out a message it will successfully send the message, but also create a bounce record back to the original sender with the addresses of people they had no intention of sending the message to.
The list above with all the bounced email addresses, I have no idea who they are or where they came from...for a while I thought perhaps it was the individual sending the email having some sort of virus on their end that was attempting to attach multiple EXTRA recipients to their email, but last night I had a Plesk notification sent to off-server admin account and I ALSO got a bounce message saying that it couldnt deliver to all of these extra accounts.
If a Plesk email originating on a plesk setup is producing this, it makes me think that the qmail program might be compromised in some way. Again, Im not an expert, so i have no idea how this might be possible or what to do to fix it.
------------------------------------------------------------
My Setup
In my Plesk Mail config I have the following settings.
Relaying: closed
DomainKeys: OFF
Switch on SPF spam protection: On
SPF checking mode: Reject Mail when SPF resolves to "fail" (deny)
SPF local rules: include:spf.trusted-forwarder.org
DNS zones for DNSBL service: sbl.spamhaus.org;zen.spamhaus.org;dnsbl.ahbl.org;dnsbl.njabl.org;dnsbl.sorbs.net;blackholes.five-ten-sg.com
------------------------------------------------------------
What Ive Done So Far
When this problem originated I was using Plesk 8.4 and have since done incremental updates to Plesk 9.3 - my wishful thinking hoped that this problem would simply go away on its own by doing these updates, but clearly it hasnt.
I have looked over qmail log files, but given that im not really sure what to be looking for i obviously havn't found much. Ive tried looking for the email addresses above, but they don't seem to appear in there anywhere.
Ive also scoured the forums and Google looking for similar problems, but nobody has quite the same issue that im having (that ive been able to find)...I understand the concept of backscatter and joe job's, but again, this doesnt seem to be along the same lines
If anyone has some understanding of what im experience your help would be GREATLY appreciated. If you need any more information please inform me and ill do what I can to provide you with what you need. This problem is of great importance and hopefully with your guys help I can get it resolved soon.
Thank-you
Last edited by a moderator:
