1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Users receive a "failure notice" from an email address they did not send to.

Discussion in 'Plesk for Linux - 8.x and Older' started by chiefgofor, Jun 14, 2006.

  1. chiefgofor

    chiefgofor Guest

    0
     
    Users receive a "failure notice" from an email address they did not send to.

    Sometimes, somewhat frequently actually, when users send out an email to "friend@domain.com", they receive a "failure notice" email from "stranger@otherdomain.com". Users do not know who "stranger@otherdomain.com" is, nor did they send it to them. "stranger@otherdomain.com" is different every time. The person who was supposed to receive the original email does in fact receive the email.

    Example:
    In this example, the bounce back came from heavy@yahoo.com.

    If you have any idea what is going on and can shed some light, I would be more than greatful.

    Thanks to all!
     
  2. Swakoo

    Swakoo Guest

    0
     
    hi there,

    while i can't help you... but thought I highlight that I have this problem too currently... am still looking into it, of course with help from the kind people here...

    hopefully both of us can get over this :)
     
  3. jamesyeeoc

    jamesyeeoc Guest

    0
     
    In general, you should do or check the following:

    1. Make sure your server is not compromised (RKHunter, Chkrootkit, etc)

    2. Make sure the user did not click on an 'unsubscribe' link in a spam email.

    3. Make sure the client PC is not infected
     
  4. Swakoo

    Swakoo Guest

    0
     
    your take the problem lies with the client?

    weird thing is that the bounce mail contains subject & message body of an earlier sent mail (legitimate one) which was successfully delivered to its intended target
     
  5. chiefgofor

    chiefgofor Guest

    0
     
    1. How can I check for "RKHunter" and "Chkrootkit"?

    2. I have no way of knowing this, although I am sure some have. I think some people think that spammers will really take you off their lists.

    3. I do not "think" it has to do with infected PCs, since it is happening to multiple companies on this server.
    -------------------------------

    One thing I did notice (not sure how important it is for this issue) is that a lot of spam was being sent proofing the return address using a domain on the server. So, our server got all the bounce back messages. This was filling up the qmail queue very quickly. We have a cron job set up to delete "failure notice" emails every two hours from the queue. I just change the settings on that domain (and a couple others) to "reject" email to nonexistent users instead of bouncing back. Thank to all for your help. It seems like Swakoo might have his issue fixed (different thread). Hopefully we can all learn something from each other. Thanks jamesyeeoc!
     
  6. jamesyeeoc

    jamesyeeoc Guest

    0
     
    You have to download and install the RKHunter and/or Chkrootkit packages, update them and run them to scan your server for signs of infection/rooting.

    As to users clicking unsubscribes, that's why I mentioned it, I see that quite often with certain users, even after I advise them not to again and again...

    It's good to *NOT* have the bounce feature enabled, I disable that on almost all servers.
     
  7. Swakoo

    Swakoo Guest

    0
     

    James,

    I still don understand the difference between "reject" and "bounce"

    Because for both, there will still be a mail sent out.

    I'm tempted to test your preferred method of using a blackhole account... just afraid the log will grow even bigger due to it.
     
  8. jamesyeeoc

    jamesyeeoc Guest

    0
     
    I'm not sure of the difference either, kind of thought that 'reject' would not issue a bounce back message.

    I've used the blackhole method since Plesk 6 and found it to work quite well.

    I don't think it would be more log intensive. Either way there would be a log entry, but with blackhole, there would just be one set of entries, instead of possible multiple (most spam return addresses are bogus anyways so can cause multiple retries).
     
  9. Swakoo

    Swakoo Guest

    0
     
    oooh with the blackhole, it'll cut down multiple entries because it comes in once and out it goes to the blackhole.... so one entry huh?

    ok, i'll monitor my end for the time being before deciding the next best course of action.
     
Loading...