• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Users receive a "failure notice" from an email address they did not send to.

C

chiefgofor

Guest
Users receive a "failure notice" from an email address they did not send to.

Sometimes, somewhat frequently actually, when users send out an email to "[email protected]", they receive a "failure notice" email from "[email protected]". Users do not know who "[email protected]" is, nor did they send it to them. "[email protected]" is different every time. The person who was supposed to receive the original email does in fact receive the email.

Example:
<[email protected]>:
67.28.113.10 failed after I sent the message.
Remote host said: 554 delivery error: dd Sorry your message to [email protected] cannot be delivered. This account has been disabled or discontinued [#102]. - mta109.mail.re2.yahoo.com
Click to expand...

In this example, the bounce back came from [email protected].

If you have any idea what is going on and can shed some light, I would be more than greatful.

Thanks to all!
 
hi there,

while i can't help you... but thought I highlight that I have this problem too currently... am still looking into it, of course with help from the kind people here...

hopefully both of us can get over this :)
 
In general, you should do or check the following:

1. Make sure your server is not compromised (RKHunter, Chkrootkit, etc)

2. Make sure the user did not click on an 'unsubscribe' link in a spam email.

3. Make sure the client PC is not infected
 
your take the problem lies with the client?

weird thing is that the bounce mail contains subject & message body of an earlier sent mail (legitimate one) which was successfully delivered to its intended target
 
1. How can I check for "RKHunter" and "Chkrootkit"?

2. I have no way of knowing this, although I am sure some have. I think some people think that spammers will really take you off their lists.

3. I do not "think" it has to do with infected PCs, since it is happening to multiple companies on this server.
-------------------------------

One thing I did notice (not sure how important it is for this issue) is that a lot of spam was being sent proofing the return address using a domain on the server. So, our server got all the bounce back messages. This was filling up the qmail queue very quickly. We have a cron job set up to delete "failure notice" emails every two hours from the queue. I just change the settings on that domain (and a couple others) to "reject" email to nonexistent users instead of bouncing back. Thank to all for your help. It seems like Swakoo might have his issue fixed (different thread). Hopefully we can all learn something from each other. Thanks jamesyeeoc!
 
You have to download and install the RKHunter and/or Chkrootkit packages, update them and run them to scan your server for signs of infection/rooting.

As to users clicking unsubscribes, that's why I mentioned it, I see that quite often with certain users, even after I advise them not to again and again...

It's good to *NOT* have the bounce feature enabled, I disable that on almost all servers.
 
Originally posted by jamesyeeoc


It's good to *NOT* have the bounce feature enabled, I disable that on almost all servers. [/B]
Click to expand...


James,

I still don understand the difference between "reject" and "bounce"

Because for both, there will still be a mail sent out.

I'm tempted to test your preferred method of using a blackhole account... just afraid the log will grow even bigger due to it.
 
I'm not sure of the difference either, kind of thought that 'reject' would not issue a bounce back message.

I've used the blackhole method since Plesk 6 and found it to work quite well.

I don't think it would be more log intensive. Either way there would be a log entry, but with blackhole, there would just be one set of entries, instead of possible multiple (most spam return addresses are bogus anyways so can cause multiple retries).
 
oooh with the blackhole, it'll cut down multiple entries because it comes in once and out it goes to the blackhole.... so one entry huh?

ok, i'll monitor my end for the time being before deciding the next best course of action.
 
You must log in or register to reply here.

Similar threads

CobraArbok
Question Emails from bank not received
Replies
2
Views
938
CobraArbok
CobraArbok
L
Question System Emails Marked as Spam
Replies
2
Views
257
Leighton Thompson
L
PeopleInside
Forwarded to devs Backup Manager email notification issue: wrong from address
Replies
7
Views
2K
Oskar3210
O
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
934
arunda2
A
marvin
Issue IMAP requires security certificate? Maybe?
2 3
Replies
40
Views
4K
Peter Debik
P
Back
Top