Code: Subject: Considered UNSOLICITED BULK EMAIL, apparently from you From: "Content-filter at server.example.com" <[email protected]> Date: Tue, 19 Jun 2007 07:21:59 -0400 To: <[email protected]> To: <[email protected]> A message from <[email protected]> to: -> [email protected] was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 28519-09/itz2DK10W1zO The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. First upstream SMTP client IP address: [83.19.181.162] cyv162.internetdsl.tpnet.pl According to a 'Received:' trace, the message originated at: [83.19.181.162], exchange.questtgo.com (port=3895 helo=vjuptammxkc) Return-Path: <[email protected]> Message-ID: <000c01c7b264$00691970$00fae48c@vjuptammxkc> Subject: And perhaps I have begun and himself to be found himself; King does not say! He had just Sutt Delivery of the email was stopped! What was this? the mail server i have set up, is the tutorial on here, the mysql postfix virtual server for Debian Etch. Any help?
You should check if your server acts as a open relay: http://www.abuse.net/relay.html Please post the output of: postconf -n | grep mynetworks
Code: server:/home# postconf -n | grep mynetworks mynetworks = 127.0.0.0/8 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination server:/home# OK... now, just curious, but what did that do? And I did a test via that url, and it came back with 15 tests, all failed, meaning I don't have an open relay. The reason I posted that, was because my client got that email sent to him, and asked me what it was, and I told him that I don't know... but I will find out
Till wanted to see your mynetworks setting. 127.0.0.0/8 is ok (it means that only localhost can send without authentication). Lots of people have additional values there which means that also other hosts can send without authentication, making it easy to abuse the server. But this is not the case here. But it's possible that spammers are abusing web forms (contact forms) hosted on your server. Maybe that's the reason you got that mail.
Ok, so what this tried to be sent out from my mail server? was this a message from my mail server to me telling me what was going on? or was this a remote message from someone else? Just trying to get an understanding of this. Thanks!
Hard to tell... It's possible that the spammers faked the sender address (using your customer's email address), but did not send the mail through your server.
