Bounce msg rasies Open Relay questions

Dev Shed Forums Sponsor:

May 24th, 2004, 12:36 PM

dba_frog

cave painting, the 1st Opn Src

Join Date: Jun 2003

Posts: 402

Time spent in forums: 20 h 11 m 32 sec
Reputation Power: 6

Bounce msg rasies Open Relay questions

My log is filling with these bounce messages. Am I showing an OPEN RELAY for somebody?
Can any one tell from this msg.

Best suggestions to erradicate this from my server?

Thanks...

Quote:

Hi. This is the qmail-send program at mail.therockmere.com.
I tried to deliver a bounce message to this address, but the bounce bounced!

<info@optivisionindustries.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 5739 invoked for bounce); 21 May 2004 18:07:52 -0000
Date: 21 May 2004 18:07:52 -0000
From: badmail@mail.therockmere.com
To: info@optivisionindustries.com
Subject: failure notice

Hi. This is the qmail-send program at mail.therockmere.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<info@optivisionindustries.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <info@optivisionindustries.com>
Received: (qmail 5736 invoked by uid 508); 21 May 2004 18:07:50 -0000
Received: from unknown (HELO 151.201.239.166) (63.238.19.134)
by mail.therockmere.com with SMTP; 21 May 2004 18:07:50 -0000
Received: from 248.32.174.208 by 63.238.19.134; Fri, 21 May 2004 18:51:58 -0100
Message-ID: <IJFIWVBEZWGBNESCELNGB@yahoo.com>
From: "Cameron Newman" <info@optivisionindustries.com>
Reply-To: "Cameron Newman" <info@optivisionindustries.com>
To: info@optivisionindustries.com
Subject: Re: Your Email Advertising Campaign - Reference #06225
Date: Fri, 21 May 2004 21:58:58 +0200
X-Mailer: AOL 4.0 for Windows US sub 015
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--96325219840443053"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP:248.101.13.140
----96325219840443053
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

Email Advertise to 28,000,000 People => F-R-E-E

http://www.broadcastemailing.biz

-----Original Message-----
From: Support [admin@emailadvertising.biz]
To: Tonia@broadcastadvertise.biz
Subject: ..look what i found

hey.. how are you doing?
this organization will help you advertise to millions of people
for free if you are a non-profit organization that benefits homeless
youth gain access to computers and technology.

at their web site, simply mail them, and they will tell you
how you can advertise your organization to 28 million people
for free if you fit their criteria.
this is a non-commercial email offer, and they make no money on
this at all.. it's great if you are trying to help out your organization..
to be removed from their non-profit/non-commercial email list visit:

http://www.broadcastemailing.biz/remove.html

__________________
Curious by Nature,
Linux by Choice

June 13th, 2004, 01:41 PM

alexgreg

Full Access

Join Date: Jun 2000

Location: London, UK

Posts: 2,019

Time spent in forums: 3 sec
Reputation Power: 11

You've been the victim of what's known as a "joe-job" - basically a spam outfit has sent email addressed from info@optivisionindustries.com (which I presume is your domain?).

Assuming (a) both yourself and "broadcastemailing.biz" are based in the United States, and (b) you are able to track down the spammers behind "broadcastemaling.biz" you may want to file suit against them, as this is illegal under the CAN-SPAM act passed earlier this year.

A quick search on Google groups reveals that you're not the first person this has happened to:

http://groups.google.com/groups?q=b...G=Google+Search

(I can't reach broadcastemailing.biz at present, so these spammers may already have been busted).

__________________
Alex
(http://www.alex-greg.com)

June 14th, 2004, 07:52 AM

Donboy

The Evil Monkey

Join Date: Apr 2003

Posts: 220

Time spent in forums: 6 h 38 m 10 sec
Reputation Power: 6

If you want to prevent this from happening again, you should try using RBL's to stop spammers from sending their garbage in the first place.

http://bohnsack.com/

Check the entry on June 1st which explains how to modify your qmail-smtpd/run file to start using spamhaus which is a free service that can stop spam from getting into your front door.

You may also want to patch qmail with the "mfcheck" patch. This will ensure that the sending mail server has reverse DNS setup correctly. With both of these done, my double bounces stopped coming and so did spam!

June 15th, 2004, 08:35 AM

dba_frog

cave painting, the 1st Opn Src

Join Date: Jun 2003

Posts: 402

Time spent in forums: 20 h 11 m 32 sec
Reputation Power: 6

Thank you both for the information. I'm installing spamhaus right now.

frog

June 17th, 2004, 01:05 PM

freebsd

Contributing User

Join Date: Jan 2001

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

When your domain, say foobar.com, is listed in rcpthosts file, qmail will accept ANY RECIPIENTS of foobar.com, minus the ones being listed explicitly in badrcpto.
qmail doesn't lookup local recipient at smtp level, when someone using non-existence envelope addr, be it on domain part (mfcheck patch catches this) or the username part. To combat doublebounce you need the RECIPIENTS extension of spamcontrol
or the standalone patch you can located a several in qmail site.

Last edited by freebsd : June 18th, 2004 at 01:56 AM.

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: