November 30th, 2004, 01:39 PM
|
|
Registered User
|
|
Join Date: Nov 2004
Posts: 3
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
Strange looking bounce messages - Qmail
I had a spammer exploiting a webmail module in the php-nuke installation on my server. I've since deactivated the module and everything seems to be back to normal, except for the occasional strange bounce message. The bounce lists multiple addresses as the intended recipients and the reason each message failed. The attached message however, is one that is sent hourly as a test for a mail gateway, not a spammer generated message. My fear is that there is a much larger recipient list and the ones not listed in the bounce message have been delivered.
Even stranger is that when I've scoured the logs, I can't find any attempts made to deliver the message to anyone but the original intended recipient. Where is this bounce message and/or recipient list coming from? The headers don't reveal anything either. Here's the bounce message:
Code:
Return-Path: <#@[]>
Delivered-To: xxxx@evinrude.eurydium.org
Received: (qmail 22015 invoked by alias); 30 Nov 2004 00:01:03 -0000
Delivered-To: xxxx@evinrude.eurydium.org
Received: (qmail 22010 invoked for bounce); 30 Nov 2004 00:01:03 -0000
Date: 30 Nov 2004 00:01:03 -0000
From: MAILER-DAEMON@evinrude.eurydium.org
To: xxxx@evinrude.eurydium.org
Subject: failure notice
Hi. This is the qmail-send program at evinrude.eurydium.org.
I tried to deliver a bounce message to this address, but the bounce bounced!
<tania.payne@max2.maxwell.af.mil>:
Sorry, I couldn't find any host named max2.maxwell.af.mil. (#5.1.2)
<melville55@juno.com>:
64.136.20.83 does not like recipient.
Remote host said: 550 melville55@juno.com Account Inactive
Giving up on 64.136.20.83.
<crockerj@usa.net>:
165.212.8.32 does not like recipient.
Remote host said: 550 <crockerj@usa.net>... User not known
Giving up on 165.212.8.32.
And many, many, many more failed recipients until it wraps up like this:
Code:
<sois@juno.com>:
64.136.28.83 does not like recipient.
Remote host said: 550 sois@juno.com Account Inactive
Giving up on 64.136.28.83.
<typierce@insightbb.com>:
63.240.76.150 does not like recipient.
Remote host said: 551 not our customer
Giving up on 63.240.76.150.
<tmbc@bellsouth.net>:
205.152.59.33 does not like recipient.
Remote host said: 550 Invalid recipient: <tmbc@bellsouth.net>
Giving up on 205.152.59.33.
<ccampbell@pky.com>:
63.124.238.114 does not like recipient.
Remote host said: 550 5.1.1 User unknown
Giving up on 63.124.238.114.
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 22007 invoked for bounce); 30 Nov 2004 00:01:02 -0000
Date: 30 Nov 2004 00:01:02 -0000
From: MAILER-DAEMON@evinrude.eurydium.org
To: xxxx@evinrude.eurydium.org
Subject: failure notice
Hi. This is the qmail-send program at evinrude.eurydium.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<xxxx@omaropo.hyatt.com>:
Connected to 140.95.205.120 but sender was rejected.
Remote host said: 553 5.3.0 <xxxx@evinrude.eurydium.org>... OKR
--- Below this line is a copy of the message.
Return-Path: <xxxx@evinrude.eurydium.org>
Received: (qmail 22002 invoked by uid 0); 30 Nov 2004 00:01:01 -0000
Date: 30 Nov 2004 00:01:01 -0000
Message-ID: <20041130000101.22001.qmail@evinrude.eurydium.org>
Subject: Test Mon Nov 29 18:01:01 CST 2004
To: "Helpdesk" <xxxx@omaropo.hyatt.com>
From: "Gateway Cop" <xxxx@eurydium.org>
CC:
Test Message.
I'll get one like that once a week or so. Any ideas?
Thanks!
|
Dev Shed Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
