'Undeliverable Mail Return To Sender' spam?
As of late, we have been getting 'undeliverable mail' which appears to be spam. The long headers appear to indicate that it is indeed coming from our mail server and the body of the message goes something like this:
This is the Postfix program at host nopali.com.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<clinique@ccpmtl.com>: host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
content rejected, UBE, id=21361-04 (in reply to end of DATA command)
Reporting-MTA: dns; nopali.com
X-Postfix-Queue-ID: 7260D27DAB9
X-Postfix-Sender: rfc822; clinique@ccpmtl.com
Arrival-Date: Sat, 23 Dec 2006 04:10:46 -0500 (EST)
Final-Recipient: rfc822; clinique@ccpmtl.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
content rejected, UBE, id=21361-04 (in reply to end of DATA command)
From: "Ronald Myers" <qbdldfs@alderking.com>
Date: December 23, 2006 4:11:11 AM EST (CA)
To: clinique@ccpmtl.com
Subject: Because that is curious girdle, and Hormah, and some therefore,
...and there is generally a spamish content underneath.
Has anyone encountered this?
I thought perhaps that somehow others were able to use my mail cue, but I closed the firewall for SMTP mail to only favourable IPs. However, when I look at my mail cue, I see a bunch of things waiting to be sent out. They appear to be a bunch of spam that the server trying to return. The cue would typically have this message:
Message ID: 266692764C8
Date: Thu Dec 21 13:31:52
Size: 6742
Sender: MAILER-DAEMON
Recipient(s) & Status:
----------------------
online_identity@wc.wachovia.com:
connect to wc.wachovia.com[169.200.182.108]: Operation timed out
It appears that the server is trying to return spammed mail to sender and it is timing out. I am not sure, though. This would not make sense since I have spam being redirected to a separate spam_depot account.
Any ideas on how to figure this one out?
This is the Postfix program at host nopali.com.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<clinique@ccpmtl.com>: host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
content rejected, UBE, id=21361-04 (in reply to end of DATA command)
Reporting-MTA: dns; nopali.com
X-Postfix-Queue-ID: 7260D27DAB9
X-Postfix-Sender: rfc822; clinique@ccpmtl.com
Arrival-Date: Sat, 23 Dec 2006 04:10:46 -0500 (EST)
Final-Recipient: rfc822; clinique@ccpmtl.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
content rejected, UBE, id=21361-04 (in reply to end of DATA command)
From: "Ronald Myers" <qbdldfs@alderking.com>
Date: December 23, 2006 4:11:11 AM EST (CA)
To: clinique@ccpmtl.com
Subject: Because that is curious girdle, and Hormah, and some therefore,
...and there is generally a spamish content underneath.
Has anyone encountered this?
I thought perhaps that somehow others were able to use my mail cue, but I closed the firewall for SMTP mail to only favourable IPs. However, when I look at my mail cue, I see a bunch of things waiting to be sent out. They appear to be a bunch of spam that the server trying to return. The cue would typically have this message:
Message ID: 266692764C8
Date: Thu Dec 21 13:31:52
Size: 6742
Sender: MAILER-DAEMON
Recipient(s) & Status:
----------------------
online_identity@wc.wachovia.com:
connect to wc.wachovia.com[169.200.182.108]: Operation timed out
It appears that the server is trying to return spammed mail to sender and it is timing out. I am not sure, though. This would not make sense since I have spam being redirected to a separate spam_depot account.
Any ideas on how to figure this one out?
Mirror Drive, Mac OS X (10.4.8)
