Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Is this NDR spam?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-08-2011, 08:48 PM
Active Member
  
Posts: 37
Default Is this NDR spam?
Hi,

I have changed the POSTCONF setting for smtpd_reject_unlisted_recipient to "yes" as listed in the wiki...

found this in the log, which has a non-existant user on my system...

Code:
Jul  8 04:18:16 mail postfix/cleanup[12279]: 300106D58233: message-id=<4E16DA3E.109050@ms2.hinet.net>
Jul  8 04:18:16 mail postfix/qmgr[14139]: 300106D58233: from=<alybalf@ms2.hinet.net>, size=63646, nrcpt=1 (queue active)
Jul  8 04:18:16 mail zmmailboxdmgr[12956]: status requested
Jul  8 04:18:16 mail zmmailboxdmgr[12956]: status OK
Jul  8 04:18:16 mail amavis[6620]: (06620-09) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110707T223833-06620: <alybalf@ms2.hinet.net>
 -> <binge@mydomain.com> SIZE=63646 Received: from mail.mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com [1
27.0.0.1]) (amavisd-new, port 10024) with ESMTP for <binge@mydomain.com>; Fri,  8 Jul 2011 04:18:16 -0700 (PDT)
Jul  8 04:18:16 mail amavis[6620]: (06620-09) Checking: lM0hI3YAi7ms [92.85.223.146] <alybalf@ms2.hinet.net> -> <binge@mydomain.com>
Jul  8 04:18:17 mail postfix/smtpd[12275]: disconnect from unknown[92.85.223.146]
Jul  8 04:18:18 mail postfix/smtpd[13083]: connect from localhost.localdomain[127.0.0.1]
Jul  8 04:18:18 mail postfix/smtpd[13083]: CFD346D58238: client=localhost.localdomain[127.0.0.1]
Jul  8 04:18:18 mail postfix/cleanup[12279]: CFD346D58238: message-id=<4E16DA3E.109050@ms2.hinet.net>
Jul  8 04:18:19 mail postfix/qmgr[14139]: CFD346D58238: from=<alybalf@ms2.hinet.net>, size=64526, nrcpt=1 (queue active)
Jul  8 04:18:19 mail postfix/smtpd[13083]: disconnect from localhost.localdomain[127.0.0.1]
Jul  8 04:18:19 mail amavis[6620]: (06620-09) FWD via SMTP: <alybalf@ms2.hinet.net> -> <binge@mydomain.com>,BODY=7BIT 250 2.0.0 Ok, i
d=06620-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CFD346D58238
Jul  8 04:18:19 mail amavis[6620]: (06620-09) Passed SPAMMY, [92.85.223.146] [92.85.223.146] <alybalf@ms2.hinet.net> -> <binge@mydomain.com>, Message-ID: <4E16DA3E.109050@ms2.hinet.net>, mail_id: lM0hI3YAi7ms, Hits: 12.21, size: 63645, queued_as: CFD346D58238, 2481 ms
Jul  8 04:18:19 mail postfix/smtp[12957]: 300106D58233: to=<binge@mydomain.com>, orig_to=<binge@atomic.tv>, relay=127.0.0.1[127.0.0.1
]:10024, delay=67, delays=65/0.01/0/2.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=06620-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued
 as CFD346D58238)
Jul  8 04:18:19 mail postfix/qmgr[14139]: 300106D58233: removed
Jul  8 04:18:19 mail postfix/error[13086]: CFD346D58238: to=<binge@mydomain.com>, relay=none, delay=0.46, delays=0.32/0.02/0/0.11, ds
n=5.0.0, status=bounced (mydomain.com)
Jul  8 04:18:19 mail postfix/cleanup[12279]: 4BA166D5827E: message-id=<20110708111819.4BA166D5827E@mail.mydomain.com>
Jul  8 04:18:19 mail postfix/bounce[13087]: CFD346D58238: sender non-delivery notification: 4BA166D5827E
Jul  8 04:18:19 mail postfix/qmgr[14139]: 4BA166D5827E: from=<>, size=3838, nrcpt=1 (queue active)
Jul  8 04:18:19 mail postfix/qmgr[14139]: CFD346D58238: removed
Jul  8 04:18:22 mail postfix/smtp[13102]: 4BA166D5827E: to=<alybalf@ms2.hinet.net>, relay=msx-smtp5.hinet.net[168.95.5.82]:25, delay=3.3, del
ays=0.11/0.01/2.2/0.95, dsn=2.0.0, status=sent (250 p68BIGEe001609 Message accepted for delivery)
Jul  8 04:18:22 mail postfix/qmgr[14139]: 4BA166D5827E: removed
when I tried to send to "binge@mydomain.com" I get the following:

Code:
Jul  8 20:40:01 mail zimbramon[5583]: 5583:info: 2011-07-08 20:40:01, QUEUE: 5 1 
Jul  8 20:40:15 mail postfix/smtpd[5909]: connect from mail-vw0-f47.google.com[209.85.212.47]
Jul  8 20:40:15 mail postfix/smtpd[5909]: NOQUEUE: reject: RCPT from mail-vw0-f47.google.com[209.85.212.47]: 550 5.1.1 <binge@mydomain.com>: Recipient address rejected: mydomain.com; from=<mygmailaccount@gmail.com> to=<binge@mydomain.com> proto=ESMTP helo=<mail-vw0-f47.google.com>
Jul  8 20:40:15 mail postfix/smtpd[5909]: disconnect from mail-vw0-f47.google.com[209.85.212.47]
can anyone explain to me:

was the e-mail from hinet.net NDR spam? And was it bounced back to the victim?

If so, how was that accomplished, versus when I attempted to send to the same non-existant user through my gmail account?

thank you
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.