Hello,
I found an e-mail in the deferred queue
ran the command "mailq" as user zimbra and got the following
Code:
[zimbra@mail ~]$ mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
2CF566D58289 7050 Wed Sep 7 06:17:47 MAILER-DAEMON
(host smtp-02.tld.t-online.de[194.25.134.12] refused to talk to me: 554 IP=24.234.49.118 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL))
Ran the following command(s) as root, and got the following:
(changed pertinent info regarding our domain)
Code:
[root@mail log]# /opt/zimbra/postfix/sbin/postcat /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289
*** ENVELOPE RECORDS /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
message_size: 7050 243 1 0 7050
message_arrival_time: Wed Sep 7 06:17:47 2011
create_time: Wed Sep 7 06:17:47 2011
named_attribute: log_message_origin=local
named_attribute: trace_flags=0
sender:
original_recipient: vic2@wmymv47z7.homepage.t-online.de
recipient: vic2@wmymv47z7.homepage.t-online.de
*** MESSAGE CONTENTS /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
Received: by mail.mydomain.com (Postfix)
id 2CF566D58289; Wed, 7 Sep 2011 06:17:47 -0700 (PDT)
Date: Wed, 7 Sep 2011 06:17:47 -0700 (PDT)
From: MAILER-DAEMON@mail.mydomain.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: vic2@wmymv47z7.homepage.t-online.de
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="EDCDC6D58288.1315401467/mail.mydomain.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20110907131747.2CF566D58289@mail.mydomain.com>
This is a MIME-encapsulated message.
--EDCDC6D58288.1315401467/mail.mydomain.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.mydomain.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<atomic@mydomain.com>: mydomain.com
--EDCDC6D58288.1315401467/mail.mydomain.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.mydomain.com
X-Postfix-Queue-ID: EDCDC6D58288
X-Postfix-Sender: rfc822; vic2@wmymv47z7.homepage.t-online.de
Arrival-Date: Wed, 7 Sep 2011 06:17:46 -0700 (PDT)
Final-Recipient: rfc822; atomic@mydomain.com
Original-Recipient: rfc822;atomic@mydomain.tv
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; mydomain.com
--EDCDC6D58288.1315401467/mail.mydomain.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Return-Path: <vic2@wmymv47z7.homepage.t-online.de>
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.mydomain.com (Postfix) with ESMTP id EDCDC6D58288
for <atomic@mydomain.com>; Wed, 7 Sep 2011 06:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: YES
X-Spam-Score: 13.462
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.462 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, DECEASED_NO_ML=0.001, FILL_THIS_FORM=0.001,
FILL_THIS_FORM_LONG=3.404, FORGED_MUA_OUTLOOK=1.927,
FSL_CTYPE_WIN1251=3.4, LOTS_OF_MONEY=0.001, MONEY_FORM=0.001,
NSL_RCVD_FROM_USER=1.226, RCVD_IN_DNSWL_NONE=-0.0001,
UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ax9Rd866kVZz for <atomic@mydomain.com>;
Wed, 7 Sep 2011 06:17:45 -0700 (PDT)
Received: from mailout02.t-online.de (mailout02.t-online.de [194.25.134.17])
by mail.mydomain.com (Postfix) with ESMTP id 7A8CB6D58287
for <atomic@atomic.tv>; Wed, 7 Sep 2011 06:17:44 -0700 (PDT)
Received: from fwd22.aul.t-online.de (fwd22.aul.t-online.de )
by mailout02.t-online.de with smtp
id 1R1HDH-0006ZT-Bc; Wed, 07 Sep 2011 14:26:43 +0200
Received: from User (Vg-mGcZcwtMT811ODdwiRLDsAim3XLe+yNwX85aNv8ed8CLISrr3Ac2b7kgVigzQWeogTewH5P@[24.106.194.46]) by fwd22.t-online.de
with esmtp id 1R1Gzl-1JlZei0; Wed, 7 Sep 2011 14:12:45 +0200
Reply-To: <deborahhut@gmail.com>
From: "Deborah Hutchinson" <vic2@wmymv47z7.homepage.t-online.de>
Subject: --SPAM--GREETINGS
Date: Wed, 7 Sep 2011 08:11:27 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Message-ID: <1R1Gzl-1JlZei0@fwd22.t-online.de>
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A0B0209.4E676ED3.0048,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 194.25.134.17
X-WatchGuard-Mail-From: vic2@wmymv47z7.homepage.t-online.de
X-WatchGuard-Mail-Recipients: atomic@mydomain.tv
X-WatchGuard-AntiVirus: part scanned. clean action=allow
To: undisclosed-recipients:;
Greetings in the name of the lord,
<I deleted remainder of message for posting here>
--EDCDC6D58288.1315401467/mail.mydomain.com--
*** HEADER EXTRACTED /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
*** MESSAGE FILE END /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
[root@mail log]# the user "atomic@mydomain.com" and "atomic@mydomain.tv" do not exist.
mydomain.tv is an alias to mydomain.com
a Watchguard firewall/ips/antispam/antivirus applicance sits upstream
of the mail server / LAN
So, this is NDR spam, correct? If not, what exactly is it?
What steps / actions / methods can I take to keep this from happening?
Again - fairly new to the world of *nix and Zimbra.
Detailed explanations of how to proceed would be most appreciated.
thank you very much
Bugzilla
Wiki
Source
e-mail in deferred - NDR Spam? If not, what is it / why is it? 
Linear Mode
