Considered UNSOLICITED BULK EMAIL, apparently from you
A message from apache@mydomain.orgto: support@mydomain.org
was considered unsolicited bulk e-mail (UBE).
Our internal reference code for your message is 29902-10/WFh9jabPpGXB
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases some balance between
losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on either side.
Return-Path: apache@mydomain.orgFrom: fajuua@ctzuhc.com
Message-ID: 20100115171629.45DAA10449@mail.mydomain.org
Subject: [mydomain] VJIAaXukaP
Delivery of the email was stopped!
dsn_status
Reporting-MTA: dns; mail.mydomain.org
Received-From-MTA: smtp; mail.mydomain.org ([127.0.0.1])
Arrival-Date: Fri, 15 Jan 2010 18:16:30 +0100 (CET)
Original-Recipient: rfc822;support@mydomain.org
Final-Recipient: rfc822;support@mydomain.org
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=29902-10 - SPAM
Last-Attempt-Date: Fri, 15 Jan 2010 18:16:30 +0100 (CET)
Final-Log-ID: 29902-10/WFh9jabPpGXB
header
Return-Path: apache@mydomain.orgReceived: by mail.mydomain.org (Postfix, from userid 48)
id 45DAA10449; Fri, 15 Jan 2010 18:16:29 +0100 (CET)
To: support@mydomain.org
Subject: [mydomain] VJIAaXukaP
From: fajuua@ctzuhc.com
MIME-Version: 1.0
Content-Type: text/html;
Message-Id: 20100115171629.45DAA10449@mail.mydomain.org
Date: Fri, 15 Jan 2010 18:16:29 +0100 (CET)
````
I often receive email like this, my VPS isn't an open relay and my email forms are quite secure.
May I need to worry about this? What does it means?
Have you ever received mail like this?
17 Replies
@BarkerJr:
With your obfuscation, I'm having trouble determining what that email means. Does it show your VPS's IP address in the sender's header? I receive spoofed spam bounces from time to time, but they usually don't have my server's IP.
No obfuscation in my post,
I only changed the domain name in mydomain.org …
@BarkerJr:
Is it possible that the email is not spam at all, and just caused by the fact that ctzuhc.com does not resolve?
I don't know, I'm asking here to understand why of this email…
thanks for your patience
> The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party
It is absolutely trivial to send email "from" anyone at all. If you've double and triple checked your setup and your logs, this would be the reason.
@kbrantley:
> The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third partyIt is absolutely trivial to send email "from" anyone at all. If you've double and triple checked your setup and your logs, this would be the reason.
I receive mail like this once a week and I don't want that my email address will be inserted in some spam list…
what do you think about that?
my mail logs is huge, is there a way to filter it to see only the email sent from my server? in that way I can see if someone non authorized is using my vps to send email…
thanks.
… or similar. It would likely depend on your mailserver.
@kbrantley:
cat /var/log/maillog | grep 'from=<
my@email.com >'… or similar. It would likely depend on your mailserver.
it seems that there is nothing of strange in my log, can't understand why I receive this email…
am I the only one who receive this kind of email?
@sblantipodi:
and I don't want that my email address will be inserted in some spam list…
It's a big bad internet out there and spammers could care less what you think about them using your email address as their spoofed from/reply to address.
Nor is there anything you can do to stop them.
You would hope that people would be smart enough to have filters on THEIR email server to drop mail that doesn't have matching sender IP vs sender domain - but don't count on it.
@sblantipodi:
@kbrantley:cat /var/log/maillog | grep 'from=<
my@email.com >'… or similar. It would likely depend on your mailserver.
it seems that there is nothing of strange in my log, can't understand why I receive this email…
am I the only one who receive this kind of email?
I've got a few over the years. People send email "from" my address and I get the backscatter. SPF can prevent a lot of this, but very few people set it up, never mind correctly.
A properly configured server rejects mail at SMTP time, and that's all it has to do. If you're generating bounce emails you've already lost.
@Xan:
My point is that it is a misconfigured server which generates new bounce messages.
A properly configured server rejects mail at SMTP time, and that's all it has to do. If you're generating bounce emails you've already lost.
but I haven't understand if the email I received is sent from my server or from an external server… who sent that email?
@sblantipodi:
but I haven't understand if the email I received is sent from my server or from an external server… who sent that email?
You've only posted the body portion of the message. Post the full message, including the headers.
@sleddog:
@sblantipodi:but I haven't understand if the email I received is sent from my server or from an external server… who sent that email?
You've only posted the body portion of the message. Post the full message, including the headers.
If you read better my first post I just posted the headers and that was the answer to my last question.
thanks.
So, do you think that I need to warry about this email?