Remote mailserver stops email. 553 5.0.0 This message may contain the Sobig.F virus.

[daniel.eriksson]

Hello Guys,

I´ve made one post here earlier with splendid results. This is a similiar thread.

My first problems involved my server not being registered for nslookup. Today it is and i am managing the zone myself.

However, now when sending email to another domain the mailserver responds like this:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

xxx@xxx.com
SMTP error from remote mailer after end of data:
host mail.ppp.de [193.141.101.33]: 553 5.0.0 This message may contain the Sobig.F virus.

------ This is a copy of the message, including all the headers. ------

Return-path: <xxx@xxx.se>
Received: from [195.163.5.55] (helo=digitexhhbecfl)
by villamedusa.nu with esmtp (Exim 4.34)
id 1Bd6br-00012D-IG
for xxx@xxx.com; Wed, 23 Jun 2004 14:12:11 +0200
From: "Daniel Eriksson" <xxx@xxx.se>
To: <xxx@xxx.com>
Subject: RE:
Date: Wed, 23 Jun 2004 14:11:51 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_01C4592C.07D61440"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcRZGQZrtUD2aftOR+q1lpk/WcE1NwAAjL4w
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To:
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean

This is a multi-part message in MIME format.


My question, is this related to our internal network being nat´d though it is a public network with public ip´s?
I would like this:
Received: from [195.163.5.55] (helo=digitexhhbecfl)

changed to this in the emailheader:
Received: from [publicipofmailserver] (helo=mailserverdomain)

How is that done? I mean is it really necessary to attach info on relayer´s ip in the email?

I´m Using:
WHM 9.4.0 cPanel 9.4.0-R21
Fedora - WHM X v3.1.0
Exim4 with spamasassin and viruscontrol

[chirpy]

A few issues here:

1. The delivery failure is quite clear:

This message may contain the Sobig.F virus

2. The Received: headers should contain the routing information of the email on each step of its delivery including identifying the relay servers IP address - that's part of the SMTP RFC821:

When an SMTP server receives a message for delivery or further
processing, it MUST insert trace ("time stamp" or "Received")
information at the beginning of the message content, as discussed in
section 4.1.1.4.

This line MUST be structured as follows:

- The FROM field, which MUST be supplied in an SMTP environment,
SHOULD contain both (1) the name of the source host as presented
in the EHLO command and (2) an address literal containing the IP
address of the source, determined from the TCP connection.

So, I'm not sure what it is you want to achieve.

[daniel.eriksson]

Originally posted by chirpy
A few issues here:

1. The delivery failure is quite clear:


2. The Received: headers should contain the routing information of the email on each step of its delivery including identifying the relay servers IP address - that's part of the SMTP RFC821:

So, I'm not sure what it is you want to achieve.

Hello Jonathan,
I am unable to send email to this specific host. And I have no idea why it says Sobig.F I made checks and the computer is clean.

D.

[chirpy]

That is odd. It then sounds like a configuration problem on the other server (mail.ppp.de). You might need to contact them through other means to find out why ther are bouncing your email.

[goodmove]

Originally posted by daniel.eriksson

I am unable to send email to this specific host. And I have no idea why it says Sobig.F I made checks and the computer is clean.

Was the original email that contained the virus actually sent from your mail server?

The From: in the original email could have been spoofed and the host receiving the email is simply returning it to the From: address.

[daniel.eriksson]

Originally posted by goodmove
Was the original email that contained the virus actually sent from your mail server?

The From: in the original email could have been spoofed and the host receiving the email is simply returning it to the From: address.

It is actually me trying to send the email. And there are no virusinfections on my pc. In other words, it has to be a setting on the receivers host that is wrong.