1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mailer-daemon@

Discussion in 'E-mail Discussions' started by flash_me, Jul 18, 2004.

  1. flash_me

    flash_me New Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hello everyone,

    I'm receving thousand of these e-mails...i've have added
    filters on my cpanel but seems these kind of
    e-mails bypass the cpanel filters....

    Some ideas on how to solve this

    Thanks



    From: MAILER-DAEMON@mail.theserverbiz.com



    Return-path: <>
    Envelope-to: info@MYDOMAIN.com
    Delivery-date: Sun, 18 Jul 2004 11:20:36 -0500
    Received: from [203.107.133.45] (helo=mail.theserverbiz.com)
    by myserver.com with smtp (Exim 4.34)
    id 1BmEOw-0006lV-IJ
    for info@MYDOMAIN.com; Sun, 18 Jul 2004 11:20:35 -0500
    Received: (qmail 79913 invoked for bounce); 18 Jul 2004 16:07:14 -0000
    Date: 18 Jul 2004 16:07:14 -0000
    From: MAILER-DAEMON@mail.theserverbiz.com
    To: info@MYDOMAIN.com
    Subject: failure notice

    Hi. This is the qmail-send program at mail.theserverbiz.com.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <jaloja@piercingexports.com>:
    Sorry, no mailbox here by that name. vpopmail (#5.1.1)

    --- Below this line is a copy of the message.

    Return-Path: <info@MYDOMAIN.com>
    Received: (qmail 79107 invoked from network); 18 Jul 2004 16:05:50 -0000
    Received: from host16-102.pool80116.interbusiness.it (HELO mail.piercingexports.com) (80.116.xxx.xx)
    by 0 with SMTP; 18 Jul 2004 16:05:50 -0000
    Message-ID: <x737259001.3914723911236841938@grqldlduj>
    From: jpeg <info@MYDOMAIN.com>
    To: <jaloja@piercingexports.com>
    Subject: jpeg
    Date: dom, 18 lug 2004
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_Part_16461_4414287.7418427666853"
    X-Priority: 3
    Microsoft Outlook Express 5.00.2314.1300

    ------=_Part_16461_4414287.7418427666853
    Content-Type: text/plain;
    charset="iso-8859-2"
    Content-Transfer-Encoding: quoted-printable

    Surprise!

    ------=_Part_16461_4414287.7418427666853
    Content-Type: application/octet-stream;
    name="Surprise.com"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="Surprise.com"
     
  2. flash_me

    flash_me New Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    up...some ideas?
     
  3. Sheldon

    Sheldon Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    your server is either

    1. infected by a trojan
    2. rooted
    3. one of your clients or someone is spamming!

    those are likely situations
     
  4. flash_me

    flash_me New Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    the problem is how are these e-mail bypassing cpanels filters?
     
  5. Sheldon

    Sheldon Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    possibilities

    1. youve been rooted
    2. mailerdaemons always bypass filters :p

    you should never use filters on them anyways.. you should always recieve them
    how else do you know if there is a problem if you never recieve them... they are not a
    simple annoyance problem. they are there for a reason... :p

    Sheldon
     
  6. flash_me

    flash_me New Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    i agree with you but i'm receiving thousand of e-mails just like the one i post, no way to block it ?
     
  7. Sheldon

    Sheldon Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    use your mail client filters to delete the emails!

    and .. then id suggest forking over lotsa $$ to have your server fixed...

    either that backup personal files only and format!
     
  8. Leandro

    Leandro Member

    Joined:
    Sep 23, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Argentin
    Hello:

    I have the same problem and fix it renaming the senmail link

    I hope it helps you !!!
     
  9. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nope, that's wrong.

    If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

    What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

    Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

    these things usually blow over after 24-48 hours.
     
  10. Leandro

    Leandro Member

    Joined:
    Sep 23, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Argentin
    Are there any way to fix it finaly?

    renaming sendmail some local delivery fails... but doing it for a few minutes, the sent stops...

    How can we stop this fucking spammers ???

    thanks a lot !!!
     
  11. geeshock

    geeshock New Member

    Joined:
    Sep 3, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Solution, re-install and restore a backup. PPL think I'm insane for backing up everynight, sometimes twice a day but issues like this are exactly why I do them. rsync -azv -H -e has always did me right :)
     
  12. flash_me

    flash_me New Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Chirpy you where right, actually after 20 days with thousand and thousand of e-mails things got fixed . :) :)
     
  13. tandyuk

    tandyuk Member

    Joined:
    Dec 18, 2003
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Roll on SPF!

    Im having the same problem, but with 600,000 mails in the queue.

    Does anyone know a quick way a clearing exims queue?
     
  14. webits

    webits Member

    Joined:
    May 15, 2004
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    16
    Easy go to your WHM ROOT go to exim and discard :)
     
  15. Sash

    Sash Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    What do you mean by "renaming the sendmail link"?

    Thanks
    Mike
     

Share This Page