The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this a Rogue/Spammer's MTA

Discussion in 'General Discussion' started by anup123, Nov 6, 2004.

  1. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    A Bounce Message to sender's address (Remote MTA) gets this eror:

    7623debao@163.com R=lookuphost T=remote_smtp: SMTP
    error from remote mailer after MAIL FROM:<>: host m133.mail.163.com
    [202.108.44.133]: 553 You are not authorized to send mail as <>


    Is this permissible as per RFC standards??
    Can this host be mnaully blocked safely (ie from legal point of view) as it seems it wouldn't take any bounce message...

    Anup
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    An SMTP transaction requires a valid MAIL FROM: directive - that's not one. If it's not sending one, it's most likely either just connecting to see if your server exists, or it's broken. Not sure that I'd block it for that reason unless I was getting many of those at a regular rate from one IP address.
     
  3. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Thanks.
    Could it be that the remote mta is configured that way that it simply doesn't accept the bounces? Other remote MTA's are not really presenting this (though there a re a few) message to bounce messages. This is primarily to mails addressed to non existent users (through a catchall account which i cannot avoid) on our server and are mails which have escaped all the SPAM checks in place ...

    dnsreport.com reveals erros for the said domain /mailserver
    Being a Chinese origin IP it's more likely a Spammer than a genuine thing

    Anup
     
    #3 anup123, Nov 6, 2004
    Last edited: Nov 6, 2004
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    True. Since most spammers (or virus) MTA's aren't bothered about compliance, I guess it is likely to be one. Up to you ;)
     
  5. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Perhaps i'll block it up in case there is a repeat from the ip's again.
    Would yr pop plugin works with some other webmail software?
    :)

    Anup
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Sadly, no. It's tailored to our specific application ;)
     

Share This Page