The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Remote mailserver stops email. 553 5.0.0 This message may contain the Sobig.F virus.

Discussion in 'E-mail Discussions' started by daniel.eriksson, Jun 23, 2004.

  1. daniel.eriksson

    Joined:
    Jan 18, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hello Guys,

    I´ve made one post here earlier with splendid results. This is a similiar thread.

    My first problems involved my server not being registered for nslookup. Today it is and i am managing the zone myself.

    However, now when sending email to another domain the mailserver responds like this:


    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    xxx@xxx.com
    SMTP error from remote mailer after end of data:
    host mail.ppp.de [193.141.101.33]: 553 5.0.0 This message may contain the Sobig.F virus.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <xxx@xxx.se>
    Received: from [195.163.5.55] (helo=digitexhhbecfl)
    by villamedusa.nu with esmtp (Exim 4.34)
    id 1Bd6br-00012D-IG
    for xxx@xxx.com; Wed, 23 Jun 2004 14:12:11 +0200
    From: "Daniel Eriksson" <xxx@xxx.se>
    To: <xxx@xxx.com>
    Subject: RE:
    Date: Wed, 23 Jun 2004 14:11:51 +0200
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0012_01C4592C.07D61440"
    X-Mailer: Microsoft Office Outlook, Build 11.0.5510
    Thread-Index: AcRZGQZrtUD2aftOR+q1lpk/WcE1NwAAjL4w
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    In-Reply-To:
    X-MailScanner-Information: Please contact the ISP for more information
    X-MailScanner: Found to be clean

    This is a multi-part message in MIME format.


    My question, is this related to our internal network being nat´d though it is a public network with public ip´s?
    I would like this:

    Received: from [195.163.5.55] (helo=digitexhhbecfl)

    changed to this in the emailheader:
    Received: from [publicipofmailserver] (helo=mailserverdomain)

    How is that done? I mean is it really necessary to attach info on relayer´s ip in the email?

    I´m Using:
    WHM 9.4.0 cPanel 9.4.0-R21
    Fedora - WHM X v3.1.0
    Exim4 with spamasassin and viruscontrol
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    A few issues here:

    1. The delivery failure is quite clear:
    2. The Received: headers should contain the routing information of the email on each step of its delivery including identifying the relay servers IP address - that's part of the SMTP RFC821:
    So, I'm not sure what it is you want to achieve.
     
  3. daniel.eriksson

    Joined:
    Jan 18, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hello Jonathan,
    I am unable to send email to this specific host. And I have no idea why it says Sobig.F I made checks and the computer is clean.

    D.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That is odd. It then sounds like a configuration problem on the other server (mail.ppp.de). You might need to contact them through other means to find out why ther are bouncing your email.
     
  5. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Was the original email that contained the virus actually sent from your mail server?

    The From: in the original email could have been spoofed and the host receiving the email is simply returning it to the From: address.
     
  6. daniel.eriksson

    Joined:
    Jan 18, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    It is actually me trying to send the email. And there are no virusinfections on my pc. In other words, it has to be a setting on the receivers host that is wrong.
     
Loading...

Share This Page