Hi everyone,
I've installed the 'ConfigServer Mail Queues' addon, and I must say, it's quite useful. Recently, I was looking through the mail queue, and there were 846 messages there! Suprisingly, 316 of them were bounce messages to one email address. Confused, I had a look at one of the bounced messages.
Here's what one of them looks like:
[email address] = The person's email address
[ip] = Server IP
[server] = The server's host name
[site] = Their site name (their domain)
Now, I thought this was from another server (I don't have MailScanner installed), but why does my server's IP appear in the first 'Received' line?
I've installed the 'ConfigServer Mail Queues' addon, and I must say, it's quite useful. Recently, I was looking through the mail queue, and there were 846 messages there! Suprisingly, 316 of them were bounce messages to one email address. Confused, I had a look at one of the bounced messages.
Here's what one of them looks like:
Code:
Headers spool file
-------------------------------
1GmP1w-0008L4-Si-H
root 0 0
<>
1164090172 0
-helo_name spsrv.avivil.com
-host_address 213.8.39.162.55896
-interface_address [ip].25
-received_protocol esmtp
-body_linecount 177
-frozen 1164090175
-host_lookup_failed
XX
1
[email address]
212P Received: from [213.8.39.162] (port=55896 helo=spsrv.avivil.com)
by [server] with esmtp (Exim 4.52)
id 1GmP1w-0008L4-Si
for [email address]; Tue, 21 Nov 2006 00:22:53 -0600
028F From: [email protected]
040T To: [email address]
038 Date: Tue, 21 Nov 2006 08:24:40 +0200
018 MIME-Version: 1.0
127 Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C7073D69F7215C000091CCspsrv.avivil.com"
052 X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
049I Message-ID: <[email protected]>
048 Subject: Delivery Status Notification (Failure)
Data spool file
------------------
1GmP1w-0008L4-Si-D
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01C7073D69F7215C000091CCspsrv.avivil.com
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
[email protected]
--9B095B5ADSN=_01C7073D69F7215C000091CCspsrv.avivil.com
Content-Type: message/delivery-status
Reporting-MTA: dns;spsrv.avivil.com
Received-From-MTA: dns;MR
Arrival-Date: Tue, 21 Nov 2006 08:24:40 +0200
Original-Recipient: rfc822;[email protected]
Final-Recipient: rfc822;[email protected]
Action: failed
Status: 5.1.1
--9B095B5ADSN=_01C7073D69F7215C000091CCspsrv.avivil.com
Content-Type: message/rfc822
Received: from MR ([192.168.1.3]) by spsrv.avivil.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 21 Nov 2006 08:24:40 +0200
Received: from system8589174248.ptvk.pl (system8589174248.ptvk.pl [85.89.174.248])
by MR (Postfix) with ESMTP id 4C8331781F8;
Tue, 21 Nov 2006 08:24:52 +0200 (IST)
Received: from [server] (HELO [site])
by avivil.com with esmtp (H=KP4O2- 3@649)
id )/9.L*-1S+M10-3@
for [email protected]; Tue, 21 Nov 2006 06:22:22 -0060
Date: Tue, 21 Nov 2006 06:22:22 -0060
From: [email address]
X-Mailer: The Bat! (v2.00.18) Business
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: {HighSpam?} Hey dude good news for you
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------5974B821A29EFD"
X-Spam: Not detected
X-avivil-MailScanner-Information: Please contact the ISP for more information
X-avivil-MailScanner: Found to be clean
X-avivil-MailScanner-SpamCheck: spam, SBL+XBL, spamhaus-XBL, CBL,
SpamAssassin (score=33.519, required 7.1, autolearn=spam,
BAYES_99 3.50, DCC_CHECK 2.17, FORGED_RCVD_HELO 0.14,
HTML_40_50 0.50, HTML_MESSAGE 1.00, NO_FORMS 0.67, RCVD_IN_XBL 3.90,
TW_AQ 0.08, TW_BT 0.08, TW_BZ 0.08, TW_EV 0.08, TW_FV 0.08,
TW_FY 0.08, TW_GF 0.08, TW_GM 0.08, TW_GP 0.08, TW_IU 0.08,
TW_KD 0.08, TW_KQ 0.08, TW_LW 0.08, TW_MR 0.08, TW_MV 0.08,
TW_NB 0.08, TW_QV 0.08, TW_RQ 0.08, TW_SJ 0.08, TW_VH 0.08,
TW_VN 0.08, TW_VZ 0.08, TW_WG 0.08, TW_WP 0.08, TW_WR 0.08,
TW_XG 0.08, TW_XK 0.08, TW_XL 0.08, TW_YF 0.08, TW_ZD 0.08,
TW_ZG 0.08, TW_ZP 0.08, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09,
URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50,
URIBL_WS_SURBL 2.14)
X-avivil-MailScanner-SpamScore: sssssssssssssssssssssssssssssssss
X-avivil-MailScanner-From: [email address]
Return-Path: [email address]
X-OriginalArrivalTime: 21 Nov 2006 06:24:40.0431 (UTC) FILETIME=[B9C287F0:01C70D35]
------------5974B821A29EFD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
,,,,,,,,,,,,,,,C:H:E:C:K O:U:R S:P:E:C:I:A:L O:F:F:E:R !!!,,,,,,,,,,,,,,,
ah us ty mm al td ep vh ag
su ga zeee ok yk ch eq jrg ymp
fd vj tg yc jv yo vp km zgdadmrv
dh kr lclyea fp wv ja au ln bh bn
gmdu nw vs he kb ay nq ak fa ko
lt er pu kqvyfs pz ovsc dn oj
ri lh yp jc fvzw zogle kq
an tq wj egpk kz se fv vp hblm
cr ju ls zr ji uj jj ko nc ji
wd rf sw cwwrqj ui ecx mvhue lexkdx
evnu fz ha ei gc ef og py lc dk
mf fl qd bp puom ot vk si po
fypp xi ze ki qz lwgy
in pt xq gevp bq ke at zj
hp ym mh pq pe ur kik
tc lj ptecon lt iq iui
nr qq nm it lo cw bt bo ly qt
rlpn is ii pk nteynd fa wpti
rv lg pa dn gt jj hu wu
vf ju gfmp xlj bh bifl fp ly
bfr wq ij xgnbzk xo kp aqx
tiu ffrdpe btzppp cbisjv lus
os pa fq re vq zdh zq lq au ac
ov db oh el od nj qa qs ll mb
--=20
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------5974B821A29EFD
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>No forms all orders filled</TITLE>
</HEAD>
<BODY>
<BR>
<A href=3D"http://qwruikiontunhdefunsa.com/?a=3D636-9774">,,,,,,,,,,,,,,,C:=
H:E:C:K O:U:R S:P:E:C:I:A:L O:F:F:E:R !!!,,,,,,,,,,,,,,,</A> <BR>
<FONT style=3D"FONT-SIZE: 4px" font-weight:bold font-family:Courier><B><PRE>
ah us ty mm al td ep vh ag
su ga zeee ok yk ch eq jrg ymp
fd vj tg yc jv yo vp km zgdadmrv
dh kr lclyea fp wv ja au ln bh bn
gmdu nw vs he kb ay nq ak fa ko
lt er pu kqvyfs pz ovsc dn oj
ri lh yp jc fvzw zogle kq
an tq wj egpk kz se fv vp hblm
cr ju ls zr ji uj jj ko nc ji
wd rf sw cwwrqj ui ecx mvhue lexkdx
evnu fz ha ei gc ef og py lc dk
mf fl qd bp puom ot vk si po
fypp xi ze ki qz lwgy
in pt xq gevp bq ke at zj
hp ym mh pq pe ur kik
tc lj ptecon lt iq iui
nr qq nm it lo cw bt bo ly qt
rlpn is ii pk nteynd fa wpti
rv lg pa dn gt jj hu wu
vf ju gfmp xlj bh bifl fp ly
bfr wq ij xgnbzk xo kp aqx
tiu ffrdpe btzppp cbisjv lus
os pa fq re vq zdh zq lq au ac
ov db oh el od nj qa qs ll mb
</b></pre></font>
</BODY><br />--=20
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href=3D"http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</HTML>
------------5974B821A29EFD--
--9B095B5ADSN=_01C7073D69F7215C000091CCspsrv.avivil.com--[ip] = Server IP
[server] = The server's host name
[site] = Their site name (their domain)
Now, I thought this was from another server (I don't have MailScanner installed), but why does my server's IP appear in the first 'Received' line?
It's in the wrong timezone (and the ID is weird), so why is my server's IP there?
Last edited:
