Date: Mon, 15 Jan 2007 09:06:37 -0500 From: Bill Moran <wmoran@collaborativefusion.com> To: lists@qwirky.net Cc: "Jason C. Wells" <jcw@highperformance.net>, freebsd general questions <freebsd-questions@freebsd.org> Subject: Re: Mystery Spam Piling Up in Mqueue Message-ID: <20070115090637.bb5f10e2.wmoran@collaborativefusion.com> In-Reply-To: <45AB072B.4090706@qwirky.net> References: <45AAFC85.9090205@highperformance.net> <45AB072B.4090706@qwirky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Jeff Royle <lists@qwirky.net>:
> The example below is simply a bounce that did not go through.
>
> Note: Mailer-Daemon and MDeferred: Connection refused by macbilling.com.
>
> Your system attempted to delivery a bounce back to macbilling.com and
> the MTA @ macbilling.com is rejecting the bounce.
>
> Most likely spam using a forged (or real) address
> <something>@macbilling.com was sent to your system to
> <somefakeaddress>@highperformance.net and of course your system could
> not deliver the message so it bounced.
As another idea, if these are being generated as a result of spam sent
to non-existent addresses, you can eliminate that particular source by
reconfiguring your MTA to reject unknown addresses instead of bouncing
them. This may be a simple configuration parameter, or it may involved
replicating the user list from one machine to another, depending on your
setup.
> Jason C. Wells wrote:
> > I have a bunch of mail piling up in /var/spool/mqueue. It appears to be
> > all spam and it appears to be generated on the localhost. I am not
> > sending it. I double checked my self @ abuse.net to see if I was an
> > open relay, I'm not. I can't really say where it's coming from. How do
> > I figure this one out?
> >
> > An example is shown below.
> >
> > What has been a fun hobby all these years is turning into a nightmare.
> > Spam is making me batty.
> >
> > Thanks,
> > Jason C. Wells
> >
> >
> > V8
> > T1168684668
> > K1168832991
> > N87
> > P7790448
> > I0/81/22039
> > MDeferred: Connection refused by macbilling.com.
> > Frs
> > $_localhost
> > $r
> > $slocalhost
> > ${daemon_flags}
> > ${if_addr}192.168.1.204
> > SMAILER-DAEMON
> > MDeferred: Connection refused by macbilling.com.
> > rRFC822; zpiracing.net@macbilling.com
> > RPF:<zpiracing.net@macbilling.com>
> > H?P?Return-Path: <<81>g>
> > H??Received: from localhost (localhost)
> > by mx1.highperformance.net (8.13.8/8.13.8) id l0DAbm7q007014;
> > Sat, 13 Jan 2007 02:37:48 -0800 (PST)
> > (envelope-from MAILER-DAEMON)
> > H?D?Date: Sat, 13 Jan 2007 02:37:48 -0800 (PST)
> > H??Received: from localhost (localhost)
> > by mx1.highperformance.net (8.13.8/8.13.8) id l0DAbm7q007014;
> > Sat, 13 Jan 2007 02:37:48 -0800 (PST)
> > (envelope-from MAILER-DAEMON)
> > H?D?Date: Sat, 13 Jan 2007 02:37:48 -0800 (PST)
> > H?F?From: Mail Delivery Subsystem <MAILER-DAEMON>
> > H?x?Full-Name: Mail Delivery Subsystem
> > H?M?Message-Id: <200701131037.l0DAbm7q007014@mx1.highperformance.net>
> > H??To: <zpiracing.net@macbilling.com>
> > H??MIME-Version: 1.0
> > H??Content-Type: multipart/report; report-type=delivery-status;
> > boundary="l0DAbm7q007014.1168684668/mx1.highperformance.net"
> > H??Subject: Returned mail: see transcript for details
> > H??Auto-Submitted: auto-generated (failure)
> > .
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>
>
>
>
>
--
Bill Moran
Collaborative Fusion Inc.
wmoran@collaborativefusion.com
Phone: 412-422-3463x4023
****************************************************************
IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader of this
message is not an intended recipient (or the individual
responsible for the delivery of this message to an intended
recipient), please be advised that any re-use, dissemination,
distribution or copying of this message is prohibited. Please
notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a
result of e-mail transmission.
****************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070115090637.bb5f10e2.wmoran>