elmyra Posted May 10, 2004 Share Posted May 10, 2004 I received a bounce message today from an address that wasn't on the original email, and I'm wondering if the problem is on my end or my recipients'. The history of the email is: I sent original to a group list (on a domain I control). One of the people responded to me. I replied to her and the other person on the list, and got the bounce from that. (I include the history, because this problem may be from the person who responded to me, and then triggered when I replied to her.) Here's the bounce: Hi. This is the qmail-send program at vm0.vmdomain.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <llikelper[at]a2z4u.net>: 216.200.145.35 does not like recipient. Remote host said: 554 Recipient Rejected: Not accepting mail for this account : Account Inactive Giving up on 216.200.145.35. --- Below this line is a copy of the message. Return-Path: <faith[at]lusciousmango.com> Received: (qmail 25920 invoked from network); 10 May 2004 13:18:19 -0000 Received: from server26.totalchoicehosting.com (209.152.177.32) by 203.116.232.70 with SMTP; 10 May 2004 13:18:19 -0000 Received: from 64-190-59-34.client.cypresscom.net ([64.190.59.34] helo=FaithLaptop) by server26.totalchoicehosting.com with asmtp (Exim 4.24) id 1BNBKP-0000Vx-6Z; Mon, 10 May 2004 10:00:21 -0400 Message-ID: <001701c43697$2b19cfd0$7100a8c0[at]FaithLaptop> From: "Faith Love" <faith[at]lusciousmango.com> To: "sly" <sly[at]slycreations.com>, "Darcy Nair" <darcy[at]darcynair.com> References: <008701c43692$fa27bd50$7100a8c0[at]FaithLaptop> <1084194231.409f7db7a142a[at]webmail.slycreations.com> Subject: Re: SSDF Date: Mon, 10 May 2004 10:00:33 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server26.totalchoicehosting.com X-AntiAbuse: Original Domain - slycreations.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lusciousmango.com Link to comment Share on other sites More sharing options...
turetzsr Posted May 10, 2004 Share Posted May 10, 2004 Hi, elmyra! Is llikelper[at]a2z4u.net one of the recipients on your group list? If so, I would guess from the following Hi. This is the qmail-send program at vm0.vmdomain.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <llikelper[at]a2z4u.net>: 216.200.145.35 does not like recipient. Remote host said: 554 Recipient Rejected: Not accepting mail for this account : Account Inactive Giving up on 216.200.145.35. that the problem is at the recipient's (llikelper[at]a2z4u.net) end. Link to comment Share on other sites More sharing options...
elmyra Posted May 10, 2004 Author Share Posted May 10, 2004 That's the odd thing -- that address isn't on the list. The only people who did get the mail were darcy[at]darcynair.com, sly[at]slycreations.com and me. Link to comment Share on other sites More sharing options...
Merlyn Posted May 10, 2004 Share Posted May 10, 2004 Is there a received line missing: Where does the 216.200.145.35 come from? This server has a very bad reputation. First received line: Received: (qmail 25920 invoked from network); 10 May 2004 13:18:19 -0000 This is an invalid received line. Second Received line: Received: from server26.totalchoicehosting.com (209.152.177.32) by 203.116.232.70 with SMTP; 10 May 2004 13:18:19 -0000 This looks good except the 203.116.232.70 machine in this received line should be referenced in the first invalid received line but it is not so a received line is missing or the server is misconfigured. Third received line: Received: from 64-190-59-34.client.cypresscom.net ([64.190.59.34] helo=FaithLaptop) by server26.totalchoicehosting.com with asmtp (Exim 4.24) id 1BNBKP-0000Vx-6Z; Mon, 10 May 2004 10:00:21 -0400 This is the originating server and this received line looks good but everything up from here goes to hell in a handbasket. There is either some missing info here or some bad misconfigured servers. Are you running an email server on your laptop or home machine? Link to comment Share on other sites More sharing options...
turetzsr Posted May 10, 2004 Share Posted May 10, 2004 ...Hmm, very odd. ...The first internet header "From" line in your original post is to IP 209.152.177.32. I looked this up in GeekTools (http://www.geektools.com/whois.php) and ARIN shows: OrgName: American Pro Servers, Inc OrgID: APS-102 Address: 3006 Avenue M City: Brooklyn StateProv: NY PostalCode: 11210 Country: US NetRange: 209.152.160.0 - 209.152.191.255 CIDR: 209.152.160.0/19 NetName: APSERVERS NetHandle: NET-209-152-160-0-2 Parent: NET-209-0-0-0-0 NetType: Direct Allocation NameServer: NS1.APSERVERS.NET NameServer: NS2.APSERVERS.NET Comment: RegDate: 2002-06-12 Updated: 2003-05-09 OrgAbuseHandle: IPADM75-ARIN OrgAbuseName: IPAdmin OrgAbusePhone: +1-404-659-2981 OrgAbuseEmail: ipadmin[at]servernode.net OrgTechHandle: IPADM76-ARIN OrgTechName: IPAdmin servernode net OrgTechPhone: +1-404-328-6977 OrgTechEmail: ipadmin[at]servernode.net You may want to report this to the appropriate OrgAbsuseEmail address. Link to comment Share on other sites More sharing options...
elmyra Posted May 10, 2004 Author Share Posted May 10, 2004 I'm getting more of them -- here's another (dagoils[at].. goes to the same list as the other email). I've told the person at slycreations.com, hosted at vmdomain, but she's reading webmail from work specifically so there won't be any infection on her end. Hi. This is the qmail-send program at vm0.vmdomain.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <ZVNUUQ[at]msn.com>: 65.54.190.7 does not like recipient. Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on 65.54.190.7. <ZVNUUQ[at]msn.com>: 65.54.190.7 does not like recipient. Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on 65.54.190.7. <ZVNUUQ[at]msn.com>: 65.54.166.99 does not like recipient. Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on 65.54.166.99. <ZVNUUQ[at]msn.com>: 65.54.166.99 does not like recipient. Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on 65.54.166.99. --- Below this line is a copy of the message. Return-Path: <faith[at]lusciousmango.com> Received: (qmail 94346 invoked from network); 10 May 2004 16:38:09 -0000 Received: from server26.totalchoicehosting.com (209.152.177.32) by 203.116.232.70 with SMTP; 10 May 2004 16:38:09 -0000 Received: from [64.190.59.34] (helo=FaithLaptop) by server26.totalchoicehosting.com with asmtp (Exim 4.24) id 1BNERg-0000Vl-Hf for dagoils[at]inourcups.com; Mon, 10 May 2004 13:20:04 -0400 Message-ID: <001201c436b3$13ab3610$7100a8c0[at]FaithLaptop> From: "Faith Love" <faith[at]lusciousmango.com> To: <dagoils[at]inourcups.com> Subject: I talked to Emily Date: Mon, 10 May 2004 13:20:20 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000F_01C43691.8B0DC5F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server26.totalchoicehosting.com X-AntiAbuse: Original Domain - inourcups.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lusciousmango.com This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C43691.8B0DC5F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Link to comment Share on other sites More sharing options...
Merlyn Posted May 10, 2004 Share Posted May 10, 2004 With a message ID of 001201c436b3$13ab3610$7100a8c0[at]FaithLaptop and an IP for FaithLaptop in the received headers of 64.190.59.34 there is a possibility that the email is being denied as FaithLaptop is not a FQDN for 64.190.59.34. Our servers would definately not accept this. Even Spamcop thinks it's a forgery. (See Below) You need to give a little more info: Are you running a mailserver from your laptop? Are you running a mail server from home on a dynamic IP? What is the origin of the sending server? The receiving computer has also been removed, what is the final (Topmost) received line that has been removed? You are not giving enough information. IMHO, this email as it is deserves to be blocked. Spamcop parse: Received: (qmail 94346 invoked from network); 10 May 2004 16:38:09 -0000 Ignored Received: from server26.totalchoicehosting.com (209.152.177.32) by 203.116.232.70 with SMTP; 10 May 2004 16:38:09 -0000 209.152.177.32 found host 209.152.177.32 (getting name) = server26.totalchoicehosting.com. host server26.totalchoicehosting.com (checking ip) = 209.152.177.32 Possible spammer: 209.152.177.32 Received line accepted Received: from [64.190.59.34] (helo=FaithLaptop) by server26.totalchoicehosting.com with asmtp (Exim 4.24) id 1BNERg-0000Vl-Hf for x; Mon, 10 May 2004 13:20:04 -0400 no from 64.190.59.34 found host 64.190.59.34 = 64-190-59-34.client.cypresscom.net (cached) host 64-190-59-34.client.cypresscom.net (checking ip) = 64.190.59.34 209.152.177.32 not listed in dnsbl.njabl.org 209.152.177.32 not listed in cbl.abuseat.org 209.152.177.32 not listed in dnsbl.sorbs.net 209.152.177.32 is not an MX for server26.totalchoicehosting.com 209.152.177.32 is not an MX for server26.totalchoicehosting.com 209.152.177.32 not listed in dnsbl.njabl.org Possible spammer: 64.190.59.34 host server26.totalchoicehosting.com (checking ip) = 209.152.177.32 209.152.177.32 not listed in dnsbl.njabl.org 209.152.177.32 not listed in cbl.abuseat.org 209.152.177.32 not listed in dnsbl.sorbs.net Chain test:server26.totalchoicehosting.com =? server26.totalchoicehosting.com server26.totalchoicehosting.com and server26.totalchoicehosting.com have same hostname - chain verified Possible relay: 209.152.177.32 Received line accepted 64.190.59.34 discarded as a forgery, using 209.152.177.32 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.