Jump to content

Odd bounce notice -- can anyone help?


Recommended Posts

I received a bounce message today from an address that wasn't on the original email, and I'm wondering if the problem is on my end or my recipients'. The history of the email is:

I sent original to a group list (on a domain I control).

One of the people responded to me.

I replied to her and the other person on the list, and got the bounce from that.

(I include the history, because this problem may be from the person who responded to me, and then triggered when I replied to her.)

Here's the bounce:

Hi. This is the qmail-send program at vm0.vmdomain.com.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<llikelper[at]a2z4u.net>:

216.200.145.35 does not like recipient.

Remote host said: 554 Recipient Rejected: Not accepting mail for this account : Account Inactive

Giving up on 216.200.145.35.

--- Below this line is a copy of the message.

Return-Path: <faith[at]lusciousmango.com>

Received: (qmail 25920 invoked from network); 10 May 2004 13:18:19 -0000

Received: from server26.totalchoicehosting.com (209.152.177.32)

by 203.116.232.70 with SMTP; 10 May 2004 13:18:19 -0000

Received: from 64-190-59-34.client.cypresscom.net ([64.190.59.34] helo=FaithLaptop)

by server26.totalchoicehosting.com with asmtp (Exim 4.24)

id 1BNBKP-0000Vx-6Z; Mon, 10 May 2004 10:00:21 -0400

Message-ID: <001701c43697$2b19cfd0$7100a8c0[at]FaithLaptop>

From: "Faith Love" <faith[at]lusciousmango.com>

To: "sly" <sly[at]slycreations.com>,

"Darcy Nair" <darcy[at]darcynair.com>

References: <008701c43692$fa27bd50$7100a8c0[at]FaithLaptop> <1084194231.409f7db7a142a[at]webmail.slycreations.com>

Subject: Re: SSDF

Date: Mon, 10 May 2004 10:00:33 -0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1409

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server26.totalchoicehosting.com

X-AntiAbuse: Original Domain - slycreations.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - lusciousmango.com

Link to comment
Share on other sites

Hi, elmyra!

Is llikelper[at]a2z4u.net one of the recipients on your group list? If so, I would guess from the following

Hi. This is the qmail-send program at vm0.vmdomain.com.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<llikelper[at]a2z4u.net>:

216.200.145.35 does not like recipient.

Remote host said: 554 Recipient Rejected: Not accepting mail for this account : Account Inactive

Giving up on 216.200.145.35.

that the problem is at the recipient's (llikelper[at]a2z4u.net) end.
Link to comment
Share on other sites

Is there a received line missing:

Where does the 216.200.145.35 come from?

This server has a very bad reputation.

First received line:

Received: (qmail 25920 invoked from network); 10 May 2004 13:18:19 -0000

This is an invalid received line.

Second Received line:

Received: from server26.totalchoicehosting.com (209.152.177.32)

by 203.116.232.70 with SMTP; 10 May 2004 13:18:19 -0000

This looks good except the 203.116.232.70 machine in this received line should be referenced in the first invalid received line but it is not so a received line is missing or the server is misconfigured.

Third received line:

Received: from 64-190-59-34.client.cypresscom.net ([64.190.59.34] helo=FaithLaptop)

by server26.totalchoicehosting.com with asmtp (Exim 4.24)

id 1BNBKP-0000Vx-6Z; Mon, 10 May 2004 10:00:21 -0400

This is the originating server and this received line looks good but everything up from here goes to hell in a handbasket.

There is either some missing info here or some bad misconfigured servers.

Are you running an email server on your laptop or home machine?

Link to comment
Share on other sites

...Hmm, very odd.

...The first internet header "From" line in your original post is to IP 209.152.177.32. I looked this up in GeekTools (http://www.geektools.com/whois.php) and ARIN shows:

OrgName: American Pro Servers, Inc

OrgID: APS-102

Address: 3006 Avenue M

City: Brooklyn

StateProv: NY

PostalCode: 11210

Country: US

NetRange: 209.152.160.0 - 209.152.191.255

CIDR: 209.152.160.0/19

NetName: APSERVERS

NetHandle: NET-209-152-160-0-2

Parent: NET-209-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.APSERVERS.NET

NameServer: NS2.APSERVERS.NET

Comment:

RegDate: 2002-06-12

Updated: 2003-05-09

OrgAbuseHandle: IPADM75-ARIN

OrgAbuseName: IPAdmin

OrgAbusePhone: +1-404-659-2981

OrgAbuseEmail: ipadmin[at]servernode.net

OrgTechHandle: IPADM76-ARIN

OrgTechName: IPAdmin servernode net

OrgTechPhone: +1-404-328-6977

OrgTechEmail: ipadmin[at]servernode.net

You may want to report this to the appropriate OrgAbsuseEmail address.
Link to comment
Share on other sites

I'm getting more of them -- here's another (dagoils[at].. goes to the same list as the other email). I've told the person at slycreations.com, hosted at vmdomain, but she's reading webmail from work specifically so there won't be any infection on her end.

Hi. This is the qmail-send program at vm0.vmdomain.com.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<ZVNUUQ[at]msn.com>:

65.54.190.7 does not like recipient.

Remote host said: 550 Requested action not taken: mailbox unavailable

Giving up on 65.54.190.7.

<ZVNUUQ[at]msn.com>:

65.54.190.7 does not like recipient.

Remote host said: 550 Requested action not taken: mailbox unavailable

Giving up on 65.54.190.7.

<ZVNUUQ[at]msn.com>:

65.54.166.99 does not like recipient.

Remote host said: 550 Requested action not taken: mailbox unavailable

Giving up on 65.54.166.99.

<ZVNUUQ[at]msn.com>:

65.54.166.99 does not like recipient.

Remote host said: 550 Requested action not taken: mailbox unavailable

Giving up on 65.54.166.99.

--- Below this line is a copy of the message.

Return-Path: <faith[at]lusciousmango.com>

Received: (qmail 94346 invoked from network); 10 May 2004 16:38:09 -0000

Received: from server26.totalchoicehosting.com (209.152.177.32)

by 203.116.232.70 with SMTP; 10 May 2004 16:38:09 -0000

Received: from [64.190.59.34] (helo=FaithLaptop)

by server26.totalchoicehosting.com with asmtp (Exim 4.24)

id 1BNERg-0000Vl-Hf

for dagoils[at]inourcups.com; Mon, 10 May 2004 13:20:04 -0400

Message-ID: <001201c436b3$13ab3610$7100a8c0[at]FaithLaptop>

From: "Faith Love" <faith[at]lusciousmango.com>

To: <dagoils[at]inourcups.com>

Subject: I talked to Emily

Date: Mon, 10 May 2004 13:20:20 -0400

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_000F_01C43691.8B0DC5F0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1409

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server26.totalchoicehosting.com

X-AntiAbuse: Original Domain - inourcups.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - lusciousmango.com

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01C43691.8B0DC5F0

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Link to comment
Share on other sites

With a message ID of 001201c436b3$13ab3610$7100a8c0[at]FaithLaptop

and an IP for FaithLaptop in the received headers of 64.190.59.34 there is a possibility that the email is being denied as FaithLaptop is not a FQDN for 64.190.59.34. Our servers would definately not accept this.

Even Spamcop thinks it's a forgery. (See Below)

You need to give a little more info:

Are you running a mailserver from your laptop?

Are you running a mail server from home on a dynamic IP?

What is the origin of the sending server?

The receiving computer has also been removed, what is the final (Topmost) received line that has been removed?

You are not giving enough information.

IMHO, this email as it is deserves to be blocked.

Spamcop parse:

Received: (qmail 94346 invoked from network); 10 May 2004 16:38:09 -0000

Ignored

Received: from server26.totalchoicehosting.com (209.152.177.32) by 203.116.232.70 with SMTP; 10 May 2004 16:38:09 -0000

209.152.177.32 found

host 209.152.177.32 (getting name) = server26.totalchoicehosting.com.

host server26.totalchoicehosting.com (checking ip) = 209.152.177.32

Possible spammer: 209.152.177.32

Received line accepted

Received: from [64.190.59.34] (helo=FaithLaptop) by server26.totalchoicehosting.com with asmtp (Exim 4.24) id 1BNERg-0000Vl-Hf for x; Mon, 10 May 2004 13:20:04 -0400

no from

64.190.59.34 found

host 64.190.59.34 = 64-190-59-34.client.cypresscom.net (cached)

host 64-190-59-34.client.cypresscom.net (checking ip) = 64.190.59.34

209.152.177.32 not listed in dnsbl.njabl.org

209.152.177.32 not listed in cbl.abuseat.org

209.152.177.32 not listed in dnsbl.sorbs.net

209.152.177.32 is not an MX for server26.totalchoicehosting.com

209.152.177.32 is not an MX for server26.totalchoicehosting.com

209.152.177.32 not listed in dnsbl.njabl.org

Possible spammer: 64.190.59.34

host server26.totalchoicehosting.com (checking ip) = 209.152.177.32

209.152.177.32 not listed in dnsbl.njabl.org

209.152.177.32 not listed in cbl.abuseat.org

209.152.177.32 not listed in dnsbl.sorbs.net

Chain test:server26.totalchoicehosting.com =? server26.totalchoicehosting.com

server26.totalchoicehosting.com and server26.totalchoicehosting.com have same hostname - chain verified

Possible relay: 209.152.177.32

Received line accepted

64.190.59.34 discarded as a forgery, using 209.152.177.32

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...