Thanks for all the info and I guess I am still worried because the user who the logs indicate is sending this message is 100% not sending this. She has been on vacation for the past 2 weeks as no webmail activity either. I used "postcat -q" to check the message ID and the output is listed below:
On Thu, May 21, 2009 at 8:58 PM, Sahil Tandon <sa...@tandon.net> wrote: > s/message/queue/ :-) I have no idea what that means :-( On Fri, May 22, 2009 at 7:02 AM, Wietse Venema <wie...@porcupine.org> wrote: > 206.212.244.102 does not accept SMTP connections. Either the host > is firewalled, or the host is down, or it is not reachable for > other reasons. > > % telnet 206.212.244.102 smtp > Trying 206.212.244.102... > telnet: connect to address 206.212.244.102: Operation timed out > telnet: Unable to connect to remote host Yes, this scares me even more because the user indicated that she herself is not initiating the message. The recipient domain is not listening on port 25 so that is really the only reason I am aware that there is a problem. If the SMTP server had accepted these messages, nothing would have backed up on my Postfix queue. I just don't understand what is causing this or how to stop this on my Postfix server... On Fri, May 22, 2009 at 8:57 AM, mouss <mo...@ml.netoyen.net> wrote: > gowenandco DOT com is listed on URIBL and SURBL and > > http://www.senderbase.org/senderbase_queries/detailip?search_string=206.212.244.0%2F24 > > doesn't look good... > > so something in your site is bouncing or auto-responding to spam. you > need to find out what is causing this bounce/auto-reply and fix it. you > can look at the message using the postcat command. I agree because in writing this response to the list, I got this email from another user on the same Postfix server: ************************************************************** Why do I keep getting these? How did they get this address to use for bulk mail? Thanks, Julie Content-filter at server.us wrote: A message from <jthras...@server.us> to: -> jthras...@server.us was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 16433-01/qNJBp5TNkzDa The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. First upstream SMTP client IP address: [88.255.159.190] unknown According to a 'Received:' trace, the message originated at: [88.255.159.190], [88.255.159.190] unknown [88.255.159.190] Return-Path: <jthras...@server.us> Message-ID: <173702817170361.uflfwryznisq...@[88.255.159.190]> Subject: Come to my place Delivery of the email was stopped! ************************************************************** > PS. make sure to validate recipients at the edge of your network, > instead of accept-then-bounce. don't be an outscatter source... How do I make sure of this in main.cf? I'm not sure I know how to avoid that based on my original postconf -n.
