Did this email really originate from my server?
How did it get sent?
Has an account been compromised or is Postfix improperly configured?
Thanks!
MESSAGE SOURCE:
=====================================
Return-Path: <MAILER-DAEMON>
Delivered-To: vi...@example.com
Received: from localhost (localhost [127.0.0.1])
by server.example.com (Postfix) with ESMTP id 6E4637D05
for <vi...@example.com>; Tue, 15 Dec 2009 00:31:08 -0500 (EST)
Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1260855068-23802-0"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
In-Reply-To: <20091215053103.946b27...@server.example.com>
Message-ID: <ss18opepobp...@server.example.com>
From: "Content-filter at server.example.com" <postmas...@server.example.com>
To: <vi...@example.com>
Date: Tue, 15 Dec 2009 00:31:04 -0500 (EST)
This is a multi-part message in MIME format...
------------=_1260855068-23802-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
A message from <vi...@example.com> to:
-> vi...@example.com
was considered unsolicited bulk e-mail (UBE).
Our internal reference code for your message is 23802-16/18oPepObPGMY
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.
First upstream SMTP client IP address: [117.206.44.183]
According to a 'Received:' trace, the message originated at: [117.206.44.183],
[117.206.44.183] unknown [117.206.44.183]
Return-Path: <vi...@example.com>
Message-ID: <20091215053103.946b27...@server.example.com>
Subject: For vince special 80% OFF on Pfizer
Non-encoded 8-bit data (char A9 hex): From: VIAGRA \251 Online Shop <v[...]
Delivery of the email was stopped!
------------=_1260855068-23802-0
Content-Type: message/delivery-status; name="dsn_status"
Content-Disposition: inline; filename="dsn_status"
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
Reporting-MTA: dns; server.example.com
Received-From-MTA: smtp; server.example.com ([127.0.0.1])
Arrival-Date: Tue, 15 Dec 2009 00:31:04 -0500 (EST)
Original-Recipient: rfc822;vi...@example.com
Final-Recipient: rfc822;vi...@example.com
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=23802-16 - SPAM
Last-Attempt-Date: Tue, 15 Dec 2009 00:31:04 -0500 (EST)
Final-Log-ID: 23802-16/18oPepObPGMY
------------=_1260855068-23802-0
Content-Type: text/rfc822-headers; name="header"
Content-Disposition: inline; filename="header"
Content-Transfer-Encoding: 8bit
Content-Description: Message header section
Return-Path: <vi...@example.com>
Received: from [117.206.44.183] (unknown [117.206.44.183])
by server.example.com (Postfix) with ESMTPS id 946B27D04
for <vi...@example.com>; Tue, 15 Dec 2009 00:30:42 -0500 (EST)
From: VIAGRA © Online Shop <vi...@example.com>
To: vi...@example.com
Subject: For vince special 80% OFF on Pfizer
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <20091215053103.946b27...@server.example.com>
Date: Tue, 15 Dec 2009 00:30:42 -0500 (EST)
------------=_1260855068-23802-0--
MAIL LOG:
=====================================
Dec 15 00:30:50 server postfix/smtpd[27310]: lost connection after DATA (0
bytes) from unknown[94.50.246.179]
Dec 15 00:30:50 server postfix/smtpd[27310]: disconnect from
unknown[94.50.246.179]
Dec 15 00:30:50 server postfix/pickup[25415]: C52F07D05: uid=0 from=<root>
Dec 15 00:30:50 server postfix/cleanup[27347]: C52F07D05:
message-id=<20091215053050.c52f07...@server.example.com>
Dec 15 00:30:50 server postfix/qmgr[2816]: C52F07D05: from=<r...@example.com>,
size=3851, nrcpt=1 (queue active)
Dec 15 00:30:51 server postfix/smtpd[27351]: connect from localhost[127.0.0.1]
Dec 15 00:30:51 server postfix/smtpd[27351]: 467977D04:
client=localhost[127.0.0.1]
Dec 15 00:30:51 server postfix/cleanup[27347]: 467977D04:
message-id=<20091215053050.c52f07...@server.example.com>
Dec 15 00:30:51 server postfix/qmgr[2816]: 467977D04: from=<r...@example.com>,
size=4275, nrcpt=1 (queue active)
Dec 15 00:30:51 server postfix/smtpd[27351]: disconnect from
localhost[127.0.0.1]
Dec 15 00:30:51 server postfix/cleanup[27347]: 4928C7D0C:
message-id=<20091215053050.c52f07...@server.example.com>
Dec 15 00:30:51 server postfix/qmgr[2816]: 4928C7D0C: from=<r...@example.com>,
size=4399, nrcpt=1 (queue active)
Dec 15 00:30:51 server postfix/local[27352]: 467977D04: to=<r...@localhost>,
relay=local, delay=0.01, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent
(forwarded as 4928C7D0C)
Dec 15 00:30:51 server postfix/qmgr[2816]: 467977D04: removed
Dec 15 00:30:51 server postfix/smtp[27348]: C52F07D05: to=<r...@localhost>,
relay=127.0.0.1[127.0.0.1]:10024, delay=0.51, delays=0.02/0/0/0.49, dsn=2.0.0,
status=sent (250 2.0.0 Ok, id=24334-14, from MTA([127.0.0.1]:10025): 250 2.0.0
Ok: queued as 467977D04)
Dec 15 00:30:51 server postfix/qmgr[2816]: C52F07D05: removed
Dec 15 00:30:51 server postfix/pipe[27353]: 4928C7D0C:
to=<vheu...@example.com>, orig_to=<r...@localhost>, relay=dovecot, delay=0.01,
delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 15 00:30:51 server postfix/qmgr[2816]: 4928C7D0C: removed
Dec 15 00:31:02 server postfix/smtpd[27317]: warning:
183.44.206.117.list.dsbl.org: RBL lookup error: Host or domain name not found.
Name service error for name=183.44.206.117.list.dsbl.org type=A: Host not
found, try again
Dec 15 00:31:03 server postfix/smtpd[27317]: 946B27D04:
client=unknown[117.206.44.183]
Dec 15 00:31:04 server postfix/cleanup[27347]: 946B27D04:
message-id=<20091215053103.946b27...@server.example.com>
Dec 15 00:31:04 server postfix/qmgr[2816]: 946B27D04: from=<vi...@example.com>,
size=1924, nrcpt=1 (queue active)
Dec 15 00:31:04 server postfix/smtpd[27317]: disconnect from
unknown[117.206.44.183]
Dec 15 00:31:08 server postfix/smtpd[27351]: connect from localhost[127.0.0.1]
Dec 15 00:31:08 server postfix/smtpd[27351]: 6E4637D05:
client=localhost[127.0.0.1]
Dec 15 00:31:08 server postfix/cleanup[27347]: 6E4637D05:
message-id=<ss18opepobp...@server.example.com>
Dec 15 00:31:08 server postfix/smtpd[27351]: disconnect from
localhost[127.0.0.1]
Dec 15 00:31:08 server postfix/qmgr[2816]: 6E4637D05: from=<>, size=3352,
nrcpt=1 (queue active)
Dec 15 00:31:08 server postfix/pipe[27353]: 6E4637D05: to=<vi...@example.com>,
relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent
(delivered via dovecot service)
Dec 15 00:31:08 server postfix/qmgr[2816]: 6E4637D05: removed
Dec 15 00:31:08 server postfix/smtp[27348]: 946B27D04: to=<vi...@example.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=26, delays=22/0/0/4, dsn=2.5.0,
status=sent (250 2.5.0 Ok, id=23802-16, BOUNCE)
Dec 15 00:31:08 server postfix/qmgr[2816]: 946B27D04: removed
Dec 15 00:31:34 server postfix/smtpd[27310]: connect from
unknown[203.113.28.147]
Dec 15 00:31:51 server postfix/smtpd[27317]: connect from
dsl-146-82-176.telkomadsl.co.za[165.146.82.176]
Dec 15 00:31:52 server postfix/smtpd[27317]: disconnect from
dsl-146-82-176.telkomadsl.co.za[165.146.82.176]
Dec 15 00:31:56 server postfix/smtpd[27317]: warning: 187.14.3.195: hostname
18714003195.user.veloxzone.com.br verification failed: Name or service not known
Dec 15 00:31:56 server postfix/smtpd[27317]: connect from unknown[187.14.3.195]
Dec 15 00:32:11 server postfix/smtpd[27310]: warning:
147.28.113.203.list.dsbl.org: RBL lookup error: Host or domain name not found.
Name service error for name=147.28.113.203.list.dsbl.org type=A: Host not
found, try again
Dec 15 00:32:11 server postfix/smtpd[27310]: NOQUEUE: reject: RCPT from
unknown[203.113.28.147]: 554 5.7.1 Service unavailable; Client host
[203.113.28.147] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=203.113.28.147; from=<nub...@example.com>
to=<nub...@example.com> proto=SMTP helo=<W-AA-H1031-PT>
Dec 15 00:32:12 server postfix/smtpd[27310]: disconnect from
unknown[203.113.28.147]
Dec 15 00:32:20 server postfix/smtpd[27317]: warning:
195.3.14.187.list.dsbl.org: RBL lookup error: Host or domain name not found.
Name service error for name=195.3.14.187.list.dsbl.org type=A: Host not found,
try again
Dec 15 00:32:20 server postfix/smtpd[27317]: NOQUEUE: reject: RCPT from
unknown[187.14.3.195]: 554 5.7.1 Service unavailable; Client host
[187.14.3.195] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=187.14.3.195;
from=<fcryxilgwxv...@example.com> to=<fcryxilgwxv...@example.com> proto=ESMTP
helo=<veloxzone.com.br>
Dec 15 00:32:20 server postfix/smtpd[27317]: disconnect from
unknown[187.14.3.195]
Dec 15 00:33:09 server postfix/anvil[27249]: statistics: max connection rate
2/60s for (smtp:62.226.69.61) at Dec 15 00:27:49
Dec 15 00:33:09 server postfix/anvil[27249]: statistics: max connection count 1
for (smtp:122.183.217.178) at Dec 15 00:23:54
Dec 15 00:33:09 server postfix/anvil[27249]: statistics: max cache size 6 at
Dec 15 00:28:03
