I think you have a bounce loop with mailman? bouncing each bounce message from ironport. I would make sure the mailman queue is empty.
Ben > On Jan 24, 2017, at 10:38 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > > On 1/24/2017 9:32 AM, Mark Van Crombrugge wrote: >> Hi, >> >> >> >> We use Postfix - Dovecot ā Sympa ā spamassassin ā clamav on an >> Ubuntu 14.04 server. >> >> Last week we sent out a message to a Sympa mailing list and one of >> the e-mail addresses was in Costa-Rica. (@ucr.ac.cr) >> >> Since then we keep receiving an e-mail from their Cisco Iron Port >> system about every 10 seconds and we are unable to stop it, even >> after installing spamassassin and clamav. >> > > You can't block the sender; this is a bounce and uses the empty > sender address <>. Don't block bounces! > > Add the client IP to your blocklist, or to your firewall. > > > > > -- Noel Jones > >> >> >> This is the message: >> >> - - quote - - - - - - - >> >> From: SYMPA <sy...@sympa.iode.org> >> >> To: Listmaster listmas...@sympa.iode.org >> <mailto:listmas...@sympa.iode.org> >> >> Subject: Listmaster: internal server error. >> >> >> >> User "Iron Port Bounce Messages" <ironp...@ucr.ac.cr >> <mailto:ironp...@ucr.ac.cr>> has encountered an >> >> internal server error >> >> (message diffusion - MSG_ID: <c4992b$cf...@ironportvirtual.ucr.ac.cr >> <mailto:c4992b$cf...@ironportvirtual.ucr.ac.cr>> - LIST: >> >> oceandocscommun...@sympa.iode.org >> <mailto:oceandocscommun...@sympa.iode.org>): >> >> >> >> Impossible to forward a message to oceandocscommunity-owner : >> undefined in >> >> this list >> >> >> >> See the logs for more details. >> >> - - unquote - - - - - - - >> >> >> >> >> >> >> >> This it the original message as it gets stopped by the mailing list >> server because the sender is not a list member. >> >> At this point I receive the above e-mail. >> >> In the e-mail details below, I can find that the message is sent by >> ironp...@ucr.ac.cr <mailto:ironp...@ucr.ac.cr> but even adding this >> e-mail address to the Postfix blacklist has no effect. >> >> >> >> This is new to me so any advise about what Iām doing wrong and how >> to stop this is very welcome. >> >> >> >> Have a nice weekend, >> >> Mark >> >> >> >> >> >> - - quote - - - - >> >> root@mail:/home/sympa/spool/msg# more >> oceandocscommunity-ow...@sympa.iode.org.1484660591.438 >> >> X-Sympa-To: oceandocscommunity-ow...@sympa.iode.org >> >> Return-Path: <MAILER-DAEMON> >> >> Received: from localhost (localhost [127.0.0.1]) >> >> by mail.iode.org (Postfix) with ESMTP id F04F71CAB >> >> for >> <oceandocscommunity-owner+sympa.iode.org@sympalist>; Tue, 17 Jan >> 2017 14:43:11 +0100 (CET) >> >> X-Virus-Scanned: Debian amavisd-new at mail.iode.org >> >> Received: from mail.iode.org ([127.0.0.1]) >> >> by localhost (mail.iode.org [127.0.0.1]) >> (amavisd-new, port 10024) >> >> with ESMTP id 40K8jY3dGAFm >> >> for <oceandocscommunity-owner+sympa.iode.org@sympalist>; >> >> Tue, 17 Jan 2017 14:43:02 +0100 (CET) >> >> Received: from relay.vliz.be (unknown [192.168.5.217]) >> >> by mail.iode.org (Postfix) with ESMTPS id 026047C0B >> >> for <oceandocscommunity-ow...@sympa.iode.org>; Tue, >> 17 Jan 2017 14:42:57 +0100 (CET) >> >> X-ASG-Debug-ID: 1484660575-0ab9595f3b144d50001-JGkER2 >> >> Received: from litio.ucr.ac.cr (litio.ucr.ac.cr [163.178.174.20]) by >> relay.vliz.be with ESMTP id 4HXbovzmQeqq83KP (version=TLSv1.2 >> cipher=RC4-SHA bits=128 veri >> >> fy=NO) for <oceandocscommunity-ow...@sympa.iode.org>; Tue, 17 Jan >> 2017 14:42:58 +0100 (CET) >> >> X-Barracuda-Envelope-From: >> >> X-Barracuda-Effective-Source-IP: litio.ucr.ac.cr[163.178.174.20] >> >> X-Barracuda-Apparent-Source-IP: 163.178.174.20 >> >> Received: from localhost by litio.ucr.ac.cr; >> >> 17 Jan 2017 07:42:58 -0600 >> >> Message-Id: <c4992b$cq...@ironportvirtual.ucr.ac.cr> >> >> Date: 17 Jan 2017 07:42:58 -0600 >> >> To: oceandocscommunity-ow...@sympa.iode.org >> >> From: "Iron Port Bounce Messages" <ironp...@ucr.ac.cr> >> >> Subject: Delivery Status Notification (Failure) >> >> MIME-Version: 1.0 >> >> X-ASG-Orig-Subj: Delivery Status Notification (Failure) >> >> Content-Type: multipart/report; report-type=delivery-status; >> boundary="pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW" >> >> X-Barracuda-Connect: litio.ucr.ac.cr[163.178.174.20] >> >> X-Barracuda-Start-Time: 1484660577 >> >> X-Barracuda-Encrypted: RC4-SHA >> >> X-Barracuda-URL: https://relay.vliz.be:443/cgi-mod/mark.cgi >> >> X-Barracuda-Scan-Msg-Size: 230 >> >> X-Virus-Scanned: by bsmtpd at vliz.be >> >> X-Barracuda-BRTS-Status: 1 >> >> X-Barracuda-Spam-Score: 0.20 >> >> X-Barracuda-Spam-Status: No, SCORE=0.20 using global scores of >> TAG_LEVEL=3.0 QUARANTINE_LEVEL=4.0 KILL_LEVEL=5.0 >> tests=ANY_BOUNCE_MESSAGE, BOUNCE_MESSAGE, BSF_ >> >> SC0_SA590, EMPTY_ENV_FROM >> >> X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.35864 >> >> Rule breakdown below >> >> pts rule name description >> >> ---- ---------------------- >> -------------------------------------------------- >> >> 0.00 EMPTY_ENV_FROM Empty Envelope From Address >> >> 0.20 BSF_SC0_SA590 Custom Rule SA590 >> >> 0.00 BOUNCE_MESSAGE MTA bounce message >> >> 0.00 ANY_BOUNCE_MESSAGE Message is some kind of >> bounce message >> >> >> >> --pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW >> >> content-type: text/plain; >> >> charset="utf-8" >> >> Content-Transfer-Encoding: quoted-printable >> >> >> >> The following message to <ironp...@ucr.ac.cr> was undeliverable. >> >> The reason for the problem: >> >> 5.1.0 - Unknown address error 550-'5.1.1 <ironp...@ucr.ac.cr>: >> Recipient ad= >> >> dress rejected: User unknown in virtual mailbox table' >> >> >> >> --pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW >> >> content-type: message/delivery-status >> >> >> >> Reporting-MTA: dns; litio.ucr.ac.cr >> >> >> >> Final-Recipient: rfc822;ironp...@ucr.ac.cr >> >> Action: failed >> >> Status: 5.0.0 (permanent failure) >> >> Remote-MTA: dns; [163.178.163.178] >> >> Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'5.1.1 >> <ironp...@ucr.ac.cr>: Recipient address rejected: User unknown in >> virtual mailbox table' (deliv >> >> ery attempts: 0) >> >> >> >> --pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW >> >> content-type: message/rfc822 >> >> >> >> IronPort-PHdr: >> =?us-ascii?q?9a23=3ABBkzixKmSHBBlHKHbdmcpTZWNBhigK39O0sv0rFi?= >> >> =?us-ascii?q?tYgRLP3xwZ3uMQTl6Ol3ixeRBMOAuq4C0LWd7/2ocFdDyK7JiGoFfp1IWk1Nou?= >> >> =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= >> >> =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDWwbal8IRi0ogncuckbipZ+J6gszRfEvmFGcP?= >> >> =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= >> >> =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= >> >> =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?= >> >> =?us-ascii?q?bIUBAOUBM+hGsofyu1QAoxylCAmpB+7i0CVFi2Xq0aEk1ekqDAHI3BYnH9ILqH?= >> >> =?us-ascii?q?nasdf6OqAIX+2p0aLFyi7DbvNT2Tfl8ofFaQshoPGJXbJoa8Xd00gvFwTYgVqO?= >> >> =?us-ascii?q?s4DlOCmV1usUvmWd8uFuVvqvhnY6pwx1rDWj3Nogh43Uio4P11zJ+yp0zJwxKN?= >> >> =?us-ascii?q?C+VUV1e8SrEIFKuCGfL4Z2Qt0tQ2VvuCsiz70Jo5+7fCwQxJQmwB7QduKIf5KP?= >> >> =?us-ascii?q?4hL5W+adOTZ4hHR7d7Kjnxu+7Eytx+PmWsWp1FtGszBJnsTCu30CzRDe7tCLSv?= >> >> =?us-ascii?q?5n8Ueg3TaP2RrT6uZBIU0skqrUN4AuzaQ2lpUOtkTMAjT2l1nxjK+Tc0Uk5+6o?= >> >> =?us-ascii?q?6+X7YrTmv5OcMIF1igfgPaQ0gcG/GuQ5Mg0WX2eB4+i81brj8lDnT7lQif02iK?= >> >> =?us-ascii?q?bZvIjAJcsHvq65HxNV0oE75ha+FTem19IYnWEALFJfZBKKlJXpNE3UIPziF/iw?= >> >> =?us-ascii?q?n06gnytxx6OOArq0SLTXKX6LqLD7Yf5X7FNawwd76N1E/JtbB6pLaKbyQEj3rN?= >> >> =?us-ascii?q?vCEjckOBbyyu2hA88rha0EXmfaOZ68CIqa5USZ4/omC/KdYZcc/jf6J/Vj4OTh?= >> >> =?us-ascii?q?2yxq0WQBdLWkiMNEIEuzGe5rdgDAOSLh?= >> >> X-IronPort-Anti-Spam-Filtered: true >> >> X-IronPort-Anti-Spam-Result: >> =?us-ascii?q?A0GuIgBOE35YlwmGv8FdDg4BAQQBAQoBA?= >> >> =?us-ascii?q?RcBAQQBAQoBAYMOAQEBAQGCB4MDTpwAiFCMfIpBSA8BAQEBAQEBAQEBAQIQAQE?= >> >> =?us-ascii?q?BAQEIFghNQhIBgV4bAYJEDwGBFQ4CIQ0xE4kHnx6QAYIhBIo/hkSCC4cGCYMcg?= >> >> =?us-ascii?q?l4FiHMYh16KPRQbgTCBBY8PG4FchQ6JaJJsSQKBXgiELoIDPD01hVlRgi4BAQE?= >> >> X-IPAS-Result: >> =?us-ascii?q?A0GuIgBOE35YlwmGv8FdDg4BAQQBAQoBARcBAQQBAQoBAYM?= >> >> =?us-ascii?q?OAQEBAQGCB4MDTpwAiFCMfIpBSA8BAQEBAQEBAQEBAQIQAQEBAQEIFghNQhIBg?= >> >> =?us-ascii?q?V4bAYJEDwGBFQ4CIQ0xE4kHnx6QAYIhBIo/hkSCC4cGCYMcgl4FiHMYh16KPRQ?= >> >> =?us-ascii?q?bgTCBBY8PG4FchQ6JaJJsSQKBXgiELoIDPD01hVlRgi4BAQE?= >> >> X-IronPort-AV: E=Sophos;i="5.33,244,1477980000"; >> >> d="scan'208";a="13460557" >> >> Received: from mail.iode.org ([193.191.134.9]) >> >> by litio.ucr.ac.cr with ESMTP; 17 Jan 2017 07:42:55 -0600 >> >> Received: by mail.iode.org (Postfix, from userid 1001) >> >> id B109A20F3; Tue, 17 Jan 2017 14:42:49 +0100 (CET) >> >> Message-Id: <sympa.1484660569.32128....@sympa.iode.org> >> >> Date: Tue, 17 Jan 2017 14:42:49 +0100 >> >> MIME-Version: 1.0 >> >> Auto-Submitted: auto-replied >> >> From: SYMPA <sy...@sympa.iode.org> >> >> To: "Iron Port Bounce Messages" <ironp...@ucr.ac.cr> >> >> Subject: Message distribution: Internal server error >> >> Content-Type: multipart/mixed; >> boundary="----------=_<sympa.1484660569.32128...@sympa.iode.org>" >> >> Content-Transfer-Encoding: 8bit >> >> X-Mailer: Sympa 6.1.19 >> >> >> >> --pMHD.5HafwOhEa.5lmdOk+/TUE.COVHwLW-- >> >> - - unquote - - - - >> >> >> >> >> >
