In the example give, [EMAIL PROTECTED] doesn't exist on my system. That's the "bogus" address that was in the message that was bounced back. I don't have a clue where that address came from or where the ip address it was sent to came from. Also, in searching the qmail logs, I can find no actual proof that my system ever tried to deliver a message to that user or that ip address.
The original message was only sent to [EMAIL PROTECTED] and [EMAIL PROTECTED] and both of those messages arrived correctly and without error.
However, shortly after the message was sent to those users, this bounce came back.
Thanks, Gary ____________________ Gary Bowling GBCO.US [EMAIL PROTECTED] ____________________ Tom Collins wrote:
Gary Bowling said:--- Below this line is a copy of the message. Return-Path: <[EMAIL PROTECTED] Received: (qmail 14943 invoked by uid 89); 28 Jan 2008 12:30:14 -0000 Received: by simscan 1.3.1 ppid: 14938, pid: 14940, t: 0.0752s scanners: attach: 1.3.1 clamav: 0.91.2/m: Received: from unknown (HELO ?10.0.0.103?) ([EMAIL PROTECTED]@xx.xxx.xxx.xx) by 0 with ESMTPA; 28 Jan 2008 12:30:14 -0000 Message-ID: <[EMAIL PROTECTED]> Date: Mon, 28 Jan 2008 06:30:13 -0600 From: User Name <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Organization: company User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: To User <[EMAIL PROTECTED]> CC: CC User <[EMAIL PROTECTED]> Subject: SUBJETC Line Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit YADA YADA note here. -- ____________________ Gary Bowling GBCO.US [EMAIL PROTECTED] ____________________Does the message look like something you sent to some other address, or a mailing list? If so, you could be getting the non-delivery notice because the message was forwarded to a bad address. If you look at the bottom Received line, it would appear that [EMAIL PROTECTED] connected from IP xx.xxx.xxx.xx with SMTP authentication in order to send the email. Does [EMAIL PROTECTED] have a simple password? Where is the IP address that made the connection? Could a spammer be relaying mail through your server by guessing the account password?
