Server will send spam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Server will send spam

Maurizio Caloro-2

hello

 

Since today me Email Server will be send a lot of rubish, and i dont know why

please can any one give me here any little Help!

 

I have a lot of "Mail Delivery System <[hidden email]>" error

and i dont see from where this mails will come and why me Server this email

will be send!

 

me Server will be run now over 1 Year without any problems, today.... bang

this nightmare has began.

 

 

---

 

Email Header:

Received: from nmail.caloro.ch ([127.0.0.1])

                by mail.caloro.ch.quicksrv.de (Dovecot) with LMTP id jVs7JJF/b1o9MQAA6bXCFw

                for <[hidden email]>; Mon, 29 Jan 2018 21:09:53 +0100

Received: by nmail.caloro.ch (Postfix)

                id 920EB40932; Mon, 29 Jan 2018 21:09:53 +0100 (CET)

From: "Mail Delivery System" <[hidden email]>

To: <[hidden email]>

Subject: Undelivered Mail Returned to Sender

Date: Mon, 29 Jan 2018 21:09:53 +0100

Message-ID: <[hidden email]>

MIME-Version: 1.0

Content-Type: multipart/mixed;

                boundary="----=_NextPart_000_044F_01D39947.F4F4FBA0"

X-Mailer: Microsoft Outlook 16.0

Thread-Index: AQGsz7jVdWQ+5VNHJiY9kX6ybJXGXg==

 

Reporting-MTA: dns; nmail.caloro.ch

X-Postfix-Queue-ID: 9A2B340929

X-Postfix-Sender: rfc822; [hidden email]

Arrival-Date: Mon, 29 Jan 2018 21:09:51 +0100 (CET)

 

Final-Recipient: rfc822; [hidden email]

Original-Recipient: rfc822;[hidden email]

Action: failed

Status: 5.0.0

Remote-MTA: dns; mx.bt.lon5.cpcloud.co.uk

Diagnostic-Code: smtp; 554 Message rejected on 2018/01/29 20:09:54 GMT, policy

    (3.2.1.1) ??? Your message looks like SPAM or has been reported as SPAM

    please read www.bt.com/bulksender

 

---

Mail.log

 

D112340267: to=<[hidden email]>, relay=spamassassin, delay=1.4, delays=1.1/0/0/0.35, dsn=2.0.0, status=sent (delivered via spamassassin service)

 

Jan 29 22:37:32 mail postfix/smtp[13948]: 1A47F4070D: to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.22, delays=0.08/0/0.04/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2FE0240267)

 

Jan 29 22:37:32 mail postfix/smtp[13943]: 2FE0240267: to=<[hidden email]>, relay=hotmail-com.olc.protection.outlook.com[104.47.4.33]:25, delay=0.69, delays=0.09/0/0.12/0.48, dsn=2.6.0, status=sent (250 2.6.0 <[hidden email]> [InternalId=53695681205819, Hostname=AM5EUR02HT082.eop-

EUR02.prod.protection.outlook.com] 9013 bytes in 0.099, 88.050 KB/sec Queued mail for delivery)

Jan 29 22:37:32 mail postfix/qmgr[13937]: 2FE0240267: removed

 

postfix/pipe[13574]: EDDDD404F4: to=<[hidden email]>, relay=spamassassin, delay=0.49, delays=0.31/0/0/0.17, dsn=2.0.0, status=sent (delivered via spamassassin service)

Jan 29 22:27:31 mail postfix/qmgr[13520]: EDDDD404F4: removed

 

Jan 29 22:35:56 mail postfix/smtp[13943]: CD0E5404E1: to=<[hidden email]>, relay=mx.danskkabeltv.dk[62.61.141.3]:25, delay=503, delays=502/0.03/0.66/0.05, dsn=4.2.0, status=deferred (host mx.danskkabeltv.dk[62.61.141.3] said: 450 4.2.0 <nmail.caloro.ch[37.120.190.188]>: Client host rejected: Greylisted, see http://postgrey.schweikert.ch/help/uppsalahus.dk.html (in reply to RCPT TO command))

 

Jan 29 22:58:19 mail postfix/smtp[14296]: A504140462: to=<[hidden email]>, relay=mta5.am0.yahoodns.net[74.6.137.64]:25, delay=27604, delays=27596/5.8/1.6/0.1, dsn=4.7.0, status=deferred (host mta5.am0.yahoodns.net[74.6.137.64] said: 421 4.7.0 [TSS04] Messages from 37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))

Jan 29 22:58:19 mail postfix/smtp[14318]: A2F6E408C9: to=<[hidden email]>, relay=mta7.am0.yahoodns.net[74.6.137.65]:25, delay=26335, delays=26327/5.8/1.6/0.09, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[74.6.137.65] said: 421 4.7.0 [TSS04] Messages from 37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))

Jan 29 22:58:19 mail postfix/smtp[14314]: AF1D540460: to=<[hidden email]>, relay=mta7.am0.yahoodns.net[98.136.101.117]:25, delay=40098, delays=40090/5.4/2/0.16, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.136.101.117] said: 421 4.7.0 [TSS04] Messages from 37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))

Jan 29 22:58:20 mail postfix/smtp[14304]: A4C43408CB: to=<[hidden email]>, relay=mta5.am0.yahoodns.net[98.137.159.28]:25, delay=28617, delays=28609/6.1/2.1/0.12, dsn=4.7.0, status=deferred (host mta5.am0.yahoodns.net[98.137.159.28] said: 421 4.7.0 [TSS04] Messages from 37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))

Jan 29 22:58:20 mail postfix/smtp[14319]: A5D55408E1: to=<[hidden email]>, relay=mta6.am0.yahoodns.net[98.136.102.55]:25, delay=25081, delays=25072/6.2/2.3/0.15, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.136.102.55] said: 421 4.7.0 [TSS04] Messages from 37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))

 

 

please and thanks for any Help

Regards

Reply | Threaded
Open this post in threaded view
|

Re: Server will send spam

Kevin A. McGrail
On 1/29/2018 4:59 PM, Maurizio Caloro wrote:

Since today me Email Server will be send a lot of rubish, and i dont know why

please can any one give me here any little Help!


The evidence you sent shows from a brief review that it's coming from your mail server.  I think you likely have a user where the account was compromised that's relaying off that box.

Can you cross correlate the mail queued to a single user?  I would shutoff email while you research.  You are going to have a lot work to clean up off of blacklists I would gather and it will get worse the longer it goes on.

Regards,
KAM