Topic: MAILER-DAEMON - Subject: failure notice

[bjarni]

I receive a message from MAILER-DAEMON every day when it tries to send to "report@dshield.org".

Why? I have no problem sending normal mails.  

The mail looks like this:

----- MAIL START -----
Hi. This is the qmail-send program at MY_DOMAIN.dk.
I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.

<report@dshield.org>:
195.41.46.251 does not like recipient.
Remote host said: 550 <root@MY_DOMAIN.dk>: Sender address rejected: Domain not found Giving up on 195.41.46.251.

--- Below this line is a copy of the message.

Return-Path: <root@MY_DOMAIN.dk>
Received: (qmail 23615 invoked by uid 0); 21 Jul 2004 22:03:03 -0000
Date: 21 Jul 2004 22:03:03 -0000
Message-ID: <20040721220303.23612.qmail@MY_DOMAIN.dk>
To: report@dshield.org
From: nobody@nowhere.com
Subject: FORMAT IPTABLES USERID 99692068 TZ +02:00 VERSION DShield Framework 2002-04-25 IPTABLES 2002-03-28

Jul 21 00:02:56 sme-server kernel: denylog:IN=eth1 OUT= MAC=00:10:5a:a5:7e:fb:00:d0:2b:ab:c5:70:08:00 SRC=195.41.46.237 DST=8

......
hereafter comes A LOT of lines (1-2 Mb)
------ MAIL END ------

[RavenIV]

that looks like a fake email from a virus.
that virus steals sender sdresses or receipt adresses or creates unused adresses.
because of that you get this error-message.

check your windows-computers for viruses and delete the mail in the message queue.

cheers

[bjarni]

Are you sure that dshield is not supposed to send a mail to report@dshield.org once a day? (I have installed dshield!)

I have Clam Antivirus running on my SME-SERVER and AVG-antivirus running on all Windows-PC's!

How do I delete the message in the message queue?

/bjarni

[Jon_Reynolds]

Have you hidden your domain name? Is this the exact output, unedited, from the email you recieve? If it is then is MY_DOMAIN .dk really your domain name? If not then there might be a config file for dsheild that allows you to set your domain name and it is still set to the default of MY_DOMAIN.dk.

Hope that helps,

Jon

[idmaddog]

I am also experiencing a QMAIL-SEND issue -- not sure if it is related to this one.  I have a routable IP address that is registered.  I also have 5 other virtual domains configured.  Up until 2 weeks ago everything worked flawlessly.  Qwest (known around here as "Q-worst") had a problem that took down several ISP's for the better portion of that Sunday.  That is the only 'event' that I can attribute to this problem.  I have re-booted (a last-resort attempt to rule out my equipment) the server with no success.  I use this server also as a web-server for 6 domains (websites), IMAP/SMTP for 6 domains, and as a NAT server for my network.  Web-serving, Incoming mail and NAT work perfectly - just out-going mail.

Here is a mail-failure notification I received:
====================================

Hi. This is the qmail-send program at mcc-ns.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<michael.mcdonald@conagra.cag>:
216.161.141.2 does not like recipient.
Remote host said: 550 not local host conagra.cag, not a gateway
Giving up on 216.161.141.2.

--- Below this line is a copy of the message.

Return-Path: <mrmcdonald@mcc-ns.com>
Received: (qmail 16215 invoked from network); 15 Aug 2004 23:05:42 -0000
Received: from pc-00120.mcc-ns.mcc (HELO [192.168.1.120]) (192.168.1.120)
  by gandalf.mcc-ns.mcc (63.227.132.174) with ESMTP; 15 Aug 2004 23:05:42 -0000
Message-ID: <411FEEF3.6000501@mcc-ns.com>
Date: Sun, 15 Aug 2004 17:17:07 -0600
From: mrmcdonald <mrmcdonald@mcc-ns.com>
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  michael.mcdonald@conagra.cag
Subject: Test Message...
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Test Message

Test Message

MD

==================================

The device at IP addrx 216.161.141.2 is from MY servicing ISP.  The 63.226.132.x addrx is my SME-Server's internet address.

I have contacted my ISP, but so far they don't know why my e-mail 'sending' has begun failing.

Thank you in advance for your help,

Michael McDonald
McDonald Computer Consulting
and Network Services
michael.mcdonald@mcc-ns.com