Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: bjarni on July 22, 2004, 01:49:27 PM
-
I receive a message from MAILER-DAEMON every day when it tries to send to "report@dshield.org".
Why? I have no problem sending normal mails.
The mail looks like this:
----- MAIL START -----
Hi. This is the qmail-send program at MY_DOMAIN.dk.
I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<report@dshield.org>:
195.41.46.251 does not like recipient.
Remote host said: 550 <root@MY_DOMAIN.dk>: Sender address rejected: Domain not found Giving up on 195.41.46.251.
--- Below this line is a copy of the message.
Return-Path: <root@MY_DOMAIN.dk>
Received: (qmail 23615 invoked by uid 0); 21 Jul 2004 22:03:03 -0000
Date: 21 Jul 2004 22:03:03 -0000
Message-ID: <20040721220303.23612.qmail@MY_DOMAIN.dk>
To: report@dshield.org
From: nobody@nowhere.com
Subject: FORMAT IPTABLES USERID 99692068 TZ +02:00 VERSION DShield Framework 2002-04-25 IPTABLES 2002-03-28
Jul 21 00:02:56 sme-server kernel: denylog:IN=eth1 OUT= MAC=00:10:5a:a5:7e:fb:00:d0:2b:ab:c5:70:08:00 SRC=195.41.46.237 DST=8
......
hereafter comes A LOT of lines (1-2 Mb)
------ MAIL END ------
-
that looks like a fake email from a virus.
that virus steals sender sdresses or receipt adresses or creates unused adresses.
because of that you get this error-message.
check your windows-computers for viruses and delete the mail in the message queue.
cheers
-
Are you sure that dshield is not supposed to send a mail to report@dshield.org once a day? (I have installed dshield!)
I have Clam Antivirus running on my SME-SERVER and AVG-antivirus running on all Windows-PC's!
How do I delete the message in the message queue?
/bjarni
-
Have you hidden your domain name? Is this the exact output, unedited, from the email you recieve? If it is then is MY_DOMAIN .dk really your domain name? If not then there might be a config file for dsheild that allows you to set your domain name and it is still set to the default of MY_DOMAIN.dk.
Hope that helps,
Jon
-
I am also experiencing a QMAIL-SEND issue -- not sure if it is related to this one. I have a routable IP address that is registered. I also have 5 other virtual domains configured. Up until 2 weeks ago everything worked flawlessly. Qwest (known around here as "Q-worst") had a problem that took down several ISP's for the better portion of that Sunday. That is the only 'event' that I can attribute to this problem. I have re-booted (a last-resort attempt to rule out my equipment) the server with no success. I use this server also as a web-server for 6 domains (websites), IMAP/SMTP for 6 domains, and as a NAT server for my network. Web-serving, Incoming mail and NAT work perfectly - just out-going mail.
Here is a mail-failure notification I received:
====================================
Hi. This is the qmail-send program at mcc-ns.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<michael.mcdonald@conagra.cag>:
216.161.141.2 does not like recipient.
Remote host said: 550 not local host conagra.cag, not a gateway
Giving up on 216.161.141.2.
--- Below this line is a copy of the message.
Return-Path: <mrmcdonald@mcc-ns.com>
Received: (qmail 16215 invoked from network); 15 Aug 2004 23:05:42 -0000
Received: from pc-00120.mcc-ns.mcc (HELO [192.168.1.120]) (192.168.1.120)
by gandalf.mcc-ns.mcc (63.227.132.174) with ESMTP; 15 Aug 2004 23:05:42 -0000
Message-ID: <411FEEF3.6000501@mcc-ns.com>
Date: Sun, 15 Aug 2004 17:17:07 -0600
From: mrmcdonald <mrmcdonald@mcc-ns.com>
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: michael.mcdonald@conagra.cag
Subject: Test Message...
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Test Message
Test Message
MD
==================================
The device at IP addrx 216.161.141.2 is from MY servicing ISP. The 63.226.132.x addrx is my SME-Server's internet address.
I have contacted my ISP, but so far they don't know why my e-mail 'sending' has begun failing.
Thank you in advance for your help,
Michael McDonald
McDonald Computer Consulting
and Network Services
michael.mcdonald@mcc-ns.com