Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2004
    Posts
    1,007

    failure notice:thouzands of emails in a very short period

    Hello everyone,

    I am getting thouzands of similar emails a day with below content.


    Earlier today i was getting the other emials but has fixed an issue with safe mode off.

    Hi. This is the qmail-send program at server.domain1.info.
    I tried to deliver a bounce message to this address, but the bounce bounced!

    <VTNDKZCY@CYBERROOT.COM>:
    Sorry, I couldn't find any host named CYBERROOT.COM. (#5.1.2)

    --- Below this line is the original bounce.

    Return-Path: <>
    Received: (qmail 3789 invoked for bounce); 27 Apr 2005 16:20:59 -0000
    Date: 27 Apr 2005 16:20:59 -0000
    From: MAILER-DAEMON@domain1.info.domain3.com
    To: VTNDKZCY@CYBERROOT.COM
    Subject: failure notice

    Hi. This is the qmail-send program at domain1.info.domain3.com.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <burkett@domain.com>:
    This address no longer accepts mail.

    <burroughs@domain.com>:
    This address no longer accepts mail.

    <bynum@domain.com>:
    This address no longer accepts mail.

    <burrell@domain.com>:
    This address no longer accepts mail.

    <byrne@domain.com>:
    This address no longer accepts mail.

    <britton@domain.com>:
    This address no longer accepts mail.

    <bullard@domain.com>:
    This address no longer accepts mail.

    <broussard@domain.com>:
    This address no longer accepts mail.

    <brunson@domain.com>:
    This address no longer accepts mail.

    <brewster@domain.com>:
    This address no longer accepts mail.

    --- Below this line is a copy of the message.

    Return-Path: <VTNDKZCY@CYBERROOT.COM>
    Received: (qmail 3767 invoked from network); 27 Apr 2005 16:20:59 -0000
    Received: from pcp08745885pcs.dckrsn01.tn.comcast.net (68.52.248.26)
    by 178.70-84-191.reverse.domain3.com with SMTP; 27 Apr 2005 16:20:59 -0000
    Received: from pol.bilow.com (IDENT:0@fervent.bilow.com)
    by mark.beach.net (8.10.0.Beta12/8.10.0.Beta76) with ESMTP id g26Iqxs02490
    for <VTNDKZCY@CYBERROOT.COM>; Wed, 27 Apr 2005 23:04:10 +0600
    Message-ID: <167465285.100884756@humidify.bilow.com>
    Date: Wed, 27 Apr 2005 11:09:10 -0600
    From: "Nick Duffy" <VTNDKZCY@CYBERROOT.COM>
    To: burkett@domain.com
    Cc: burrell@domain.com, byrne@domain.com, burroughs@domain.com, bynum@domain.com, brewster@domain.com, britton@domain.com, bullard@domain.com, broussard@domain.com, brunson@domain.com
    Subject: Check it out
    X-Mailer: Ximian Evolution 1.0.5

    Here's a question for you.
    Have you always wanted a big/ger Johnson?
    Has your parter been disappointed in the bed/room?

    If your just like me then you know exactly what i'm talking about.
    I tried this new a11 natura1 pro duct and so should you.

    Don't be embarrassed, the time is now
    http://scruple.smithbarberbar.com/n/newly
    Best Regards,
    Namesniper

  2. #2
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    Sounds like a spammer inside your server..
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  3. #3
    Join Date
    Mar 2004
    Posts
    1,007
    It seems like someone has sent an email to an email address loacted on my server but the qmail has bounced it back as there was no such a address and then teh message has been rebaunced back as there were no such a sender email but why i am receiving these messages at my server default email account ?

    Originally posted by techlollu
    Sounds like a spammer inside your server..
    Best Regards,
    Namesniper

  4. #4
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    You need to check for any php based spamming scripts running inside your server..if you are using plesk CP you can catch that script by enabling the phpsuexec..
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  5. #5
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,889
    Code:
    Return-Path: <VTNDKZCY@CYBERROOT.COM>
    Received: (qmail 3767 invoked from network); 27 Apr 2005 16:20:59 -0000
    Received: from pcp08745885pcs.dckrsn01.tn.comcast.net (68.52.248.26)
    by 178.70-84-191.reverse.domain3.com with SMTP; 27 Apr 2005 16:20:59 -0000
    Received: from pol.bilow.com (IDENT:0@fervent.bilow.com)
    by mark.beach.net (8.10.0.Beta12/8.10.0.Beta76) with ESMTP id g26Iqxs02490
    for <VTNDKZCY@CYBERROOT.COM>; Wed, 27 Apr 2005 23:04:10 +0600
    Message-ID: <167465285.100884756@humidify.bilow.com>
    Date: Wed, 27 Apr 2005 11:09:10 -0600
    From: "Nick Duffy" <VTNDKZCY@CYBERROOT.COM>
    From the original message header, check the Message-ID whether is it your hostname humidify.bilow.com of your qmail server? If it isn't, then I guess it mostly not originated from your qmail server. If it is not originally sent from your qmail server, even you enable phpsuexec also useless for your current situation. Double-bounces can be caused by spammers forging your email addresses/domains in the original message header Return-Path which I guess is the main cause of your current issue if the domain in the Return-Path: <VTNDKZCY@CYBERROOT.COM> is your domain hosted in your qmail server.

    Just my thoughts... ...
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  6. #6
    Join Date
    Mar 2004
    Posts
    1,007
    Can you please tell me how do i enable it and how do i check out for that script?



    Originally posted by techlollu
    You need to check for any php based spamming scripts running inside your server..if you are using plesk CP you can catch that script by enabling the phpsuexec..
    Best Regards,
    Namesniper

  7. #7
    Join Date
    Mar 2004
    Posts
    1,007
    "check the Message-ID whether is it your hostname humidify.bilow.com of your qmail server?"

    No its not hosted on my sevrer.

    "Double-bounces can be caused by spammers forging your email addresses/domains in the original message header Return-Path which I guess is the main cause of your current issue if the domain in the "

    Can you please suggest anythin,how do i stop them then?

    "Double-bounces can be caused by spammers forging your email addresses/domains in the original message header Return-Path which I guess is the main cause of your current issue if the domain in the Return-Path: <VTNDKZCY@CYBERROOT.COM> is your domain hosted in your qmail server."

    This domain name is not hosted on my server as well.


    Originally posted by choon
    Code:
    Return-Path: <VTNDKZCY@CYBERROOT.COM>
    Received: (qmail 3767 invoked from network); 27 Apr 2005 16:20:59 -0000
    Received: from pcp08745885pcs.dckrsn01.tn.comcast.net (68.52.248.26)
    by 178.70-84-191.reverse.domain3.com with SMTP; 27 Apr 2005 16:20:59 -0000
    Received: from pol.bilow.com (IDENT:0@fervent.bilow.com)
    by mark.beach.net (8.10.0.Beta12/8.10.0.Beta76) with ESMTP id g26Iqxs02490
    for <VTNDKZCY@CYBERROOT.COM>; Wed, 27 Apr 2005 23:04:10 +0600
    Message-ID: <167465285.100884756@humidify.bilow.com>
    Date: Wed, 27 Apr 2005 11:09:10 -0600
    From: "Nick Duffy" <VTNDKZCY@CYBERROOT.COM>
    From the original message header, check the Message-ID whether is it your hostname humidify.bilow.com of your qmail server? If it isn't, then I guess it mostly not originated from your qmail server. If it is not originally sent from your qmail server, even you enable phpsuexec also useless for your current situation. Double-bounces can be caused by spammers forging your email addresses/domains in the original message header Return-Path which I guess is the main cause of your current issue if the domain in the Return-Path: <VTNDKZCY@CYBERROOT.COM> is your domain hosted in your qmail server.

    Just my thoughts... ...
    Best Regards,
    Namesniper

  8. #8
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,889
    Without reading your real full message and knowing your server information, I am just making guesses... :p
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •