Mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

hcl-bot · February 4, 2008, 10:12am

About a dozen of these pop in every few minutes:

From: Mailer-Daemon@outside.com

Originating IP: outside domain

Recipients: user@ourdomain.com

SendTo: user@ourdomain.com

Auto_Submitted: “auto-replied”

I look at the console and we are sending to this outside domain?!?

How would I find out what mailbox on our end is doing this?

any idea what’s going on?

TIA,

-MC

hcl-bot · February 4, 2008, 1:21pm

Subject: mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

did the user create a rule that might be causing autoresponder-to-autoresponder loops?

can you paste in a (sanitized) set of received headers?

hcl-bot · February 4, 2008, 10:21am

Subject: mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

Are you sure this isn’t a case of mistaken identity - One of your addresses is being spoofed?

We see these on occasion, and are reported by our users infrequently. They send a message to our support desk asking “Why did I get this delivery failure? I never sent this person a message”. Someone is using their SMTP address as the FROM for their SPAM, and when it fails it gets sent back to us.

Brian

hcl-bot · February 4, 2008, 10:48am

Subject: RE: mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

but the crazy thing is that I get the following lines in the server console:“Router: Message transferred to for Mailer-Daemon@outsidedomain.com via SMTP”

all with different message ids. Does this mean we’re sending out messages from our domain?

I added both the IP address and the outside domain to both the private and public blacklist in the messaging configuration and restarted both the smtp and router tasks on both servers in the cluster and these dam mail keep pouring in

?

-MC

hcl-bot · February 4, 2008, 11:02am

Subject: RE: mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

Have you opened the message from your mail.box, then viewed ths source?

Brian

hcl-bot · February 4, 2008, 11:26am

Subject: RE: mail.box keeps getting filled with delivery failures from an outside domain to an internal recipient?!?

The message in mail.box doesn’t provide much info.

I opened the message from our internal recipients’ mail file and it looks like an authentic delivery failure

I know he isn’t sending 50 emails/minute to this address but that’s how many failures we’re getting

?

-MC