spam messages freeze
Wolfgang Kohnen (FEYERABEND)
wollie at FEYERABEND.LIS.BREMEN.DE
Sat May 7 22:44:18 IST 2005
[ The following text is in the "ISO-8859-15" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
[I had to resend this mail to this list, because I've sent it from a
wrong address.]
Hi folks,
this is a cross post to exim and mailscanner lists, 'cause I don't know
where I should search for a solution, or where I should ask.
I just switched on my new exim4 with MS (debian sarge) and the first
mails I receive are spams, of course. I see lots of spam coming in with
envelope-to: <> to non existent users and these messages freeze, since
there is no address to bounce to. Well, this seems to be a ususal spam
strategy and that my exim seems to be configured wrong, isn't it? Why
does exim try to bounce these messages? Maybe this is related to
MailScanner? One of the message logs look like this:
1DUVBW-0005d6-9L-H
Debian-exim 102 102
<>
1115494918 0
-ident Debian-exim
-received_protocol local
-body_linecount 72
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1115494918
-localerror
XX
1
claudia at sat.1.de
154P Received: from Debian-exim by feyerabend.lis.bremen.de with local
(Exim 4.50)
id 1DUVBW-0005d6-9L
for claudia at sat.1.de; Sat, 07 May 2005 21:41:58 +0200
043 X-Failed-Recipients: michael at lis.bremen.de
031 Auto-Submitted: auto-generated
057F From: Mail Delivery System <Mailer-Daemon at lis.bremen.de>
021T To: claudia at sat.1.de
059 Subject: Mail delivery failed: returning message to sender
057I Message-Id: <E1DUVBW-0005d6-9L at feyerabend.lis.bremen.de>
038 Date: Sat, 07 May 2005 21:41:58 +0200
The mail body looks like this:
1DUVBW-0005d6-9L-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
michael at lis.bremen.de
LMTP error after RCPT TO:<michael at lis.bremen.de>:
550-Mailbox unknown. Either there is no mailbox associated with this
550-name or you do not have authorization to see it.
550 5.1.1 User unknown
------ This is a copy of the message, including all the headers. ------
Return-path: <claudia at sat.1.de>
Received: from p54ac77df.dip.t-dialin.net ([84.172.119.223] helo=sat.1.de)
by feyerabend.lis.bremen.de with esmtp (Exim 4.50)
id 1DUVBG-0005cT-Uw
for michael at lis.bremen.de; Sat, 07 May 2005 21:41:49 +0200
From: claudia at sat.1.de
To: michael at lis.bremen.de
Date: Sat, 7 May 2005 21:40:58 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_60E1DAD0.BCAFD50F"
X-Priority: 3
X-MSMail-Priority: Normal
X-lis.bremen.de-MailScanner: Found to be infected
X-Spam-Level: ****
X-MailScanner-From: claudia at sat.1.de
Subject: {Virus!}
This is a multi-part message in MIME format.
------=_NextPart_000_0014_60E1DAD0.BCAFD50F
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Mail transaction failed. Partial message is available.
------=_NextPart_000_0014_60E1DAD0.BCAFD50F
Content-Type: text/plain; charset="ISO-8859-1"; name="WARNUNG.txt"
Content-Disposition: attachment; filename="WARNUNG.txt"
Content-Transfer-Encoding: quoted-printable
[continuing with attachements substituted by my MS. (W32/Mytob-R etc.
found)]
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list