Emails to non-existent accounts being sent to users

Discussion regarding the Standard version.
Post Reply
JvdBroek
Posts: 6
Joined: Fri Aug 06, 2021 10:31 am

Emails to non-existent accounts being sent to users

Post by JvdBroek »

I have seen this thread (from 2015) with the same issue I encountered right now.
http://mailenable.com/forum/viewtopic.php?f=7&t=40712#p108159

Mail to a non-hosted domain (nor mailbox) is delivered to (probably) the first email account that has been created on the server (unfortunately mine :? ).

Situation:
- no default post office
- no mailservice for domain
- no catchall (not even on my domain)
- relay only enabled for local server

Running MailEnable 10.34, along with Plesk on Windows 2016.

Any resolutions, suggestions?

Kind regards,
Jan

JvdBroek
Posts: 6
Joined: Fri Aug 06, 2021 10:31 am

Re: Emails to non-existent accounts being sent to users

Post by JvdBroek »

To Illustrate what is happening an example:
(replaced my mail account by jvdbroek@company.com and the server by MAILSERVER.COM and the server its IP by ##.##.##.##)

An email that was sent from iymomcm@tipontale.it to henkaarts@marketingpartners.nl but was delivered to the mailbox jvdbroek@company.com. The mail headers:

Code: Select all

Received: from mail.tipontale.it ([62.75.207.34]) by MAILSERVER.COM with
 MailEnable ESMTP; Mon, 2 Aug 2021 18:20:07 +0200
Received: from tipontale.it (unknown [146.185.235.48])
 by mail.tipontale.it (Postfix) with ESMTPA id 196FF13619A5;
 Mon,  2 Aug 2021 19:13:28 +0300 (EEST)
Message-ID: <iymomcm50661566.04382627@mail.tipontale.it>
From: "DR.DERM" <iymomcm@tipontale.it>

To: <henkaarts@marketingpartners.nl>​
Subject: =?utf-8?B?RHIuRGVybSAtIGxhIHBlYXUgc2FpbmUgc2FucyBwcm9ibMOobWVz?=
Date: Mon, 02 Aug 2021 19:13:30 +0300
MIME-Version: 1.0
Content-Type: multipart/related;
 type="multipart/alternative";
 boundary="----=_NextPart_000_0006_01D787D2.291C9560"
Precedence: bulk
List-Id: b03527328v20006575
X-Complaints-To: abuse@tipontale.it
Return-Path: <iymomcm@tipontale.it>
SMTP log:

Code: Select all

2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 EHLO EHLO+mail.tipontale.it 250-MAILSERVER.COM+[62.75.207.34],+this+server+offers+5+extensions WIN-SERVER 240 24 - 
2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 MAIL MAIL+FROM:<iymomcm@tipontale.it> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 34 - 
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 - 
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> WIN-SERVER 46 6 - 
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> WIN-SERVER 43 127899 - 
2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 QUIT QUIT 221+Service+closing+transmission+channel WIN-SERVER 42 6 -
It was delivered to my mailbox

Debug log:

Code: Select all

08/02/21 18:20:10    [898E3CEBFACB4A94AE92BB256155F201.MAI] Skipping autoresponse from PO=company.com MBX=jvdbroek to [SMTP:iymomcm@tipontale.it] as the message is flagged as bulk.
08/02/21 18:20:10    [898E3CEBFACB4A94AE92BB256155F201.MAI] Delivered message from [SMTP:iymomcm@tipontale.it] to PO=company.com MBX=jvdbroek FLD=\Inbox

I assume the sender connects to the server by IP or an existing / hosted domain and posted an email directed to an non-existent mail account.

Hope this helps!

Kind regards,
Jan

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Emails to non-existent accounts being sent to users

Post by MailEnable-Ian »

Hi,

Check the SMTP debug log file for more information in regards to the SMTP inbound transaction. Do you have a catch-all mailbox enabled for the domain?
Regards,

Ian Margarone
MailEnable Support

JvdBroek
Posts: 6
Joined: Fri Aug 06, 2021 10:31 am

Re: Emails to non-existent accounts being sent to users

Post by JvdBroek »

Hi Ian,

The example shows the SMTP-Debug-210802.log. Below includes the processed message before and after which do not seem to be related

Code: Select all

08/02/21 18:16:31	ME-I0101: [1800] Local Delivery: Address ([SMTP:jvdbroek@company.com]) is local.
08/02/21 18:16:31	ME-E0113: [1800] Message marked as spam: (85.202.168.95) was found in DNSBL zen.spamhaus.org.
08/02/21 18:16:31	ME-I0149: [1800] 4EF054E1F5A14DBD8BF5DF24AD3909FE.MAI was received successfully and delivery thread was initiated
08/02/21 18:16:31	ME-I0074: [1800] (Debug) End of conversation
08/02/21 18:20:07	ME-I0101: [1728] Local Delivery: Address ([SMTP:jvdbroek@company.com]) is local.
08/02/21 18:20:07	ME-I0149: [1728] AF9952C019A947CC894E9644E8ACAADB.MAI was received successfully and delivery thread was initiated
08/02/21 18:20:08	ME-I0074: [1728] (Debug) End of conversation
08/02/21 18:24:09	[1960] Successfully started inbound SSL conversation
08/02/21 18:24:10	ME-I0101: [1960] Local Delivery: Address ([SMTP:info@other-hosted-domain.com]) is local.
08/02/21 18:24:10	ME-I0149: [1960] E69F42A4230643A0908CA6431FDA2AB9.MAI was received successfully and delivery thread was initiated
08/02/21 18:24:11	ME-E0070: (recv) socket [1960] error during [QUIT] command from host 157.245.192.28. Socket was disconnected - Error: (10054)
08/02/21 18:24:11	ME-I0074: [1960] (Debug) End of conversation

The settings
- no default post office
- no mailservice for recipient domain 'marketingpartners.nl' nor sender domain 'tipontale.it' - these are NOT hosted on the server
- no catchall for domain 'company.com' (or any other)

MX records
https://mxtoolbox.com/SuperTool.aspx?action=mx%3amarketingpartners.nl&run=toolpage
https://mxtoolbox.com/SuperTool.aspx?action=mx%3atipontale.it&run=toolpage
Points to different servers.

I see no reason why the email is processed by ME nor why it is delivered to my inbox.

The referred file 'AF9952C019A947CC894E9644E8ACAADB.MAI' is not available below the C:\Program Files (x86)\Mail Enable folder.

Kind regards,
Jan

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Emails to non-existent accounts being sent to users

Post by MailEnable-Ian »

Hi,

PM me with the details of the original RCPT to address in the message that you see in the SMTP activity debug log file.
Regards,

Ian Margarone
MailEnable Support

Philb
Posts: 50
Joined: Fri Jul 25, 2003 11:02 pm
Location: Sydney, NSW, Australia

Re: Emails to non-existent accounts being sent to users

Post by Philb »

Hi Jan,

Assuming your search and replace was good, the email was sent to your email address:

2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -

JvdBroek
Posts: 6
Joined: Fri Aug 06, 2021 10:31 am

Re: Emails to non-existent accounts being sent to users

Post by JvdBroek »

Philb wrote:
Wed Aug 18, 2021 5:52 am
Hi Jan,

Assuming your search and replace was good, the email was sent to your email address:

2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -

Hi Philib,

This is indeed what happened. But my mail address was not in the TO or CC or BCC list - see the received headers which do look a bit odd with a blank line between From: and To:

Code: Select all

From: "DR.DERM" <iymomcm@tipontale.it>

To: <henkaarts@marketingpartners.nl>​
Perhaps that's the reason why it is sent to "(probably) the first email account created" ...

I did a BCC test and then you see at least one header entry pointing to my mail address to justify the delivery.

Regards,
Jan

Philb
Posts: 50
Joined: Fri Jul 25, 2003 11:02 pm
Location: Sydney, NSW, Australia

Re: Emails to non-existent accounts being sent to users

Post by Philb »

But ME will only use the RCPT TO address to decide a) whether the addressee is valid and b) which mailbox to deliver the message to.

Just like snail mail: the postman only reads the envelope. The details on the letter inside may be completely different from what's on the envelope and the "headers" on that letter (from, to, subject, etc) may be completely fake.

I notice that you have this in one of your logs:

Code: Select all

08/02/21 18:16:31	ME-E0113: [1800] Message marked as spam: (85.202.168.95) was found in DNSBL zen.spamhaus.org.
Personally, I just reject any email from an IP address listed in zen.

JvdBroek
Posts: 6
Joined: Fri Aug 06, 2021 10:31 am

Re: Emails to non-existent accounts being sent to users

Post by JvdBroek »

Hi Philib,

If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) then that's the best explanation.
The spam spreaders are not that strictly ....

Regarding you comment about spam filtering, I assume the DNSBL test used a domain to get to this IP.
Anyway, the mail is marked as spam, not rejected. Reasonable strategy.

Regards,
Jan

Philb
Posts: 50
Joined: Fri Jul 25, 2003 11:02 pm
Location: Sydney, NSW, Australia

Re: Emails to non-existent accounts being sent to users

Post by Philb »

Hi Jan,
If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) ...
That's the way all mail servers (or, more specifically, all Mail Transfer Agents) work.
... I assume the DNSBL test used a domain to get to this IP.
The IP is simply the address of the host that made a TCP connection to ME.

I not only reject mail from DNSBL-listed hosts, I also block them at the firewall. SMTP is often just the first thing tried by these people/bots.
I frequently see many (hundreds or even thousands) of dropped connections, to SMTP or other services, after blocking them.

Cheers,
Phil

Post Reply