Message is waiting at downes.us.local for delivery to choiceweb.us.
The message will be retried for another 30 hours.
Reason: Mail Server for choiceweb.us could not accept your email at this time. MailEnable will keep trying to deliver this message and will notify you of any progress.
So i've been getting several of these the past few days, so far the delivery addresses are going to choiceweb.us, and nothingless.us
They are coming from POSTMASTER@mydomain.com (i've replaced my domain name everywhere here to mydomain.com instead of the real name) to my personal email address
At first i thought somebody was sending spam to others while spoofing my email address, but then i realized that wouldnt happen if im receiving an email from POSTMASTER@mydomain.com about it, that means my server is trying to send it. How do i get to the bottom of this? Its worrying me that my server is now spamming people, and this comes soon after I found my DNS server was open and people were using my server for DDoS attacks on others!
First, change the password to the postmaster to something extremely complex. Second, isolate the IP address sending it and block it.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
So my thought when reading your reply was "Great ideas!" So i get ready to go do those things but first, I login to my email to see if I can find the senders IP address in the headers, and I have 4 emails from "Delivery Subsystem" that say "Message Delivery Failure - Message Delivery Failure - Heart Attack Breakthrough", one of them has a different title which only changes the last big, the subject for a different email. So i looked through them and found something strange...
These emails are showing that the messages were sent to somebody on my mail server who has their account setup to forward all emails to their Gmail account. The emails are from the same email address, sent on the same dates and times, have the same subjects, but includes the contents where the other messages did not have the contents.
So my email receives an email to a user, my server tries to forward that email to another user, but i receive postmaster updates on my main account that has no association with the postmaster account? So i have 3 domains on the server, the email is sent to a domain different than mine, but its under the same post office in ME. I checked the properties of that domain and for the postmaster account, it says "Please select postmaster". So i changed it to Postmaster. The domain i'm using already has Postmaster selected. So the postmaster account is the same account for both domains, and has zero emails on the account.
So here's the real question. Why is ME sending me these updates? Is it sending these updates to every account or just me? Is this happening because no postmaster was selected on that domain? I did set it to Postmaster. Not sure how it came off of that...
First, I have postmaster accounts but I don't check them and I have it set to auto purge the inbox messages daily. Second, backscatter can occur when an address that you host allegedly sent an email out and kicks an error message back to the actual owner of the account. MXScan is good to resolve this. Third, notify this EU of this issue and you have suspended his redirection to his gmail account until matters settle down. You don't want to be placed on a blacklist due to this issue and Google will report you. Finally, I would install MXScan (www.mxuptime.com) and then set up a filter if MXScan doesn't catch this issue set up a filter in ME to find messages like this and stop it. Additionally, I would set ME to only do one Message undeliverable so you don't have issues. Further, if it appears that the EU may be infected with a virus, then the EU needs to fix it and their account is suspended until you're satisfied that it has been resolved. I have hundreds of users and when I see that kind of behavior, I change their password or disable their account and tell them until they get their computer really clean you will not enable their account. It fixes a chance of a compromised account by changing the password and it tells them they need to be more responsible with their computer. Perhaps these latter sentiments are not involved, but I am just passing on a suggestion should the need arise.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
I do the same with my postmaster accounts, i dont check them. I've logged into a couple other accounts and have spoken with several others with accounts and these emails were delivered specifically to me by POSTMASTER. Do you have any idea why i'm getting these and nobody else?
I cannot lock out the user where the problem stems from, he is one of the business owners that use our services. Here's an order of events for what is happening:
1) Account is receiving junk mail that is being forwarded to the account holders gmail account where gmail is rejecting the email because it is spam
2) This in return is causing my own postmaster account to send me emails telling me that the message couldnt be delivered and it will be retried for 30 hours. It even says "Precedence: bulk" in the header of the email!
3) After around 3-5 retry attempts (i havent counted), I receive a second type of email from my postmaster which is the failed email, letting me know its not trying again and includes a LOT more information.
Here's some strange things.. On some of these, the IP address doesnt exist, or the domain name doesnt exist. It should fail the SPF check and some of the others but its not?
