One of the domains on my server are being bombed by mail. These appear
to be rejected mail ostensibly from the local user, but are not. There
is a new rejection message every 5 seconds! Many have a return path of
<>. My user runs OSX so hopefully is not suffering from a virus.
All mail pointed at his domain currently goes to his main account ("mainuser")
if it does not go to user1 or user2.
User mbox file config for this domain is like this:
file = ${if match {$original_local_part} {user1}\
{/home/example/Mail/user1}\
{\
${if match {$original_local_part} {2}\
{/home/example/Mail/user2}\
{/home/example/Mail/mainuser}}\
}}
Log example:
2004-07-07 14:53:00 1BiCqu-0000OL-4V <= <> H=itsmtp.digex.com (beltg1.corp.digex.com) [164.109.120.211] P=esmtp S=2100 id=52434B8832A85C4CAF257B522E3581B00B786716@???
2004-07-07 14:53:00 1BiCqu-0000OL-4V => fmbv995eiyjir <fMBv995EIYjIr@???> R=example T=mail_spool_EXAMPLE
Mail header example:
>From MAILER-DAEMON@??? Wed Jul 07 10:50:08 2004
Return-path: MAILER-DAEMON@???
Envelope-to: vdqxpa79l@???
Received: from pinga.eep.br ([200.19.90.36])
by myhost with esmtp (Exim 4.32)
id 1Bi93u-0007Ek-PC
for vdqxpa79l@???; Wed, 07 Jul 2004 10:50:03 +0100
Received: (from root@localhost)
by pinga.eep.br (8.12.3/8.12.3/Debian -4) id t679hXbj012931
for vdqxpa79l@???; Tue, 7 Jul 2015 06:43:33 -0300
Received: from localhost (localhost)
by pinga.eep.br (8.12.3/8.12.3/Debian -4) id t679hWdn012902;
Tue, 7 Jul 2015 06:43:32 -0300
Date: Tue, 7 Jul 2015 06:43:32 -0300
From: Mail Delivery Subsystem <MAILER-DAEMON@???>
Message-Id: <201507070943.t679hWdn012902@???>
To: VDqxPA79L@???
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="t679hWdn012902.1436262212/pinga.eep.br"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Virus-Scanned: by AMaViS 0.3.12
Status: RO
Content-Length: 3125
Lines: 85
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.3K --]
The original message was received at Tue, 7 Jul 2015 06:43:08 -0300
from [220.165.128.16]
----- The following addresses had permanent fatal errors -----
<fbranco@???>
(reason: User unknown)
----- Transcript of session follows -----
fbranco@???... User unknown
550 5.1.1 <fbranco@???>... User unknown
etc...
--
Rory Campbell-Lange
<rory@???>
<
www.campbell-lange.net>