At 6:51 PM -0700 7/8/02, Matthew Hill imposed structure on a stream of electrons, yielding: >Hey guys >I just received 100's of these bounces. I can not find them going >out form any of the servers. Just 100's of these bounces. I >thought i had all the anti-spam set correctly. Somewhere i missed >something. But again i can find these ever being sent out. >Here is the message headers anyone got any ideas? > >From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Ugh. Got any bounces from someplace other than AOL? Maybe someplace that includes all of the original message? >Date: Mon Jul 08, 2002 05:53:32 PM US/Pacific >To: <[EMAIL PROTECTED]> >Subject: Returned mail: User unknown >Return-Path: <> >X-Mirrored-By: [EMAIL PROTECTED] >Received: from omr-r02.mx.aol.com ([152.163.225.130] verified) by >milepost1.com (Stalker SMTP Server 1.8b8) with ESMTP id S.0001110929 >for <[EMAIL PROTECTED]>; Mon, 08 Jul 2002 17:54:18 -0700 >Received: from rly-st02.mail.aol.com (rly-st02.mail.aol.com >[172.20.75.162]) by omr-r02.mx.aol.com (v83.35) with ESMTP id >RELAYIN4-0708205332; Mon, 08 Jul 2002 20:53:32 -0400 >Received: from localhost (localhost) by rly-st02.mail.aol.com >(8.8.8/8.8.8/AOL-5.0.0) with internal id UAJ22918; Mon, 8 Jul 2002 >20:53:32 -0400 (EDT) That's the origin of this bounce. rly-st02.mail.aol.com. It had the message but could not deliver it. That's important. >Message-Id: <[EMAIL PROTECTED]> >Mime-Version: 1.0 >Content-Type: multipart/report; report-type=delivery-status; >boundary="UAJ22918.1026176012/rly-st02.mail.aol.com" >Auto-Submitted: auto-generated (failure) > >The original message was received at Mon, 8 Jul 2002 20:21:02 -0400 (EDT) >from rly-xf02.mail.aol.com [172.20.105.226] That's odd. I thought that was one of AOL's internal intercept machines. They catch connections aimed at outside port 25 from (most of ) their dialup ports and redirect them to the intercept boxes, which supposedly do heavy rate-limiting and filtering. My understanding was that the rly-x* machines were those intercept boxes... That would make this extremely odd. >*** ATTENTION *** > >Your e-mail is being returned to you because there was a problem with its >delivery. The address which was undeliverable is listed in the section >labeled: "----- The following addresses had permanent fatal errors -----". > >The reason your mail is being returned to you is listed in the section >labeled: "----- Transcript of Session Follows -----". > >The line beginning with "<<<" describes the specific reason your e-mail could >not be delivered. The next line contains a second error message which is a >general translation for other e-mail servers. > >Please direct further questions regarding this message to your e-mail >administrator. > >--AOL Postmaster > > > > ----- The following addresses had permanent fatal errors ----- ><[EMAIL PROTECTED]> > > ----- Transcript of session follows ----- >... while talking to air-xb03.mail.aol.com.: >RCPT To:<[EMAIL PROTECTED]> ><<< 550 MAILBOX NOT FOUND >550 <[EMAIL PROTECTED]>... User unknown >Reporting-MTA: dns; rly-st02.mail.aol.com >Arrival-Date: Mon, 8 Jul 2002 20:21:02 -0400 (EDT) > >Final-Recipient: RFC822; [EMAIL PROTECTED] >Action: failed >Status: 2.0.0 >Remote-MTA: DNS; air-xb03.mail.aol.com >Diagnostic-Code: SMTP; 250 OK >Last-Attempt-Date: Mon, 8 Jul 2002 20:53:32 -0400 (EDT) So basically, rly-st02 tried to pass along the message that it got from rly-xf02 to air-xb03, which rejected it. All AOL machines. This almost looks like it originated inside AOL with someone trying to pump it through an external machine but being caught by the interceptors, which re-routed it internally and got it bounced. Just a guess. > >From: cpuSYLVESTER <[EMAIL PROTECTED]> >Date: Mon Jul 08, 2002 05:22:42 PM US/Pacific >To: [EMAIL PROTECTED] >Subject: OUR LAST PICK WENT UP 47% IN JUST 2 >DAYS--------------------81769 ylrjc And there we have the mostly-useless snippet from the original message. No indication of the actual source. I thought AOL had gained a few clues on this and fixed that so all of the real headers (including Received headers) were included, but I guess I misunderstood... Of course, if this was generated internally to AOL (with a fake From address) there might not be any other headers. Hmmm. IF you have non-AOL bounces, they might be helpful in tracing the source and so figuring out if you have a relaying problem or if you just have an address that someone forged. If you only have AOL bounces, it would tend to support my wild guess as to how the original spam might not have ever touched your machine. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
