Couple of days ago, a legit email got rejected. The sender got this as reply:
was considered unsolicited bulk e-mail (UBE).
Our internal reference code for your message is 2543112-06/Q8cmmCBHhq9r
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases some balance between
losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on either side.
First upstream SMTP client IP address: [80.237.130.84]
wp562.webpack.hosteurope.de
According to a 'Received:' trace, the message apparently originated at:
[80.237.130.84], wp562.webpack.hosteurope.de wp562.webpack.hosteurope.de
[80.237.130.84]
Return-Path: <[email protected]>
From: xxx xxx <[email protected]>
Message-ID: <[email protected]>
Subject: Post
Delivery of the email was stopped!
My log sais the following:
Apr 24 15:46:48 mx0 postfix/postscreen[2659970]: PASS OLD [80.237.130.84]:56258
Apr 24 15:46:49 mx0 postfix/smtpd[2660647]: connect from wp562.webpack.hosteurope.de[80.237.130.84]
Apr 24 15:46:49 mx0 postfix/smtpd[2660647]: Anonymous TLS connection established from wp562.webpack.hosteurope.de[80.237.130.84]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 24 15:46:49 mx0 policyd-spf[2660653]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=80.237.130.84; helo=wp562.webpack.hosteurope.de; [email protected]; receiver=<UNKNOWN>
Apr 24 15:46:49 mx0 postfix/smtpd[2660647]: D0A57606B1: client=wp562.webpack.hosteurope.de[80.237.130.84]
Apr 24 15:46:49 mx0 postsrsd[2660659]: srs_forward: <[email protected]> rewritten as <[email protected]>
Apr 24 15:46:49 mx0 postfix/cleanup[2660658]: D0A57606B1: message-id=<[email protected]>
Apr 24 15:46:49 mx0 opendkim[340]: D0A57606B1: wp562.webpack.hosteurope.de [80.237.130.84] not internal
Apr 24 15:46:49 mx0 opendkim[340]: D0A57606B1: not authenticated
Apr 24 15:46:49 mx0 opendmarc[346]: D0A57606B1: sender.de none
Apr 24 15:46:49 mx0 postfix/qmgr[1146]: D0A57606B1: from=<[email protected]>, size=165859, nrcpt=1 (queue active)
Apr 24 15:46:50 mx0 postfix/smtpd[2660647]: disconnect from wp562.webpack.hosteurope.de[80.237.130.84] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 24 15:46:52 mx0 postfix/postscreen[2659970]: DNSBL rank 5 for [217.112.142.135]:48915
Apr 24 15:46:52 mx0 postfix/postscreen[2659970]: NOQUEUE: reject: RCPT from [217.112.142.135]:48915: 550 5.7.1 Service unavailable; client [217.112.142.135] blocked using zen.spamhaus.org; from=<[email protected]>, to=<[email protected]>, proto=ESMTP, helo=<recondite.drkhedri.com>
Apr 24 15:46:52 mx0 postfix/postscreen[2659970]: DISCONNECT [217.112.142.135]:48915
Apr 24 15:46:54 mx0 postfix/smtpd[2660682]: connect from localhost[127.0.0.1]
Apr 24 15:46:54 mx0 postfix/smtpd[2660682]: 21F2F619D2: client=localhost[127.0.0.1]
Apr 24 15:46:54 mx0 postsrsd[2660659]: srs_forward: <""> not rewritten: No at sign in sender address
Apr 24 15:46:54 mx0 postsrsd[2660660]: srs_reverse: <[email protected]> rewritten as <[email protected]>
Apr 24 15:46:54 mx0 postfix/cleanup[2660658]: 21F2F619D2: message-id=<[email protected]>
Apr 24 15:46:54 mx0 postsrsd[2660660]: srs_reverse: <[email protected]> rewritten as <[email protected]>
Apr 24 15:46:54 mx0 postfix/qmgr[1146]: 21F2F619D2: from=<>, size=5322, nrcpt=1 (queue active)
Apr 24 15:46:54 mx0 postfix/smtpd[2660682]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 24 15:46:54 mx0 amavis[2543112]: (2543112-06) Blocked SPAM {BouncedInbound,Quarantined}, [80.237.130.84]:56258 [80.237.130.84] <[email protected]> -> <[email protected]>, quarantine: Q/spam-Q8cmmCBHhq9r.gz, Queue-ID: D0A57606B1, Message-ID: <[email protected]>, mail_id: Q8cmmCBHhq9r, Hits: 3.749, size: 166910, 4264 ms
Apr 24 15:46:54 mx0 postfix/smtp[2660661]: D0A57606B1: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.8, delays=0.57/0.01/0.01/4.3, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=2543112-06, BOUNCE)
Apr 24 15:46:54 mx0 postfix/qmgr[1146]: D0A57606B1: removed
Spamassasin settings:
ENABLE_SPAMASSASSIN=1
SPAMASSASSIN_SPAM_TO_INBOX=1
SA_TAG=0.0
SA_TAG2=3.0
SA_KILL=3.0
SA_SPAM_SUBJECT=undef
Is this related to #1396 ?
Why do I not get any notification about this?
Where is the "Quarantaine"?
How can I configure the mailserver to deliver such emails?
Couple of days ago, a legit email got rejected. The sender got this as reply:
My log sais the following:
Spamassasin settings:
Is this related to #1396 ?
Why do I not get any notification about this?
Where is the "Quarantaine"?
How can I configure the mailserver to deliver such emails?