Re: Spam non-boune reported as a bounce, and other related problems.
MikeE at ster.invalid
Thu Oct 28 08:34:37 EDT 2004
Dan French wrote:
> If you look at:
That is a mail with an empty returnpath which sez in the body "Please
take saveena at medtechtrans.com and any others with email addresses at
medtechtrans.com off x mailing lists. [...] " and with that addy in the
Mail for medtechtrans.com is handled by mail3.opentransfer.com
mail3.opentransfer.com DNS 220.127.116.11
That IP is the source of the mail and the source sez HELO
SC is configured to call anything with an empty returnpath
a bounce and to also say something foolish like "Message is old" meaning
I can't successfully test the address above, because the server agrees to
take mail for saveena and also agrees to take mail from a bogus addy.
> #1 The message is tracked back to 18.104.22.168 -- and it is forged.
> The IP address that medtechtrans.com uses is NOT 22.214.171.124 (and is
> nothing like that)
medtechtrans resolves differently than its mx mail3.opentransfer.com
I think the thing is some kind of stupid autoack based on a configuration
which accepts mails to that domainname and then 'soft bounces' or
belatedly bounces the item by creating a newmail like the above to the
originating mail's From.
Dumb system. Abusive to bogus Froms.
kibitzer, not SC admin
More information about the SpamCop-List