dodahday - BSD

This is a discussion on dodahday - BSD ; I am now getting notifications of failed mail delivery from direcway. The mail is being returned from dodahday@direcway.com as a result of that user being over quota. The header, but not the message, is returned in the notification. To the ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: dodahday

  1. dodahday

    I am now getting notifications of failed mail
    delivery from direcway. The mail is being returned
    from dodahday@direcway.com as a result of that
    user being over quota. The header, but not the message,
    is returned in the notification. To the best of my
    knowledge I am not sending any email to dodahday.
    Any ideas about how this is happening?

    Thanks,
    Dave Feustel

  2. Re: dodahday

    dave writes:

    > I am now getting notifications of failed mail
    > delivery from direcway. The mail is being returned
    > from dodahday@direcway.com as a result of that
    > user being over quota. The header, but not the message,
    > is returned in the notification. To the best of my
    > knowledge I am not sending any email to dodahday.
    > Any ideas about how this is happening?


    Welcome to the world of spam. Someone, somewhere, is sending something
    (typically spam) with your email address as the return address. Nothing
    you can do about it.

    // marc

  3. Re: dodahday

    Marco S Hyman wrote:
    > dave writes:
    >
    >> I am now getting notifications of failed mail
    >> delivery from direcway. The mail is being returned
    >> from dodahday@direcway.com as a result of that
    >> user being over quota. The header, but not the message,
    >> is returned in the notification. To the best of my
    >> knowledge I am not sending any email to dodahday.
    >> Any ideas about how this is happening?

    >
    > Welcome to the world of spam. Someone, somewhere, is sending something
    > (typically spam) with your email address as the return address. Nothing
    > you can do about it.
    >
    > // marc


    Thanks for the bad news. :-) I had thought of that possibility but
    wondered (as a result of an included ip that matched my 192... address)
    whether someone had used a sendmail exploit to relay email through my
    computer.

    Tonight all of a sudden mplayer is dieing while playing audio feeds.
    It's happened on two feeds and I can't reconnect either feed. I'm
    also suddenly getting porno email from an address of a company in TX
    that advertises legal services. I wonder if I have pissed off yet
    another soul somehow. All I did was email an article about George
    Bush & Co to a couple of my closest friends. :-)

    NEWS: BUSH CABINET SIGNS ILLEGAL COLLECTIVE DOCUMENT
    http://www.worldreports.org/news/50_...cover_for_corr



  4. Re: dodahday

    dave writes:

    > is returned in the notification. To the best of my
    > knowledge I am not sending any email to dodahday.
    > Any ideas about how this is happening?


    What you're seein is just a side effect of spammers using from
    addresses picked at random. Yours happened to be the one they picked
    that day. When you're postmaster you tend to see a few bizarre
    variations on this. The way it plays out is usually something like
    this:

    1) a spammer's message somehow manages to get through to a mail server
    for one of our domains

    2) the message is addressed to something_undeliverable@datadok.no, and
    my server bounces with an "unknown user" message

    3) the from address is another undeliverable at the from address' domain,
    and the from domain's server bounces my server's bounce

    the spammer of course sent the trash from somewhere totally unrelated
    to the apparent from domain, but that will not keep them from claiming
    that the quality of their multimillion address list is sterling and
    then some.

    --
    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
    delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

  5. Re: dodahday

    On Fri, 16 Feb 2007 09:06:55 +0100, Peter N. M. Hansteen wrote:

    > dave writes:
    >
    >> is returned in the notification. To the best of my
    >> knowledge I am not sending any email to dodahday.
    >> Any ideas about how this is happening?

    >
    > What you're seein is just a side effect of spammers using from
    > addresses picked at random. Yours happened to be the one they picked
    > that day. When you're postmaster you tend to see a few bizarre
    > variations on this. The way it plays out is usually something like
    > this:
    >
    > 1) a spammer's message somehow manages to get through to a mail server
    > for one of our domains
    >
    > 2) the message is addressed to something_undeliverable@datadok.no, and
    > my server bounces with an "unknown user" message
    >
    > 3) the from address is another undeliverable at the from address' domain,
    > and the from domain's server bounces my server's bounce
    >
    > the spammer of course sent the trash from somewhere totally unrelated
    > to the apparent from domain, but that will not keep them from claiming
    > that the quality of their multimillion address list is sterling and
    > then some.


    When a mail server accepts mail, then at a later point determines it is
    non-deliverable and sends a rejection notice back to the fabricated
    "from" address -- it produces a type of e-mail known as "backscatter."

    Backscatter is considered abusive behavior by many mail admins. The
    modern trend is to *never* accept undeliverable mail, but reject it during
    the intial sending. Think of it this way: a spam run sends 2 million
    e-mails with Dave's e-mail address as the "From" userid. If all of the
    mail servers issue "undeliverable" e-mails to Dave ... Dave will get 2
    million e-mails. Not friendly. Instead, if all mail servers reject the
    e-mail during their session with the spammer's servers ... Dave gets
    nothing. Better, eh?

    The SMTP protocol allows for two types of rejections: 5xx error codes are
    permanent rejections, and 4xx codes are temporary rejections (such as user
    over quota, or other temporary issues).

    --
    Replying directly will get you locally blacklisted.
    Change the address; use my first name in front of the @ if you want to
    communicate privately.


  6. Re: dodahday

    On Fri, 16 Feb 2007, in the Usenet newsgroup comp.unix.bsd.openbsd.misc, in
    article <87bqjujzkw.fsf@thingy.datadok.no>, Peter N. M. Hansteen wrote:

    >What you're seein is just a side effect of spammers using from
    >addresses picked at random. Yours happened to be the one they picked
    >that day. When you're postmaster you tend to see a few bizarre
    >variations on this. The way it plays out is usually something like
    >this:
    >
    >1) a spammer's message somehow manages to get through to a mail server
    > for one of our domains
    >
    >2) the message is addressed to something_undeliverable@datadok.no,


    and this should cause the mail server to respond with a

    550 Requested action not taken: mailbox unavailable

    ending that transaction right then and there.

    > and my server bounces with an "unknown user" message


    Point your news reader at news.admin.net-abuse.blocklisting and find out
    that this is called "backscatter" and the second fastest way to get your
    IP address onto blocklists behind sending spam directly. Fix your mail
    server so that it knows who is a valid recipient, and do not accept any
    mail for unknowns, so that you don't have to bounce it.

    Old guy

+ Reply to Thread