Earlier today I sent an email to a single recipient. A minute later I got back
an error message stating that the email could not be delivered to three of
the recipients. None of the addresses listed as being intended recipients
was known to me, one was at a domain with no IP address on record, one
was “Recipient address rejected” and the third message was “rejected as
spam by Content Filtering”. There was fourth recipient address listed too
with no indication that the message had not been delivered to it, and with
a copy of the subject. That was the address of the single person to
whom I’d sent the original message along with the corresponding subject.
The intended recipient never got the message.
The sending ISP can find no record of the bogus addresses in their smtp server
logs.
The intended recipient’s ISP can find no record of the email at all.
Neither ISP had any record of the error message having been generated.
Both ISPs are very concerned and have started further investigations.
Sending PC is running 13.1 (64) with all current patches except that the
sending email client is Thunderbird 17.08 (the newer versions do not properly
display a variety of calendars that I cannot do without).
Internet connection is through two firewalls and 3 routers, not impossible
to hack, but unlikely.
I only post this as a way of suggesting folks be aware that there might now be a
way for unscrupulous senders to “piggyback” recipients on to our emails. Sounds
pretty strange I know, but I can’t offer much more than that. Perhaps someone
reading this is a whole lot brighter than I am and can offer a theory.
This is not an obvious problem. One would need more information to conclude that there is a problem.
I send mail to a mailing list. Shortly afterwards, I get a message indicating delivery failure to several of the recipients.
Those recipients come from the mailing list. A well managed mailing list will make sure that the error messages go the the list administrator, rather than the sender. However, there are mail systems out there that ignore the standards and send the error report to the sender anyway.
You send mail to me. I can convert my address to a mailing list simply by adding an entry to my aliases database. So a mail address can be a mailing list, even if you did not know that it was a mailing list.
Update:
The sending ISP just contacted me. They say they can’t explain the error
and asked me to send two more test emails to the same address.
Now I cannot repeat the error. So, this is getting even stranger. I’m tempted
to wonder if they did fix an issue and are being less than candid, but I would
hate to think that way.
I understand your logic, and it would make sense, however the recipient was my own wife’s personal mail account. I’ve thoroughly reviewed the mail accounts on both servers and confirmed that both sending and receiving accounts are simple mailboxes with no aliases or other forwards configured.
They probably mean that they won’t explain the error. They may have screwed up, then fixed the problem.
That reminds me of when I was in charge of our department solaris systems. When I installed a new version of solaris, it would immediately start bouncing all email, until I fixed the configuration.
> The intended recipient’s ISP can find no record of the email at all.
>
> Neither ISP had any record of the error message having been generated.
AND, as you are using Thunderbird, you do not have a record of it.
That is one of the reasons that I go through the pain of configuring
postfix even in my laptop, and having Thunderbird send via that postfix,
not directly: that I have logs.
Another way for this to happen is that you were using a bad/bogus DNS
server, which sent your posts somewhere else. This would be bad intent,
so if your email sending procedure include authentication, your email
password would be compromised now (unless TLS and certificate
verification was enforced).
My thought too, however I’m reluctant to condemn them, as I’ve hosted multiple domains & and a variety of setups with the same ISP for 9 or ten years now without an incident until today. I suspect this will remain “one of life’s little mysteries.”
I used to do exactly that. It worked great on the road, however I discovered that a lot of spam filters were automatically filtering out all messages originating from IPs similar to our home base, so after banging my head against the wall for years arguing with everyone I could think of to resolve that issue I finally had to switch to using a Stateside ISP’s SMTP server.
Another way for this to happen is that you were using a bad/bogus DNS
server, which sent your posts somewhere else. This would be bad intent
Now that’s a real possibility. I’ve switched a lot of our stuff to use google’s DNSs for a variety of performance related reasons. Maybe now I should switch over completely. Your thoughts??
so if your email sending procedure include authentication, your email
password would be compromised now (unless TLS and certificate
verification was enforced).
On 2014-05-09 21:26, caprus wrote:
>
> robin_listas;2642186 Wrote:
>> …That is one of the reasons that I go through the pain of configuring
>> postfix even in my laptop, and having Thunderbird send via that postfix,
>> not directly: that I have logs.
> I used to do exactly that. It worked great on the road, however I
> discovered that a lot of spam filters were automatically filtering out
> all messages originating from IPs similar to our home base, so after
> banging my head against the wall for years arguing with everyone I could
> think of to resolve that issue I finally had to switch to using a
> Stateside ISP’s SMTP server.
You still can do that with postfix. Just tell Thunderbird to hand over
to postfix which hands over to that SMTP server of your choice.
Of course, it adds complexity.
>> Another way for this to happen is that you were using a bad/bogus DNS
>> server, which sent your posts somewhere else. This would be bad intent
> Now that’s a real possibility. I’ve switched a lot of our stuff to use
> google’s DNSs for a variety of performance related reasons. Maybe now I
> should switch over completely. Your thoughts??
I don’t know… On some setups, the actual DNS used is recorded in the
logs. This laptop does (the dnsmasq daemon does, actually). You could
try scanning your logs trying to find such a thing. Do you use dhcp?
I also use google’s dns, they are convenient. On the other hand, I don’t
like using them more than absolutely necessary, because they /love/ data.