| Hello
I'm getting thousands of return ( delivery failure emails ) . I did not send any single email in last 2 weeks from this domain. How to fix this issue.
=======================================================================================
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
sevenoaks@towergate.co.uk
host eu-smtp-inbound-1.mimecast.com [91.220.42.201]
SMTP error from remote mail server after end of data:
554 Email rejected due to security policies - http://kb.mimecast.com/Mimecast_Know...rror_Codes#554
------ This is a copy of the message, including all the headers. ------
Return-path:
Received: from [186.224.54.37] (port=5793 helo=195-154-199-246.rev.poneytelecom.eu)
by server7.cyberframe.in with esmtpsa (TLSv1.2HE-RSA-AES256-GCM-SHA384:256)
(Exim 4.85)
(envelope-from )
id 1ZNSdJ-0002Ae-Ic
for sevenoaks@towergate.co.uk; Fri, 07 Aug 2015 02:53:28 +0530
Message-ID:
Reply-To: "Lloyds TSB Security Team"
From: "Lloyds TSB Security Team"
Subject: LLoyds Bank
Date: Fri, 7 Aug 2015 01:23:24 +0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_1673_01D0D0AF.A7B55F00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
This is a multi-part message in MIME format.
------=_NextPart_000_1673_01D0D0AF.A7B55F00
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_1674_01D0D0AF.A7B55F00"
------=_NextPart_001_1674_01D0D0AF.A7B55F00
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Hello,
Search attached electronic payment advice for your reference.
=20
=20
You can download the latest version of Acrobat Reader software from the A=
dobe website at the following address: http://www.adobe.co.uk/products/ac=
robat/readstep2.html
=20
Important: Do not use the "reply to" , that does not allow us to process =
your request.
=20
=20
With Respect=20
=20
Lloyds Bank UK.
Tel : 44 (0) 20 7327 1010
=20
------=_NextPart_001_1674_01D0D0AF.A7B55F00
Content-Type: text/html;
charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Subject : CIC</TITLE=
<META content=3D"text/html; charset=3Dwindows-1251" http-equiv=3DContent-=
Type>
<META name=3DProgId content=3DWord.Document>
<META name=3DGENERATOR content=3D"MSHTML 8.00.6001.23588">
<META name=3DOriginator content=3D"Microsoft Word 11"><LINK rel=3DFile-Li=
st=20
href=3D"mymsg.files/filelist.xml"><LINK rel=3DEdit-Time-Data=20
href=3D"mymsg.files/editdata.mso"><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
</td></tr></table><hr /><table><tr><td>Posted by <strong>nurahost</strong>, <u>08-07-2015, 01:33 AM</u></td></tr><tr><td>Please see the screenshot
http://i.imgur.com/RGxTiEi.png
</td></tr></table><hr /><table><tr><td>Posted by <strong>CharlsJoseph</strong>, <u>08-07-2015, 02:27 AM</u></td></tr><tr><td>Hello,
While checking the error log I can see that it is bounced because of " Mail loop detected " I suggest you to check the forwarders set, for the email accounts. I suggest you to check the forwarders set, for the email accounts. This situation may occur if you forward your domain emails to some other account and that account forwards back to your domain. So please check the forwarders set for the email accounts.
</td></tr></table><hr /><table><tr><td>Posted by <strong>Stratushost</strong>, <u>08-07-2015, 02:31 AM</u></td></tr><tr><td>Seems like you're dealing with a rootkit/trojan horse on your mail server. But to be more precise you should tell us the domain/ip address of your mail server/relay. Is it really 186.224.54.37?
</td></tr></table><hr /><table><tr><td>Posted by <strong>nurahost</strong>, <u>08-07-2015, 02:36 AM</u></td></tr><tr><td>This is not my IP address.
</td></tr></table><hr /><table><tr><td>Posted by <strong>gnusys</strong>, <u>08-07-2015, 02:53 AM</u></td></tr><tr><td>If someone is spamming and have set your email address as the From: address ,the Non Delivery message will be send to the From address or yourselves.
The way to stop this is to declare hosts that can send emails on your domains behalf in the SFP .This way if the receiving mail server has implemented SPF checking ..it can reject emails from the spam source which obviously will not be listed in the SPF .
Check your logs too and ensure someone is not spamming from a compromised account .
</td></tr></table><hr /><table><tr><td>Posted by <strong>bear</strong>, <u>08-07-2015, 06:39 AM</u></td></tr><tr><td>What error log? If you're referring to the link he provided at Mimecast, that's the error below the one it was rejected for, and has nothing to do with this issue.
</td></tr></table><hr /><table><tr><td>Posted by <strong>Srv24x7</strong>, <u>08-08-2015, 10:10 AM</u></td></tr><tr><td>Hi,
I would suggest going step by step. Check the mail logs first to see if you find any traces of spamming activity that has triggered unknowingly. This will help narrow down the investigation.
</td></tr></table><hr />
<br /><br />
</blockquote>
<form method="post" action="knowledgebase.php?action=displayarticle&id=57&useful=vote">
<input type="hidden" name="token" value="ab128f80cf0cc0c5185ebce685348b1fd9efcd15" />
<p>
<strong>Was this answer helpful?</strong> <select name="vote"><option value="yes">Yes</option><option value="no">No</option></select> <input type="submit" value="Vote" class="btn" />
</p>
</form>
<p><img src="images/addtofavouritesicon.gif" align="absmiddle" alt="Add to Favourites" /> <a href="#" onClick="addBookmark();return false">Add to Favourites</a> <img src="images/print.gif" align="absmiddle" alt="Print this Article" /> <a href="#" onclick="window.print();return false">Print this Article</a></p>
<div class="kbalsoread">Also Read</div>
<div class="kbarticle">
<img src="images/article.gif" align="middle" alt="" /> <strong><a href="knowledgebase.php?action=displayarticle&id=309">9net Ave - Concentric</a></strong> <span class="kbviews">(Views: 697)</span>
</div>
<div class="kbarticle">
<img src="images/article.gif" align="middle" alt="" /> <strong><a href="knowledgebase.php?action=displayarticle&id=315">How to get Yahoo to receive my emails?</a></strong> <span class="kbviews">(Views: 662)</span>
</div>
<div class="kbarticle">
<img src="images/article.gif" align="middle" alt="" /> <strong><a href="knowledgebase.php?action=displayarticle&id=427">Rkhunter log, need help</a></strong> <span class="kbviews">(Views: 647)</span>
</div>
<div class="kbarticle">
<img src="images/article.gif" align="middle" alt="" /> <strong><a href="knowledgebase.php?action=displayarticle&id=61">Hiding or masking information in IP whois lookup</a></strong> <span class="kbviews">(Views: 710)</span>
</div>
<div class="kbarticle">
<img src="images/article.gif" align="middle" alt="" /> <strong><a href="knowledgebase.php?action=displayarticle&id=106">Another problem with OxyHosts support..</a></strong> <span class="kbviews">(Views: 731)</span>
</div>
<br />
</div>
</div>
<div class="footerdivider">
<div class="fill"></div>
</div>
<div class="whmcscontainer">
<div class="footer">
<div id="copyright">Copyright © 2024 Blizzard HOST Solutions. All Rights Reserved.</div>
<div id="languagechooser"><form method="post" action="/knowledgebase.php?action=displayarticle&id=57" name="languagefrm" id="languagefrm">
<input type="hidden" name="token" value="ab128f80cf0cc0c5185ebce685348b1fd9efcd15" /><strong>Language:</strong> <select name="language" onchange="languagefrm.submit()"><option>Arabic</option><option>Azerbaijani</option><option>Catalan</option><option>Croatian</option><option>Czech</option><option>Danish</option><option>Dutch</option><option selected="selected">English</option><option>Farsi</option><option>French</option><option>German</option><option>Hungarian</option><option>Italian</option><option>Norwegian</option><option>Portuguese-br</option><option>Portuguese-pt</option><option>Russian</option><option>Spanish</option><option>Swedish</option><option>Turkish</option><option>Ukranian</option></select></form></div> <div class="clear"></div>
</div>
</div>
<!--Start of Tawk.to Script-->
<script type="text/javascript">
var Tawk_API=Tawk_API||{}, Tawk_LoadStart=new Date();
(function(){
var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0];
s1.async=true;
s1.src='https://embed.tawk.to/5ac0c2324b401e45400e3e83/default';
s1.charset='UTF-8';
s1.setAttribute('crossorigin','*');
s0.parentNode.insertBefore(s1,s0);
})();
</script>
<!--End of Tawk.to Script-->
</body>
</html> |
