[Mailman-Users] investigating attack-like "mailfailures"
Brad Knowles
brad at stop.mail-abuse.org
Sun Mar 13 19:00:24 CET 2005
At 5:17 PM +0000 2005-03-13, Nick Levine wrote:
> Because the sender was spoofed as coming from alu.org, the "you are on
> hold" message went to bibop's mail server, which happens to return the
> code 450 (= temporary failure?) for unknown users.
That's a little unusual, but does happen sometimes.
> It looks like
> mailman keeps trying to resend a 450 bounce, every 15(?) minutes.
It's not Mailman trying to resend the message. It's your MTA, to
which Mailman handed over the message.
> Bounces from other mail servers tend to carry the 550 code (=
> permanent failure?) and mailman gives up.
Again, it's not Mailman giving up. It's your MTA.
> Uhm, will it keep on doing this forever? It's tried sending to
> beverley over 130 times since yesterday morning.
Your MTA will continue to try to re-send that message for the
period of time that it is configured to do so. With the information
you have available to you, you should be able to figure out which of
the messages in the mail queue of your MTA is the one you want to
delete, and then you can use the tools appropriate to your MTA to
delete it.
However, the MTA-specific aspects of this process are something
you should pursue on a mailing list or newsgroup that is appropriate
to your MTA (e.g., postfix-users), and not here.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list