[Mailman-Users] investigating attack-like "mailfailures"

Brad Knowles brad at stop.mail-abuse.org
Sun Mar 13 19:00:24 CET 2005

At 5:17 PM +0000 2005-03-13, Nick Levine wrote:

>  Because the sender was spoofed as coming from alu.org, the "you are on
>  hold" message went to bibop's mail server, which happens to return the
>  code 450 (= temporary failure?) for unknown users.

	That's a little unusual, but does happen sometimes.

>                                                     It looks like
>  mailman keeps trying to resend a 450 bounce, every 15(?) minutes.

	It's not Mailman trying to resend the message.  It's your MTA, to 
which Mailman handed over the message.

>  Bounces from other mail servers tend to carry the 550 code (=
>  permanent failure?) and mailman gives up.

	Again, it's not Mailman giving up.  It's your MTA.

>  Uhm, will it keep on doing this forever? It's tried sending to
>  beverley over 130 times since yesterday morning.

	Your MTA will continue to try to re-send that message for the 
period of time that it is configured to do so.  With the information 
you have available to you, you should be able to figure out which of 
the messages in the mail queue of your MTA is the one you want to 
delete, and then you can use the tools appropriate to your MTA to 
delete it.

	However, the MTA-specific aspects of this process are something 
you should pursue on a mailing list or newsgroup that is appropriate 
to your MTA (e.g., postfix-users), and not here.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list