Emails to non-existent accounts being sent to users
Emails to non-existent accounts being sent to users
I have seen this thread (from 2015) with the same issue I encountered right now.
http://mailenable.com/forum/viewtopic.php?f=7&t=40712#p108159
Mail to a non-hosted domain (nor mailbox) is delivered to (probably) the first email account that has been created on the server (unfortunately mine ).
Situation:
- no default post office
- no mailservice for domain
- no catchall (not even on my domain)
- relay only enabled for local server
Running MailEnable 10.34, along with Plesk on Windows 2016.
Any resolutions, suggestions?
Kind regards,
Jan
http://mailenable.com/forum/viewtopic.php?f=7&t=40712#p108159
Mail to a non-hosted domain (nor mailbox) is delivered to (probably) the first email account that has been created on the server (unfortunately mine ).
Situation:
- no default post office
- no mailservice for domain
- no catchall (not even on my domain)
- relay only enabled for local server
Running MailEnable 10.34, along with Plesk on Windows 2016.
Any resolutions, suggestions?
Kind regards,
Jan
Re: Emails to non-existent accounts being sent to users
To Illustrate what is happening an example:
(replaced my mail account by jvdbroek@company.com and the server by MAILSERVER.COM and the server its IP by ##.##.##.##)
An email that was sent from iymomcm@tipontale.it to henkaarts@marketingpartners.nl but was delivered to the mailbox jvdbroek@company.com. The mail headers:
SMTP log:
It was delivered to my mailbox
Debug log:
I assume the sender connects to the server by IP or an existing / hosted domain and posted an email directed to an non-existent mail account.
Hope this helps!
Kind regards,
Jan
(replaced my mail account by jvdbroek@company.com and the server by MAILSERVER.COM and the server its IP by ##.##.##.##)
An email that was sent from iymomcm@tipontale.it to henkaarts@marketingpartners.nl but was delivered to the mailbox jvdbroek@company.com. The mail headers:
Code: Select all
Received: from mail.tipontale.it ([62.75.207.34]) by MAILSERVER.COM with
MailEnable ESMTP; Mon, 2 Aug 2021 18:20:07 +0200
Received: from tipontale.it (unknown [146.185.235.48])
by mail.tipontale.it (Postfix) with ESMTPA id 196FF13619A5;
Mon, 2 Aug 2021 19:13:28 +0300 (EEST)
Message-ID: <iymomcm50661566.04382627@mail.tipontale.it>
From: "DR.DERM" <iymomcm@tipontale.it>
To: <henkaarts@marketingpartners.nl>
Subject: =?utf-8?B?RHIuRGVybSAtIGxhIHBlYXUgc2FpbmUgc2FucyBwcm9ibMOobWVz?=
Date: Mon, 02 Aug 2021 19:13:30 +0300
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0006_01D787D2.291C9560"
Precedence: bulk
List-Id: b03527328v20006575
X-Complaints-To: abuse@tipontale.it
Return-Path: <iymomcm@tipontale.it>
Code: Select all
2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 EHLO EHLO+mail.tipontale.it 250-MAILSERVER.COM+[62.75.207.34],+this+server+offers+5+extensions WIN-SERVER 240 24 -
2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 MAIL MAIL+FROM:<iymomcm@tipontale.it> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 34 -
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> WIN-SERVER 46 6 -
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> WIN-SERVER 43 127899 -
2021-08-02 18:20:07 62.75.207.34 SMTP-IN - ##.##.##.## 1728 QUIT QUIT 221+Service+closing+transmission+channel WIN-SERVER 42 6 -
Debug log:
Code: Select all
08/02/21 18:20:10 [898E3CEBFACB4A94AE92BB256155F201.MAI] Skipping autoresponse from PO=company.com MBX=jvdbroek to [SMTP:iymomcm@tipontale.it] as the message is flagged as bulk.
08/02/21 18:20:10 [898E3CEBFACB4A94AE92BB256155F201.MAI] Delivered message from [SMTP:iymomcm@tipontale.it] to PO=company.com MBX=jvdbroek FLD=\Inbox
I assume the sender connects to the server by IP or an existing / hosted domain and posted an email directed to an non-existent mail account.
Hope this helps!
Kind regards,
Jan
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Emails to non-existent accounts being sent to users
Hi,
Check the SMTP debug log file for more information in regards to the SMTP inbound transaction. Do you have a catch-all mailbox enabled for the domain?
Check the SMTP debug log file for more information in regards to the SMTP inbound transaction. Do you have a catch-all mailbox enabled for the domain?
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Emails to non-existent accounts being sent to users
Hi Ian,
The example shows the SMTP-Debug-210802.log. Below includes the processed message before and after which do not seem to be related
The settings
- no default post office
- no mailservice for recipient domain 'marketingpartners.nl' nor sender domain 'tipontale.it' - these are NOT hosted on the server
- no catchall for domain 'company.com' (or any other)
MX records
https://mxtoolbox.com/SuperTool.aspx?action=mx%3amarketingpartners.nl&run=toolpage
https://mxtoolbox.com/SuperTool.aspx?action=mx%3atipontale.it&run=toolpage
Points to different servers.
I see no reason why the email is processed by ME nor why it is delivered to my inbox.
The referred file 'AF9952C019A947CC894E9644E8ACAADB.MAI' is not available below the C:\Program Files (x86)\Mail Enable folder.
Kind regards,
Jan
The example shows the SMTP-Debug-210802.log. Below includes the processed message before and after which do not seem to be related
Code: Select all
08/02/21 18:16:31 ME-I0101: [1800] Local Delivery: Address ([SMTP:jvdbroek@company.com]) is local.
08/02/21 18:16:31 ME-E0113: [1800] Message marked as spam: (85.202.168.95) was found in DNSBL zen.spamhaus.org.
08/02/21 18:16:31 ME-I0149: [1800] 4EF054E1F5A14DBD8BF5DF24AD3909FE.MAI was received successfully and delivery thread was initiated
08/02/21 18:16:31 ME-I0074: [1800] (Debug) End of conversation
08/02/21 18:20:07 ME-I0101: [1728] Local Delivery: Address ([SMTP:jvdbroek@company.com]) is local.
08/02/21 18:20:07 ME-I0149: [1728] AF9952C019A947CC894E9644E8ACAADB.MAI was received successfully and delivery thread was initiated
08/02/21 18:20:08 ME-I0074: [1728] (Debug) End of conversation
08/02/21 18:24:09 [1960] Successfully started inbound SSL conversation
08/02/21 18:24:10 ME-I0101: [1960] Local Delivery: Address ([SMTP:info@other-hosted-domain.com]) is local.
08/02/21 18:24:10 ME-I0149: [1960] E69F42A4230643A0908CA6431FDA2AB9.MAI was received successfully and delivery thread was initiated
08/02/21 18:24:11 ME-E0070: (recv) socket [1960] error during [QUIT] command from host 157.245.192.28. Socket was disconnected - Error: (10054)
08/02/21 18:24:11 ME-I0074: [1960] (Debug) End of conversation
The settings
- no default post office
- no mailservice for recipient domain 'marketingpartners.nl' nor sender domain 'tipontale.it' - these are NOT hosted on the server
- no catchall for domain 'company.com' (or any other)
MX records
https://mxtoolbox.com/SuperTool.aspx?action=mx%3amarketingpartners.nl&run=toolpage
https://mxtoolbox.com/SuperTool.aspx?action=mx%3atipontale.it&run=toolpage
Points to different servers.
I see no reason why the email is processed by ME nor why it is delivered to my inbox.
The referred file 'AF9952C019A947CC894E9644E8ACAADB.MAI' is not available below the C:\Program Files (x86)\Mail Enable folder.
Kind regards,
Jan
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Emails to non-existent accounts being sent to users
Hi,
PM me with the details of the original RCPT to address in the message that you see in the SMTP activity debug log file.
PM me with the details of the original RCPT to address in the message that you see in the SMTP activity debug log file.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Emails to non-existent accounts being sent to users
Hi Jan,
Assuming your search and replace was good, the email was sent to your email address:
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -
Assuming your search and replace was good, the email was sent to your email address:
2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -
Re: Emails to non-existent accounts being sent to users
Hi Philib,
This is indeed what happened. But my mail address was not in the TO or CC or BCC list - see the received headers which do look a bit odd with a blank line between From: and To:
Code: Select all
From: "DR.DERM" <iymomcm@tipontale.it>
To: <henkaarts@marketingpartners.nl>
I did a BCC test and then you see at least one header entry pointing to my mail address to justify the delivery.
Regards,
Jan
Re: Emails to non-existent accounts being sent to users
But ME will only use the RCPT TO address to decide a) whether the addressee is valid and b) which mailbox to deliver the message to.
Just like snail mail: the postman only reads the envelope. The details on the letter inside may be completely different from what's on the envelope and the "headers" on that letter (from, to, subject, etc) may be completely fake.
I notice that you have this in one of your logs:
Personally, I just reject any email from an IP address listed in zen.
Just like snail mail: the postman only reads the envelope. The details on the letter inside may be completely different from what's on the envelope and the "headers" on that letter (from, to, subject, etc) may be completely fake.
I notice that you have this in one of your logs:
Code: Select all
08/02/21 18:16:31 ME-E0113: [1800] Message marked as spam: (85.202.168.95) was found in DNSBL zen.spamhaus.org.
Re: Emails to non-existent accounts being sent to users
Hi Philib,
If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) then that's the best explanation.
The spam spreaders are not that strictly ....
Regarding you comment about spam filtering, I assume the DNSBL test used a domain to get to this IP.
Anyway, the mail is marked as spam, not rejected. Reasonable strategy.
Regards,
Jan
If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) then that's the best explanation.
The spam spreaders are not that strictly ....
Regarding you comment about spam filtering, I assume the DNSBL test used a domain to get to this IP.
Anyway, the mail is marked as spam, not rejected. Reasonable strategy.
Regards,
Jan
Re: Emails to non-existent accounts being sent to users
Hi Jan,
I not only reject mail from DNSBL-listed hosts, I also block them at the firewall. SMTP is often just the first thing tried by these people/bots.
I frequently see many (hundreds or even thousands) of dropped connections, to SMTP or other services, after blocking them.
Cheers,
Phil
That's the way all mail servers (or, more specifically, all Mail Transfer Agents) work.If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) ...
The IP is simply the address of the host that made a TCP connection to ME.... I assume the DNSBL test used a domain to get to this IP.
I not only reject mail from DNSBL-listed hosts, I also block them at the firewall. SMTP is often just the first thing tried by these people/bots.
I frequently see many (hundreds or even thousands) of dropped connections, to SMTP or other services, after blocking them.
Cheers,
Phil