1

Topic: Does this mean people are relaying off my server?

These keep showing up in my inbox: (bpdx.com is a domain I host)

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

sergey-chukarev@mail.ru
   Domain sdkarki.com has exceeded the max emails per hour (438/350 (125%)) allowed.  Message discarded.

------ This is a copy of the message, including all the headers. ------

Return-path: <egOMinUwIYcFX@bPDX.com>
Received: from localhost ([127.0.0.1]:56058)
    by server.bentraytech.com with smtp (Exim 4.82)
    (envelope-from <egOMinUwIYcFX@bPDX.com>)
    id 1WOaf5-0003MF-IX
    for sergey-chukarev@mail.ru; Sat, 15 Mar 2014 04:18:07 +0545
From: =?utf-8?B?0JXQu9C40LfQsNCy0LXRgtCwINCc0LXQtNCy0LXQtNC10LLQsA==?= <egOMinUwIYcFX@bPDX.com>
Message-ID: 978906462151.NwxrQlyQiGFLD@mail.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
To: sergey-chukarev@mail.ru
Subject: =?utf-8?B?0KDQtdCz0LjRgdGC0YDQsNGG0LjRjyDQntCe0J4=?=

Добрый день!
Наша компания "Bestrega" предлагает следующие юридические услуги:
- регистрация ООО под ключ 5000 руб.
- регистрация и ликвидация предприятий;
- продажа готовых фирм, в том числе и лицензированных;
- предложение услуг по сопровождению бизнеса;
- бесплатные консультационные услуги;
- готовые фирмы.

По всем вопросам звоните по тел. - (499)5О4-98-О2
==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Does this mean people are relaying off my server?

ozznixon wrote:

sergey-chukarev@mail.ru
   Domain sdkarki.com has exceeded the max emails per hour (438/350 (125%)) allowed.  Message discarded.

It's clear in the log.

3

Re: Does this mean people are relaying off my server?

Actually it is not clear - (a) NO ONE uses BPDX.com to send we us 3FLABS.COM now. (b) we do not host the sdkaraki.com domain - so - thus my question --- are people relaying off my server???? BPDX.com is used as an inbound alias and the catch-all forwards to my personal account at 3FLABS. So any old customers can still get a hold of us - we have not used BPDX.com to send for over a decade now.

4

Re: Does this mean people are relaying off my server?

ozznixon wrote:

(b) we do not host the sdkaraki.com domain - so - thus my question --- are people relaying off my server????

I guess this is why it happened:

*) Someone sent email from 'xxx@sdkaraki.com' to 'xxx@mail.ru', and use your address "egOMinUwIYcFX@bPDX.com" in mail header field "Return-path:".
*) As mentioned in bounce email, recipient (mail.ru) reports "(sender) domain sdkarki.com has exceeded the max emails per hour", so mail.ru rejected this email and bounce it to the address specified in 'Return-Path:'.

Reference:
http://www.postfix.org/BACKSCATTER_README.html