Issue Mail problems

[kojot]

Hello,
I'm in big troubles.

I created webspace and site.
Also I turned on mail for that webspace, but I'm receiving "Mail delivery system". 3 different types.
Those reports are attached.
One is that sender sent virus and it's rejected by remote server.
I open that message, and in zip file I see there is .js.

Can you help me with steps how to diagnose what could be a problem, and how to solve it?
Thank you.

 

[Bitpalast]

Speaking of viruses - I don't dare to open your zip file ... Maybe post error messages as text here directly?

 

[kojot]

Hello Peter,
in that zip are 3 msg files exported from Outlook. I did not succeed to upload here file with extension msg, so I zipped it.

Our mail server is africka-sljiva.ex4.info
Our mailbox is info@kringers.at
peter-dvorsky@chello.at is also our mail address, but hosted by UPC.

From message bellow I concluded that our mail server tried to send with mailbox info@kringers.at virus mail to peter-dvorsky@chello.at.
Hmmmm, while I'm typing maybe situation is next, so pls correct me if I'm not right
Our server is under SPAM attacks, I did not yet set DNSBL, last night I found that I need to set that to prevent receiving spam.
So in this situation, maybe we receiving spam, and there is turned on forward rule from info@kringers.at to peter-dvorsky@chello.at, and we receiving spam with virus content, and that forward rule sent that mail to peter-dvorsky@chello.at and their UPC server blocked msg like it have virus content.

This is one Message with that zipped virus content. So maybe now I'm understand why I receiving this mail

This is the mail system at host africka-sljiva.ex4.info.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<peter-dvorsky@chello.at>: host mxin.upcmail.net[213.46.255.45] said: 554 5.2.0
cfXb1u02b07TCC509fXdBt Virus content found (in reply to end of DATA
command)

Details

Reporting-MTA: dns; africka-sljiva.ex4.info
Original-Envelope-Id: <emcce9a5f3-8130-414e-8b5a-5f557bffe92b@kringers>
X-Postfix-Queue-ID: B07BA2683D11
X-Postfix-Sender: rfc822; info@kringers.at
Arrival-Date: Wed, 25 Jan 2017 16:31:35 +0100 (CET)

Final-Recipient: rfc822; peter-dvorsky@chello.at
Original-Recipient: rfc822;peter-dvorsky@chello.at
Action: failed
Status: 5.2.0
Remote-MTA: dns; mxin.upcmail.net
Diagnostic-Code: smtp; 554 5.2.0 cfXb1u02b07TCC509fXdBt Virus content found

But still not understand what is with this message. Looks like some confirmation mail that message is delivered. Why we receiving that?

This is the mail system at host africka-sljiva.ex4.info.
Your message was successfully delivered to the destination(s) listed below. If the message was delivered to mailbox you will receive no further notifications. Otherwise you may still receive notifications of mail delivery errors from other systems.
The mail system
<stefan.brandeis@gmail.com>: delivery via
gmail-smtp-in.l.google.com[74.125.128.27]:25: 250 2.0.0 OK 1485271066
d14si23179010wra.226 - gsmtp

Return-Path: <info@kringers.at>
Received: from [127.0.0.1] (62-178-134-103.cable.dynamic.surfer.at [62.178.134.103])
by africka-sljiva.ex4.info (Postfix) with ESMTPSA id 70C3C2683972
for <stefan.brandeis@gmail.com>; Tue, 24 Jan 2017 16:17:46 +0100 (CET)
From: Kringers-Team <info@kringers.at>
To: "Stefan Brandeis" <stefan.brandeis@gmail.com>
Subject: Re[2]: Reservierung
Date: Tue, 24 Jan 2017 15:17:47 +0000
Message-Id: <emf5daacf8-c3cc-4636-9fd1-ffdc3107c859@kringers>
In-Reply-To: <CADS6BfQeG9+u-O-Cw=-BksAim=vMiCpcEk12SWPmgz4q0kNH_w@mail.gmail.com>
References: <CADS6BfQveKgMHUSwp=NPTia_Rcg7NfJfCWxAO5R_VePconjdXA@mail.gmail.com>
<em052b5974-dc9c-4b49-b48d-19f1a706adc8@kringers>
<CADS6BfQeG9+u-O-Cw=-BksAim=vMiCpcEk12SWPmgz4q0kNH_w@mail.gmail.com>
Reply-To: Kringers-Team <info@kringers.at>
Disposition-Notification-To: Kringers-Team <info@kringers.at>
User-Agent: eM_Client/7.0.27943.0
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="------=_MB11D79E06-D4BE-4622-B26C-5A426A15C04D"

 

[Bitpalast]

You are presenting two different cases.

a) A mail comes in to your server and is forwarded to another server (final destination). That final destination detects a virus in the mail content and defers the mail. That is correct, if there is a malware, a phishing message or a similar malicious content in the incoming mail.

b) You are sending out a mail with a request for delivery confirmation. Once the mail is delivered, the receiving mail server sends you the delivery notification. If you do not want to receive delivery notifications, do not check the "read notification" (Outlook > Tab Optionen > Lesebest. anfordern) or "receive notification" (Outlook > Tab Optionen > Übermittlungsbest. anfordern) in your mail software.

Neither (a), nor (b) are issues.

 

[kojot]

Hi Peter,

yes you are right.
At the moment when I created this thread, I was worried that my server sending viruses, Now it is clear.
I added today DNSBL and I hope so that I will resolve big part of SPAM.

Do you have some simple link how to harden mail server via plesk?

 

[Bitpalast]

Do you have some simple link how to harden mail server via plesk?

No.