• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Qmail Bounces

S

StvnT

New Pleskian
I'm having a hard time with some system bounces. Any help is deeply appreciated.

An email account was recently compromised and was sending spam in bulk. We found the issue and account after a few hours and got it resolved. The queue (80,000+) has been cleared and things seem to be back to normal. However, the Plesk administrator email (lets call it legitimate-sender@domain.com) is getting strange bounces from unrelated emails for legitimate email. For example, in the bounce message below, a conversation between legitimate-sender@domain.com and legitimate-recipient@domain.com invokes a bounce from unrelated-recipient@hotmail.com who is not a part of the conversation at all and is not refereced in as a recipient in the original message at all. The message delivers to the recipeint without issue but the sender is getting this bounce back... The sample below is a actual bounce, I've just anonymized the email addresses.

It seems like qmail (?) is mixing bounce messages with legitimate email but that doesn't make sense. Is there anyone who can help shed some light on what's going on here?

From: MAILER-DAEMON@domain.com
Date: October 31, 2013 9:33:11 AM PDT
To: legitimate-sender@domain.com
Subject: failure notice
received: (qmail 5582 invoked for bounce); 31 Oct 2013 11:33:11 -0500

Hi. This is the qmail-send program at domain.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<unrelated-recipient@hotmail.com>:
65.54.188.72 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.54.188.72.

--- Below this line is a copy of the message.

Return-Path: <legitimate-sender@domain.com>
Received: (qmail 5576 invoked from network); 31 Oct 2013 11:33:10 -0500
Received: from legitimate-sender
by 192.168.100.240 with SMTP; 31 Oct 2013 11:33:10 -0500
From: "Legitimate Sender" <legitimate-sender@domain.com>
Content-Type: multipart/mixed; boundary=Apple-Mail-24--944421204
Subject: Subject
Date: Thu, 31 Oct 2013 09:33:08 -0700
Message-Id: <9921D2EB-987E-4772-BB2D-E66EDB078997@domain.com>
To: Recipient <legitimate-recipient@domain.com>
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)

Legitimate message.
Click to expand...
 
Anyone?

It looks like the issue isn't limited to just the Plesk administrator email. All emails on the server are susceptible to randomly getting a bounce back with bogus bounce information.
 
Hello. The EXACT same thing happened to us recently. One email account was compromised and sending out bulk messages. We quickly caught it, fixed it, and cleared the queue. A few days later we got some of these bogus bounce messages on legitimate emails being sent out from the server.

Did you ever figure this one out? Or did the bogus bounces just go away after a while?

My biggest concern, obviously, is that these bounce messages aren't actually bogus after-all and that copies of legitimate email messages are actually being sent out to other email addresses.
 
Found a few other threads referencing the same problem:

http://forum.parallels.com/showthre...ot-from-an-email-address-they-did-not-send-to
http://forum.parallels.com/pda/index.php/t-79505.html
http://forum.parallels.com/showthread.php?59079-Multiple-Email
http://forum.parallels.com/showthre...nced-mails-from-recipients-they-never-sent-to

The problem seems to have stopped (no reports lately), and server looks fine and uncompromised, so I'm chalking it up to temporary queue confusion from when I cleared out the queue before.
 
You must log in or register to reply here.

Similar threads

enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
207
enerspace
enerspace
mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
692
mapodec
mapodec
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
989
EnriqueR
EnriqueR
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
4K
rkbonatto
rkbonatto
F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
3K
fvrk4n
F
Back
Top