Results 1 to 2 of 2

Thread: e-mail in deferred - NDR Spam? If not, what is it / why is it?

  1. #1
    Join Date
    Jun 2011
    Sin City
    Rep Power

    Default e-mail in deferred - NDR Spam? If not, what is it / why is it?

    I found an e-mail in the deferred queue

    ran the command "mailq" as user zimbra and got the following

    [zimbra@mail ~]$ mailq
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    2CF566D58289     7050 Wed Sep  7 06:17:47  MAILER-DAEMON
    (host[] refused to talk to me: 554 IP= - A problem occurred. (Ask your postmaster for help or to contact to clarify.) (BL))
    Ran the following command(s) as root, and got the following:
    (changed pertinent info regarding our domain)

    [root@mail log]# /opt/zimbra/postfix/sbin/postcat /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289
    *** ENVELOPE RECORDS /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
    message_size:            7050             243               1               0            7050
    message_arrival_time: Wed Sep  7 06:17:47 2011
    create_time: Wed Sep  7 06:17:47 2011
    named_attribute: log_message_origin=local
    named_attribute: trace_flags=0
    *** MESSAGE CONTENTS /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
    Received: by (Postfix)
    	id 2CF566D58289; Wed,  7 Sep 2011 06:17:47 -0700 (PDT)
    Date: Wed,  7 Sep 2011 06:17:47 -0700 (PDT)
    From: (Mail Delivery System)
    Subject: Undelivered Mail Returned to Sender
    Auto-Submitted: auto-replied
    MIME-Version: 1.0
    Content-Type: multipart/report; report-type=delivery-status;
    Content-Transfer-Encoding: 7bit
    Message-Id: <>
    This is a MIME-encapsulated message.
    Content-Description: Notification
    Content-Type: text/plain; charset=us-ascii
    This is the mail system at host
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    For further assistance, please send mail to postmaster.
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
                       The mail system
    Content-Description: Delivery report
    Content-Type: message/delivery-status
    Reporting-MTA: dns;
    X-Postfix-Queue-ID: EDCDC6D58288
    X-Postfix-Sender: rfc822;
    Arrival-Date: Wed,  7 Sep 2011 06:17:46 -0700 (PDT)
    Final-Recipient: rfc822;
    Original-Recipient: rfc822;
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix;
    Content-Description: Undelivered Message
    Content-Type: message/rfc822
    Content-Transfer-Encoding: 7bit
    Return-Path: <>
    Received: from localhost (localhost.localdomain [])
    	by (Postfix) with ESMTP id EDCDC6D58288
    	for <>; Wed,  7 Sep 2011 06:17:46 -0700 (PDT)
    X-Virus-Scanned: amavisd-new at
    X-Spam-Flag: YES
    X-Spam-Score: 13.462
    X-Spam-Level: *************
    X-Spam-Status: Yes, score=13.462 tagged_above=-10 required=6.6
    	tests=[BAYES_99=3.5, DECEASED_NO_ML=0.001, FILL_THIS_FORM=0.001,
    	FSL_CTYPE_WIN1251=3.4, LOTS_OF_MONEY=0.001, MONEY_FORM=0.001,
    	UNPARSEABLE_RELAY=0.001] autolearn=no
    Received: from ([])
    	by localhost ( []) (amavisd-new, port 10024)
    	with ESMTP id ax9Rd866kVZz for <>;
    	Wed,  7 Sep 2011 06:17:45 -0700 (PDT)
    Received: from ( [])
    	by (Postfix) with ESMTP id 7A8CB6D58287
    	for <>; Wed,  7 Sep 2011 06:17:44 -0700 (PDT)
    Received: from ( )
    	by with smtp 
    	id 1R1HDH-0006ZT-Bc; Wed, 07 Sep 2011 14:26:43 +0200
    Received: from User (Vg-mGcZcwtMT811ODdwiRLDsAim3XLe+yNwX85aNv8ed8CLISrr3Ac2b7kgVigzQWeogTewH5P@[]) by
    	with esmtp id 1R1Gzl-1JlZei0; Wed, 7 Sep 2011 14:12:45 +0200
    Reply-To: <>
    From: "Deborah Hutchinson" <>
    Subject: --SPAM--GREETINGS
    Date: Wed, 7 Sep 2011 08:11:27 -0400
    MIME-Version: 1.0
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    Message-ID: <>
    X-WatchGuard-IPS: message checked
    X-WatchGuard-Spam-ID: str=0001.0A0B0209.4E676ED3.0048,ss=1,fgs=0
    X-WatchGuard-Spam-Score: 0, clean; 0, no virus
    X-WatchGuard-AntiVirus: part scanned. clean action=allow
    To: undisclosed-recipients:;
    Greetings in the name of the lord,
    <I deleted remainder of message for posting here>
    *** HEADER EXTRACTED /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
    *** MESSAGE FILE END /opt/zimbra/data/postfix/spool/deferred/2/2CF566D58289 ***
    [root@mail log]#
    the user "" and "" do not exist. is an alias to

    a Watchguard firewall/ips/antispam/antivirus applicance sits upstream
    of the mail server / LAN

    So, this is NDR spam, correct? If not, what exactly is it?

    What steps / actions / methods can I take to keep this from happening?

    Again - fairly new to the world of *nix and Zimbra.
    Detailed explanations of how to proceed would be most appreciated.

    thank you very much
    Release 7.1.1_GA_3196.RHEL5_64_20110527011124 CentOS5_64 FOSS edition

  2. #2
    Join Date
    Jun 2011
    Sin City
    Rep Power

    Default setting

    POSTCONF smtpd_reject_unlisted_recipient            yes
    Release 7.1.1_GA_3196.RHEL5_64_20110527011124 CentOS5_64 FOSS edition

Similar Threads

  1. Replies: 8
    Last Post: 04-10-2011, 09:14 AM
  2. Replies: 7
    Last Post: 02-03-2011, 06:01 AM
  3. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 06:44 PM
  4. Problem with Postfix and MTA
    By ZMilton in forum Administrators
    Replies: 16
    Last Post: 04-16-2008, 06:47 AM
  5. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts