Delivery failures from unsent messages.

Question asked by Kenneth Horne - 11/6/2014 at 9:30 AM

Unanswered

We have been receiving delivery failures for unsent messages over the past few days. The email user in question doesn't have any sent messages that match the failure. I changed the user's password and ran malware scans on the user's machine and the mail server, and everything came up clean. Not sure where this is coming from, hope someone can give me some ideas. The message text is listed below (IPs and domains are blocked out):

-----Original Message-----

From: System Administrator [mailto:System Administrator]

Sent: Thursday, November 06, 2014 9:27 AM

To: jeanni@*********.com

Subject: Delivery Failure

Could not deliver message to the following recipient(s):

Failed Recipient: gersf5302rcpt@gersf5302.emessenger-fd.com

Reason: Remote host said: 550 5.1.1 address failed

-- The header and top 20 lines of the message follows --

Received: from ************.cpe.cableone.net [***.***.***.***] by

mail.*****.com with SMTP;

Thu, 6 Nov 2014 09:26:28 -0600

From: "Jeanni Rose" <jeanni@***********.com>

To: <gersf5302rcpt@gersf5302.emessenger-fd.com>

Subject: Not read: Your payment request has been received

Date: Thu, 6 Nov 2014 09:26:26 -0600

Message-ID: <000c01cff9d6$08b91aa0$1a2b4fe0$@com>

MIME-Version: 1.0

Content-Type: application/ms-tnef;

name="winmail.dat"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

filename="winmail.dat"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Act6BZopr0Fqq+zkQkOeRydsiSLBuYj/nul2

X-MS-TNEF-Correlator: 00000000B005F2511BA67346823B7E2C5D99A7EFC4DE2B00

eJ8+IhwPAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J

UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABCQjBDQjAyQThDODVBQzQxOUYzQUU3RTZBRURFNUZF

NgCcBwEDkAYAiAIAABgAAAALACkAAAAAAEAAMgAgwBAP1fnPAR4ASQABAAAAJwAAAFlvdXIgcGF5

bWVudCByZXF1ZXN0IGhhcyBiZWVuIHJlY2VpdmVkAAACAUwAAQAAAGIAAAAAAAAAgSsfpL6jEBmd

bgDdAQ9UAgAAAYBHAEUALgBNAG8AbgBlAHkAQABnAGUALgBjAG8AbQAAAFMATQBUAFAAAABHAEUA

LgBNAG8AbgBlAHkAQABnAGUALgBjAG8AbQAAAAAAHgBNAAEAAAAQAAAAR0UuTW9uZXlAZ2UuY29t

AEAATgCA6PeYBXrLAUAAVQCAFSmaBXrLAR4AcAABAAAAJwAAAFlvdXIgcGF5bWVudCByZXF1ZXN0

IGhhcyBiZWVuIHJlY2VpdmVkAAACAXEAAQAAABsAAAABy3oFmimvQWqr7ORCQ55HJ2yJIsG5iP+e

6XYAHgByAAEAAAABAAAAAAAAAB4AcwABAAAAAQAAAAAAAAAeAHQAAQAAABwAAABqZWFubmlAcGFz

c3BvcnQtYW1lcmljYS5jb20ACwAIDAAAAAALAAEOAQAAAAMAFA4BAAAAHgABEAEAAAAZAAAATWVz

c2FnZSB3YXMgbm90IHJlYWQgYnk6AAAAAAsAHw4BAAAAAgH4DwEAAAAQAAAAsAXyURumc0aCO34s

XZmn7wIB+g8BAAAAEAAAALAF8lEbpnNGgjt+LF2Zp+8DAP4PBQAAAAMADTT9P6UGAwAPNP0/pQYC

ARQ0AQAAABAAAABOSVRB+b+4AQCqADfZbgAAAgF/AAEAAAAxAAAAMDAwMDAwMDBCMDA1RjI1MTFC

QTY3MzQ2ODIzQjdFMkM1RDk5QTdFRkM0REUyQjAwAAAAAECO

7 Replies

Reply to Thread

Steve Reid Replied

11/6/2014 at 9:32 AM

I believe you are being Joe-Jobbed

Kenneth Horne Replied

11/6/2014 at 10:28 AM

I'm sorry, what is "Joe-Jobbed"?

Edit: Scratch that. Googled it. What can I do to clean this up or prevent it from happening any more? Also, in the message header, it shows as being sent from our IP address.

Bruce Barnes Replied

11/6/2014 at 11:00 AM

http://en.wikipedia.org/wiki/Joe_job

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Steve Reid Replied

11/6/2014 at 11:09 AM

Then you must be an open relay... ensure you have relay set to nobody in smartermail

Kenneth Horne Replied

11/6/2014 at 3:57 PM

Update:

I reviewed the SMTP logs for the emails in question. I also found several other read receipts that are being sent at the same time as the one listed above. These receipts are from older messages (2 weeks - several months ago). One of the users in our office has reported to me that she has been receiving an abundance of read receipts from old messages. After some investigating, I found that all of our accounts were re-sending old receipts again and again. We are using Outlook 2007, and I followed the instructions here (http://www.howto-outlook.com/howto/deletereadreceipt.htm) to clear out the "stuck" receipts. Unfortunately, this did not resolve the issue.

On a side note, we also lost IMAP folder access last week and this seems to coincide with the read receipt problem. In order to fix the folder issue, we had to uncheck "When displaying hierarchy in Outlook, show only subscribed folders". That fixed everyone except for one user, who we switched over to Thunderbird. This is when the read receipts started popping up.

So, not sure if this is a Smartermail problem, or Outlook, or both. Seriously considering changing everyone over to Thunderbird anyway.

Kenneth Horne Replied

11/6/2014 at 4:01 PM

How do I change that in Smartermail v4? I have looked all over for it :-( Also, will changing this setting affect anything we normally do? I don't want to kill the email for the whole office!

Steve Reid Replied

11/7/2014 at 6:28 AM

Who knows anything still about version 4? Consider upgrading...

Back to Community Threads

Please leave this box unchecked

7 Replies

Reply to Thread

Tags

Related Knowledge Base Articles