Delivery failures from unsent messages.
Question asked by Kenneth Horne - 11/6/2014 at 9:30 AM
We have been receiving delivery failures for unsent messages over the past few days.  The email user in question doesn't have any sent messages that match the failure.  I changed the user's password and ran malware scans on the user's machine and the mail server, and everything came up clean.  Not sure where this is coming from, hope someone can give me some ideas.  The message text is listed below (IPs and domains are blocked out):
-----Original Message-----
From: System Administrator [mailto:System Administrator]
Sent: Thursday, November 06, 2014 9:27 AM
Subject: Delivery Failure
Could not deliver message to the following recipient(s):
Reason: Remote host said: 550 5.1.1 address failed
   -- The header and top 20 lines of the message follows --
Received: from ************.cpe.cableone.net [***.***.***.***] by
mail.*****.com with SMTP;
   Thu, 6 Nov 2014 09:26:28 -0600
From: "Jeanni Rose" <jeanni@***********.com>
Subject: Not read: Your payment request has been received
Date: Thu, 6 Nov 2014 09:26:26 -0600
Message-ID: <000c01cff9d6$08b91aa0$1a2b4fe0$@com>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Act6BZopr0Fqq+zkQkOeRydsiSLBuYj/nul2
X-MS-TNEF-Correlator: 00000000B005F2511BA67346823B7E2C5D99A7EFC4DE2B00

7 Replies

Reply to Thread
Steve Reid Replied
I believe you are being Joe-Jobbed
Kenneth Horne Replied
I'm sorry, what is "Joe-Jobbed"?

Edit: Scratch that. Googled it. What can I do to clean this up or prevent it from happening any more? Also, in the message header, it shows as being sent from our IP address.
Bruce Barnes Replied
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Steve Reid Replied
Then you must be an open relay... ensure you have relay set to nobody in smartermail
Kenneth Horne Replied
I reviewed the SMTP logs for the emails in question.  I also found several other read receipts that are being sent at the same time as the one listed above.  These receipts are from older messages (2 weeks - several months ago).  One of the users in our office has reported to me that she has been receiving an abundance of read receipts from old messages.  After some investigating, I found that all of our accounts were re-sending old receipts again and again.  We are using Outlook 2007, and I followed the instructions here (http://www.howto-outlook.com/howto/deletereadreceipt.htm) to clear out the "stuck" receipts.  Unfortunately, this did not resolve the issue.  
On a side note, we also lost IMAP folder access last week and this seems to coincide with the read receipt problem.  In order to fix the folder issue, we had to uncheck "When displaying hierarchy in Outlook, show only subscribed folders". That fixed everyone except for one user, who we switched over to Thunderbird.  This is when the read receipts started popping up.  
So, not sure if this is a Smartermail problem, or Outlook, or both.  Seriously considering changing everyone over to Thunderbird anyway.
Kenneth Horne Replied
How do I change that in Smartermail v4? I have looked all over for it :-( Also, will changing this setting affect anything we normally do? I don't want to kill the email for the whole office!
Steve Reid Replied
Who knows anything still about version 4? Consider upgrading...

Reply to Thread