There seems to be an endless supply of messages in the Qmail maillog for a single address. Can anyone shed some light on why this might be and whether it is a problem? To me it looks like either spam or some sort of unhandled problem. It strikes me as unusual that the 'from=' field is blank. This is on a VPS using Plesk in case that's important.
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23593]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23586]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23586]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23585]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23585]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23584]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23584]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23583]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23583]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23600]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23600]: to=cielofidelidade@cartoes.com
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23599]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23599]: to=cielofidelidade@cartoes.com
EDIT
Here's a sample of one of the emails:
Received: (qmail 5603 invoked for bounce); 29 Jun 2011 07:46:31 +0100
Date: 29 Jun 2011 07:46:31 +0100
From: MAILER-DAEMON@vps-1001108-595.cp.something.com
To: cielofidelidade@cartoes.com
Subject: failure notice
Hi. This is the qmail-send program at vps-1001108-595.cp.something.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<etspetroni@zipmail.com.br>:
200.147.36.13 does not like recipient.
Remote host said: 450 4.7.1 Client host rejected: cannot find your hostname, [XX.XXX.XXX.XXX]
Giving up on 200.147.36.13.
I'm not going to try again; this message has been in the queue too long.
--- Below this line is a copy of the message.
Return-Path: <cielofidelidade@cartoes.com>
Received: (qmail 15585 invoked by uid 48); 22 Jun 2011 07:38:26 +0100
Date: 22 Jun 2011 07:38:26 +0100
Message-ID: <20110622063826.15583.qmail@vps-1001108-595.cp.something.com>
To: etspetroni@zipmail.com.br
Subject: Cadastre-se e Concorra ? um Carro!
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: Cielo Fidelidade <cielofidelidade@cartoes.com>
<!DOCTYPE HTML>
<html>
... <body text removed>
<html>
If I understand this correctly, this is saying that an email sent by my server, from address cielofidelidade@cartoes.com, could not be delivered. However, cielofidelidade@cartoes.com is not a valid email address on my server, so how can email be sent from this address on my server? I have tested whether my server is acting as an open relay, and it isn't. So how else could this be happening? I am getting thousands of these every day. What can I do to prevent it?
Best Answer
In addition to what Flimzy has already pointed out as likely NDRs, this situation may be indicative of an ongoing backscatter attack/outbreak taking place.