Hi Sean!
Nope.. expressresponse.com was never allowed to relay through our server. I have the server set that you can only relay if you've actually picked up email on the server and I have a tight control over those folks. I checked the list for any members from expressresponse.com and there weren't any.
I did a check for zubscribed on the list but didn't find any. (I also check other variations of that used in any way in any email addy.. nothing)
The user had a LOT of bounce messages every day due to the nature of the list. A lot of free accounts and such bounce on a regular basis. She took off about 1500 email addresses from any bounce message she'd received.
Any other ideas? I'm open to all.
We've done a send of the email list and so far so good. The security fixes, although they don't address whatever happened, are bouncing anything that looks like the offending message. I'd still like to figure out what happened if nothing more then for my own knowledge so that I'll be better able to troubleshoot this type of thing in the future.
Thanks!
Sharon
*********** REPLY SEPARATOR ***********
On 1/19/01, at 12:37 PM, Sean Porterfield wrote:
>Sorry, I didn't realize that the message was not supposed to have come
>through the expressresponse.com server. Is there a user from the domain
>zubscribed to your list? Maybe it's a poorly configured server bouncing
>an error message back (or attempting to at any rate.)
>
>Were you previously allowing relay from expressresponse.com? Just
>curious, since your server does not seem to allow relaying (which is as
>it should be.)
>
>HTH
>Sean
>
>"Sharon F." wrote:
>>
>> Hi Sean!
>>
>> All other mail functions on this server seem to be operating just fine. One thing I noticed last night was that the headers have different information then is normally sent. The normal header reads:
>>
>> Received: (from familyc@localhost)
>> by family-connection.net (8.9.3/8.9.3) id VAA02739
>> for a37081909; Thu, 18 Jan 2001 21:08:41 -0500 (EST)
>> Received: (from familyc@localhost)
>> by family-connection.net (8.9.3/8.9.3) id UAA28463
>> for a65234375; Thu, 18 Jan 2001 20:50:23 -0500 (EST)
>> Received: (from familyc@localhost)
>> by family-connection.net (8.9.3/8.9.3) id UAA28457;
>> Thu, 18 Jan 2001 20:50:22 -0500 (EST)
>> Date: Thu, 18 Jan 2001 20:50:22 -0500 (EST)
>> Message-Id: <200101190150.UAA28457@family-connection.net>
>> To: Ezine Subscribers <ezine@online-exchange.com>
>> From: The Online Exchange <ezinemanager@online-exchange.com>
>> Subject: OE Exclusive--REVOLUTIONARY HEALTHCARE PROGRAM.
>> Sender: ezinemanager@online-exchange.com
>> Precedence: bulk
>> Reply-To: ezinebounce@online-exchange.com
>> X-UIDL: 39e7a9e9c867e7cc5a3860260524eca1
>>
>> *****
>>
>> You'll notice that the message ID's are different on this header then the one that came to the list with flag09 in the subject and the ERSID in the body of the message. Something is up.. I'm just not sure what it is.
>>
>> The "received from" (Received: from expressresponse.com ([38.144.193.132])
>> is a system that has no relation to this list, this server, or to the owner of the list who is the only one allowed to send email to the list (I use restrict-post for this). The posts are made via a web interface so the headers should be uniform for all posts.
>>
>> I've put various security items in place including putting ERSID as forbidden content for the body of the post in the online-exchange majordomo config file. I've denied relay from expressresponse.com.
>>
>> We're opening the list back up but I'd still like to find out what this is.
>>
>> Thanks!
>> Sharon
>>
>> *********** REPLY SEPARATOR ***********
>>
>> On 1/19/01, at 11:03 AM, Sean Porterfield wrote:
>>
>> >This may not be much help, but that ERSID line looks like a UNIX
>> >timestamp. 979796214 is 2001-01-18 00:36:54 UTC (which is apparently
>> >around the time the message was sent. Although I don't think all the
>> >clocks of these systems are in sync!)
>> >
>> >I don't know what the 21709.1 is, although the 21709 may be a PID of the
>> >job on whatever server added that line.
>> >
>> >Have you tried relaying other messages through these servers to see if
>> >you get the same result?
>> >
>> >"Sharon F." wrote:
>> >>
>> >> Twice this has happened when our list was sent out. The first message goes through fine then this message comes through. Once it didn't have anything but "ERSID: 979796214.21709.1" (no quotes) in the message. This time it had the message from the mailing that went out last night. Quick help would be appreciated (I know the list is slow to post so please CC my email address at amazon@one.net). We've had two more mailings since then. I'd like to not see this thing start again.
>> >>
>> >> Thanks!
>> >>
>> >> Received: from [216.122.160.133] ([216.122.160.133] EHLO family-connection.net ident: IDENT-NOT-QUERIED [port 37620]) by mail2.one.net with ESMTP id <136554-922>; Thu, 18 Jan 2001 21:27:18 -0500
>> >> Received: by family-connection.net (8.9.3/8.9.3) id TAA17665
>> >> for a11474609; Thu, 18 Jan 2001 19:48:29 -0500 (EST)
>> >> Received: by family-connection.net (8.9.3/8.9.3) id TAA17659
>> >> for a65234375; Thu, 18 Jan 2001 19:48:28 -0500 (EST)
>> >> From: Ezine List Manager <ezinemanager@online-exchange.com>
>> >> Received: from expressresponse.com ([38.144.193.132])
>> >> by family-connection.net (8.9.3/8.9.3) with SMTP id TAA17636
>> >> for <ezine@online-exchange.com>; Thu, 18 Jan 2001 19:48:26 -0500 (EST)
>> >> Received: (qmail 12708 invoked by uid 60001); 19 Jan 2001 00:49:57 -0000
>> >> Message-ID: <20010119004957.12706.qmail@expressresponse.com>
>> >> To: ezine@online-exchange.com
>> >> Subject: flag09
>> >> Sender: ezinemanager@online-exchange.com
>> >> Precedence: bulk
>> >> Reply-To: ezinebounce@online-exchange.com
>> >> Date: Thu, 18 Jan 2001 21:27:06 -0500
>> >>
>> >> ERSID: 979796214.21709.1
>> >>
>> >> -- An Apology from the OnLine Exchange
>> >> Dear Faithful Subscribers,
>> >>
>> >> First, we would like to thank all of you who emailed
>> >> us regarding the email problems today.
>> >> We certainly value your concern.
>> >>
>> >> We would also like to apologize to everyone for the
>> >>
>> >> duplicate ezine today, and also for that weird
>> >> coded message you received. Please be aware
>> >> that this had nothing to do with us sending out
>> >> double ezines. We were experiencing some
>> >> technical difficulties with the listserver. Our technical
>> >>
>> >> team is currently working out the kinks.
>> >>
>> >> Thank you for your patience and understanding.
>> >> We are confident the situation is under control.
>> >> We just wanted you to be aware of the situation.
>> >>
>> >> Sincerely,
>> >>
>> >> Debbie Solomon & Sara Hardy
>> >> Owners of MarketingTrendz...
>> >>
>> >> Everything you need to build your business
>> >> http://www.marketingtrendz.com
>> >> mtrendz@cs.com
>> >>
>> >> ************************************
>> >> To unsubscribe from the list please go to http://www.online-exchange.com/ezine1unsub.html
References:
|
|
