[ale] OT -> Need help troubleshooting qmail

[Nathan J. Underwood]

Over the past 3 days, I've started getting a TON of 'failure notices' 
that report to have been originally destined for domains that I host. 
The server that these domains have in common is a RH9 machine running 
the 'Plesk' version of qmail 
(psa-qmail-rblsmtpd-0.70-rh9.build71041118.17 and 
psa-qmail-1.03-rh9.build71041124.11).  The messages that I'm receiving 
are 'bounced bounces', and I'm really not sure where to start.  I've 
captured 218 of them, but can't see any real similarities between them 
(source IP, originating address [most look like generated addresses]). 
All of the original messages appear to be SPAM.  I've verified that my 
server isn't relaying (telnet to the SMTP port, try to send mail to an 
outside domain from an outside domain, and that doesn't work [doesn't 
relay]).  I've enclosed a copy of one of the messages below.  Anyone got 
any ideas on 1) what could be causing this, or 2) what I may be able to 
do to stop it?

--== Message ==--

mailto:mallory at gocubs.org
Hi. This is the qmail-send program at <my server>.
I tried to deliver a bounce message to this address, but the bounce bounced!

<mallory at gocubs.org>:
216.200.145.51 does not like recipient.
Remote host said: 554 Recipient Rejected: Not accepting mail for this 
account : Account Inactive
Giving up on 216.200.145.51.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 1767 invoked for bounce); 15 Jan 2005 21:02:33 -0000
Date: 15 Jan 2005 21:02:33 -0000
From: MAILER-DAEMON@<my server>
To: mallory at gocubs.org
Subject: failure notice

Hi. This is the qmail-send program at <my server>.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<marino at swsltd.com>:
This address no longer accepts mail.

<ledbetter at swsltd.com>:
This address no longer accepts mail.

<robison at swsltd.com>:
This address no longer accepts mail.

<lacey at swsltd.com>:
This address no longer accepts mail.

<elmore at swsltd.com>:
This address no longer accepts mail.

<moyet at swsltd.com>:
This address no longer accepts mail.

<davila at swsltd.com>:
This address no longer accepts mail.

<godwin at swsltd.com>:
This address no longer accepts mail.

<winn at swsltd.com>:
This address no longer accepts mail.

--- Below this line is a copy of the message.

Return-Path: <mallory at gocubs.org>
Received: (qmail 1475 invoked from network); 15 Jan 2005 21:02:08 -0000
Received: from unknown (HELO gocubs.org) (222.65.83.32)
   by <my server> with SMTP; 15 Jan 2005 21:02:02 -0000
Message-ID: <95360181.37DC017 at gocubs.org>
Date: Sun, 16 Jan 2005 07:17:28 +1000
From: "clark needam" <mallory at gocubs.org>
User-Agent: Rodriquezmail v9.8
X-Accept-Language: en-us
MIME-Version: 1.0
To: "geraldo tijerina" <marino at swsltd.com>
Subject:   just come and see the valuable tips and detailed information 
clare
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

durgunoglu  dbolskicg
curpos  deficit-reduction

createclients  draculas  fltgetnum a3 esensitivity  cjschdgqf

express mailing supply. get the fr!eebie for your prescriipttion
bargains on meds for sexual health, Paain relief, an at xiety control,
anti-Depresion, obesity and more others.
confront the deal http://x.net.plantationcargo.com/?65q/rtytkcvhkx




who was doin' swelltill he started playing



Assure yourself this I'll doI will be true



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.12 - Release Date: 1/14/2005