Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
1.6k views
in Q2A Core by

Today I am getting returning emails that have weird subjects (obviously spam), stating that the mail was rejected as spam.

Checking the IP the server seems to be my hosted server. http://www.klaustukai.lt/ (q2a 1.6.3) - Or is it just the returning mail?

Since I only use q2a on this site, I wonder if spammers have found a way of how to abuse the mailing scripts (e.g. the feedback form).

Has anyone had this situation before? Did you find a solution?

 

Example Body of Returning Email:

Received: from [80.67.18.5] (helo=mx05.ispgateway.de)
    by atair.ispgateway.de with esmtp (Exim 4.68)
    id 1YXw27-0002W0-6E; Tue, 17 Mar 2015 19:16:03 +0100
Return-path: <>
X-Envelope-To: agpl@klaustukai.lt
Received: from [212.227.15.26] (helo=mout-bounce.web.de)
    by mx05.ispgateway.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.84)
    id 1YXw27-0004DV-1q
    for agpl@klaustukai.lt; Tue, 17 Mar 2015 19:16:03 +0100
Received: from mda by moweb001.server.lan id 0MVLws-1Z258O3pqo-00YmUX
    Tue, 17 Mar 2015 19:16:02 +0100
Date: Tue, 17 Mar 2015 19:16:02 +0100
From: <keineantwortadresse@web.de>
To: agpl@klaustukai.lt
Subject: Mail delivery failed: returning message to sender
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-UI-Out-Filterresults: unknown:0;
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamfilter18.ispgateway.de
X-Spam-Level:
X-Spam-Status: No, hits=-1.9 required=9999.0 tests=BAYES_20 autolearn=disabled
    version=3.3.1
X-Spam-CMAETAG: v=2.1 cv=TbAYtHgh c=1 sm=0 tr=0 a=IrfWlsxY9BMA:10
    a=IkcTkHD0fZMA:10 a=emO1SXQWCLwA:10 a=pGLkceISAAAA:8
    a=T7oggLqKmhABh1HWmBQA:9 a=QEXdDO2ut3YA:10 a=jqkU2Be4inkA:10
    xcat=Undefined/Undefined
X-Spam-CMAECATEGORY: 0
X-Spam-CMAESUBCATEGORY: 0
X-Spam-CMAESCORE: 0
Message-Id: <E1YXw27-0002W5-7V@atair.ispgateway.de>
X-Antivirus: avast! (VPS 150317-0, 17.03.2015), Inbound message
X-Antivirus-Status: Clean

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

<claudius.preiss@gmail.com>

Reason:
delivery retry timeout exceeded


--- The header of the original message is following. ---

Received: from [212.227.15.17] ([212.227.15.17]) by mx-ha.web.de (mxweb006)
 with ESMTP (Nemesis) id 0MehfU-1YrcE90kRM-00OGt5; Tue, 17 Mar 2015 17:40:38
 +0100
Received: from bembrasil.pt ([77.234.124.16]) by mx-ha.web.de (mxweb006) with
 ESMTP (Nemesis) id 0MdsBp-1Yszfc0kJB-00Pdvm for <michael.messing@web.de>;
 Tue, 17 Mar 2015 17:40:37 +0100
Received: by %63.185.48.134; Tue, 17 Mar 2015 21:20:06 +0500
From: "Helena Schmitt" <agpl@klaustukai.lt>
Reply-To: "Helena Schmitt" <agpl@klaustukai.lt>
To: christian_stingl@web.de
Subject: Du hast eine wichtige VideoNachricht von Christian erhalten
Date: Tue, 17 Mar 2015 20:17:06 +0400
Content-Transfer-Encoding: 7Bit
Content-Type: text/html;

 

The address agpl@klaustukai.lt does not exist. Could it be that the spam bot only uses my domain (fake email) and then the mails return to my mail server?

 

Q2A version: 1.6.3

2 Answers

0 votes
by

Answer of my provider, which is not the direct answer to the question, but solves my problem (email translated by google translator): 

In this case, you can not do much, unfortunately. At any time you send a fake e-mail via an e-mail program such as Outlook itself. Also, something like automated generated by a server and the sender are fake. It's like a letter too. Here you can sender enter whatever you want and no one can stop it.
This procedure is also referred to as "JoeJob".

It has unfortunately no way to prevent this in such a case. However, you can rest easy because all correctly configured anti-spam mechanisms recognize this and know that it is a fake. For this reason, to most people's emails are probably rejected and not because it's content is spam.

From the first Recieved line of fellow envoys in the bounce message header of the original e-mail is among other things the IP address of the sending server.

"Received: by 63.185.48.134%; Tue, 17 Mar 2015 21:20:06 +0500"

by
I had the same issue, My web host has suspended my whole site twice now and  does not want me to use the script, there is clearly a problem, I did a fresh install of everything and had everything up working fine, the next day my site was suspended again, I really need to ge this fixed...
0 votes
by
I also observed issue with 1.6.3 version even after enabling recaptcha. I moved site to 1.7.4 and not getting any spam emails.
by
The recaptcha was upgraded in 1.7 so that's probably why. The old one has been beaten by spambots but the new one (so far) hasn't.
...