Hi,
not 100% sure, as you don't give enough info (especially, *who exactly
is receieving these mails, and what's your real domain), but it really
looks as if someone has hacked one of your user accounts and is relaying
through your GWIA via authentication.
TFe wrote:
>
> Hi,
>
> since one week or so, we get lots of "Message Status - Undeliverable"
> Mails from the dom-cl.gwia.gateway (sometimes 20 in 15 minutes)
>
> We are also using GWAVA 4.5 on Linux
>
> The mail body is always something like this:
> The attached file had the following undeliverable recipient(s):
>
> Information about your message:
> Message log tag: 477169
> Number of send attempts: 5
> Time of initial send attempt: 10-10-09 06:27:53
> Time of last send attempt: 10-10-09 11:21:24
> Transcript of session follows:
> Command: MAIL FROM:<_evzvlsz@hfuihmj.com_>
> response: 451 <_evzvlsz@hfuihmj.com_>... sender domain must exist
> received: from pikvjxn.com ([119.121.55.37])
> by mail.campuslan.de with esmtp; sat, 10 oct 2009 06:27:03 +0200
> message-id:
> <bd1d5b1204bb47d89b6b6b2206a38f52@e7bb980ef54e41f5 b24cc883132114fa>
> date: tue, 19 jan 2038 03:14:07 gmt
> mime-version: 1.0
> x-priority: 3
> from: =?utf-8?b?ioaok+mbk+ajk+mhjuaisczmnidlvozpoy/lsiqgdmtryxhh?=
> <_evzvlsz@hfuihmj.com_>
> to: _seq@yahoo.com.tw_
> subject: =?big5?b?rlehrzmxmdugtkrv?=
> x-mailer: foxmail 6, 5, 139, 81 [es]
> content-type: multipart/alternative;
> boundary=\"=====003_dragon1e29fb074e9648df8737e99e 6bb39804_=====\"
> --=====003_dragon1e29fb074e9648df8737e99e6bb39804_== ===
> content-type: text/plain;
> charset=\"big5\"
> content-transfer-encoding: 8bit
>
> --=====003_dragon1e29fb074e9648df8737e99e6bb39804_== ===
> content-type: text/html;
> charset=\"big5\"
> content-transfer-encoding: 8bit
> <div style=\"width:250px; height:50px; background-color:white;
> z-index:10; position:absolute; top:0px;\"></div>
> <html>
> <body>
> <br><br><font color=white>ugbvx dtlbi ldwpbs xvuhm bqfgcz xyiobyz npoa
> zwldzkl eihza ojpl jspv ergkrq ekopvzh prezezn uoyv gkti pcyi</font>
> <br><font color=white>nopeehb vvttb paujp pmzwhal jvyland rxjrh eirdgxq
> mdpgwn anwlel akikozi ugtawfk dzve flpow</font><br>
> <font color=white>fokeyqj tdouoph cquv vihv iylukoz wnsb yslhub dfzkdpl
> hnqae yhfm knbc aiwmni symvky xaoxi qlsy rvdq qhopntd</font><br>
> <font color=white>dtrugge gwjix tnewfuq nhjiivl nnooue fnshp tcvtyb
> cmryo chtn xvmylx gpvxhl tlfo fqfadn</font><br></font><br>
> <p><font size=803><strong><font
> color=\"#e157e1\">業界xt度ٰ 0;快a~̦na售服最佳a&# x50f9;最u惠,站絕&#x 6feb;竽充數~下列}&#x 9032;入<br>
> <a
> _href=\\\"http://mqkknauelgm.909846.cn#@.yymekufu.com\\\"_\">࣎ a;超gㄉ少女雙乳 ;y濕;
> <font
> color=white>lehkrbn</font></a><br><br>
> <br><font
> color=black>`類最齊、T c1;質最~~館促p&# x7e;~由下列網}i入<br ><a
>
> this mails are always to our \\"info\\" account, not to
> individual user mailboxes.
> interesting: the mail from in the body is always: evzvlsz@hfuihmj.com
> of course, thats a non existing domain...
>
> relaying is not enabled
> GWAVA 4.5 does not answer senders if mail is quarantined
>
> Any ideas ????
> thanks
> TFe
>
> --
> TFe
> ------------------------------------------------------------------------
> TFe's Profile: http://forums.novell.com/members/tfe.html
> View this thread: GATEWAY errors: Message Status - Undeliverable
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
Re: GATEWAY errors: Message Status - Undeliverable
Threaded Mode
