Sorry your browser is not supported!

If I receive a bounced message from domain A, claiming that a message was underliverable to domain B, does that mean that someone is using domain A's mail server to try and deliver to domain B. Naturally, my domain is neither domain A nor domain B - I'm just in the return path.

Or does it just mean someone on the forum has a virus?

I've been getting bounced emails now, from the same failed delivery address, from the same server, for months now. And this morning I snapped.

If it's an open relay issue, then I'm going to explain to domain A that their mail server has been compromised and for the love of god they need to sort it. If it's nothing to do with domain A's mail server specifically, I'll come up with something else like change my email address (again).

UNIX commands ok, find the windows variants if you have to.

find the ip of the mail server with an nslookup

type nslookup
then type the domain name

then type set type=ANY
then feed in the domain
look for the mail ip address.

do a stealth port scan on that machine using nmap.
if you see a plethora of open ports theres a good chance its infected.
if you see a port like 65301/tcp open pcanywhere its a good chance that machines been compromised. port 25 as you prolly know is usually the mail server.

or

whois the domain and speak to the admin or the person who set up the server.
9 times out of ten they will be glad to work with you to block a few ports and stop nonsense attacks.

A lot of information can be found in the mail headers, have a squizz at the ones you dont like.

If there is a compromised server sending out bundles of spam, it should get on some blacklists (like Spamhaus) very quickly. You can also use the great tools at http://www.dnsstuff.com/ to try and trace the source of the message.

Open relays are a right pain in the butt. Even our mail server got compromised a couple of times because someone found out the password of one of our clients pop3 accounts (they chose a really silly password). Once someone has a working username and password of a pop3 account, they flood the server with spam and the server quite happily sends it all out! Luckily we have changed mail server now to one with all sorts of ip limitting, tarpitting, size limiting, etc. I keep a good eye on the log files aswell. It's amazing how busy a mail server is, even though it looks like only a few emails go through it.

There does seem to be a lot of spam going around at the moment though, specially like the ones you say, where you get lots of delivery failure messages, because spammer has put your address as sender and the intended target's mail server has correctly refused the email as spam.

I'm getting around 150+ undeliverable's a day. It's not from my server, it's my domains that are being used as the sender.