Since we've moved our main domain to Scalix, I have been watching the postmaster address for anything that could point out configuration problems. postmaster is filled with emails such as :
Code: Select all
Date: Sat, 1 Apr 2006 00:40:55 +0300
From: Mail Delivery Subsystem <MAILER-DAEMON@avalon.am-ul.com>
To: <sales[at]am-ul[dot]com>
To: postmaster[at]avalon.am-ul.com
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.4K --]
The original message was received at Sat, 1 Apr 2006 00:40:50 +0300
from localhost.localdomain [127.0.0.1]
----- The following addresses had permanent fatal errors -----
<sales[at]am-ul[dot]com>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 mail.am-ul.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
[-- Attachment #2 --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --]
Original-Envelope-Id: j07QU9.squirrel@209.87.161.1
Reporting-MTA: dns; avalon.am-ul.com
Received-From-MTA: DNS; localhost.localdomain
Arrival-Date: Sat, 1 Apr 2006 00:40:50 +0300
Final-Recipient: RFC822; sales@am-ul.com
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Sat, 1 Apr 2006 00:40:55 +0300
[-- Attachment #3 --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 4.1K --]
Date: Fri, 31 Mar 2006 21:37:13 +0000
From: "Esteban" <sales[at]am-ul[dot]com>
To: <sales[at]am-ul[dot]com>
Subject: [SPAM] Graphic design from logos to websites
X-Priority: 3
x-scalix-Hops: 1
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
X-Spam-Flag: YES
[ ... rest of email ... ]
This is spam, as we have no such (sales) address here. The line that concerns me is this:
553 5.3.5 mail.am-ul.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
I have a local DNS setup, and here are the results of a lookup:
Code: Select all
[root@avalon ~]# dig am-ul.com mx
am-ul.com. 38400 IN MX 10 mail.am-ul.com.
;; AUTHORITY SECTION:
am-ul.com. 38400 IN NS dns3.kuwaitnet.net.
am-ul.com. 38400 IN NS phoenix.am-ul.com.
am-ul.com. 38400 IN NS dns1.kuwaitnet.net.
am-ul.com. 38400 IN NS dns2.kuwaitnet.net.
;; ADDITIONAL SECTION:
mail.am-ul.com. 38400 IN A 192.168.1.12
This is the local IP of avalon.am-ul.com and mail.am-ul.com -- from an external machine, if you query the MX record, it will point to mail.am-ul.com which points to our public IP address. There is also a public record of avalon.am-ul.com pointing to the same public IP address.
Now my question is that is this just a "normal" result of spam, or is there actually something wrong with the DNS?