Sender address rejected: Domain not found
Robert Fitzpatrick
Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT from
mail.cypresspartners.com[72.242.211.227]: 450 4.1.8
<onlinebank...@onlinealert.bankofamerica.com>: Sender address
rejected: Domain not found;
from=<onlinebank...@onlinealert.bankofamerica.com>
to=<de...@plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com>
I assume these are legitimate rejects since the helo domain is
cypresspartners.com and I did not find an A record for that domain. Is
that correct?
Just want to confirm since I have a user not receiving an auto-email
from BOA. But not this user above.
Thanks, Robert
John Peach
Phishing scam:
** server can't find onlinealert.bankofamerica.com: NXDOMAIN
besides which, BoA is not likely to send anything through
cypresspartners.com.
>
> Thanks, Robert
--
John
Ralf Hildebrandt
> I am getting a lot of these for various domains...
>
> Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT
> from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8
> <onlinebank...@onlinealert.bankofamerica.com>: Sender address
> rejected: Domain not found;
> from=<onlinebank...@onlinealert.bankofamerica.com>
> to=<de...@plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com>
>
> I assume these are legitimate rejects since the helo domain is
> cypresspartners.com and I did not find an A record for that domain.
> Is that correct?
No.
$ host onlinealert.bankofamerica.com
Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN)
$ host -t mx onlinealert.bankofamerica.com
Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de
Matt Hayes
> I am getting a lot of these for various domains...
>
> Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT from
> mail.cypresspartners.com[72.242.211.227]: 450 4.1.8
> <onlinebank...@onlinealert.bankofamerica.com>: Sender address
> rejected: Domain not found;
> from=<onlinebank...@onlinealert.bankofamerica.com>
> to=<de...@plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com>
>
> I assume these are legitimate rejects since the helo domain is
> cypresspartners.com and I did not find an A record for that domain. Is
> that correct?
>
> from BOA. But not this user above.
>
Considering that 'mail.cypresspartners.com' isn't showing as an
authorized MX for bankofamerica.com, I'm assuming this is a spam attempt
that has failed.
It appears that mail.cypresspartners.com is a postfix server which
appears, to me at least, to be sending out spam.
-Matt
Ralf Hildebrandt
> It appears that mail.cypresspartners.com is a postfix server which
> appears, to me at least, to be sending out spam.
http://www.robtex.com/ip/72.242.211.227.html#blacklists
They should stick to trees, no servers.
Robert Fitzpatrick
> * Robert Fitzpatrick<li...@webtent.net>:
>> I am getting a lot of these for various domains...
>>
>> Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT
>> from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8
>> <onlinebank...@onlinealert.bankofamerica.com>: Sender address
>> rejected: Domain not found;
>> from=<onlinebank...@onlinealert.bankofamerica.com>
>> to=<de...@plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com>
>>
>> I assume these are legitimate rejects since the helo domain is
>> cypresspartners.com and I did not find an A record for that domain.
>> Is that correct?
>
>
> $ host onlinealert.bankofamerica.com
> Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN)
> $ host -t mx onlinealert.bankofamerica.com
> Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN)
>
Yes, about what I expected from that particular message. But my real
problem is a message being sent from BOA each morning and generating
this error...
Your message did not reach some or all of the intended recipients.
Subject: LCM Summary
Sent: 6/2/2010 10:18 AM
The following recipient(s) could not be reached:
rob...@webtent.com on 6/2/2010 10:19 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<crprdnbrd10.bankofamerica.com #5.7.1 smtp;550 5.7.1
sscri...@lcmgroup.com Not Authorized To Send Internet E-mail>
sscri...@lcmgroup.com receives this error message in the Exchange
mailbox each morning and I can find this message in our Postfix logs at
the gateway. But I cannot find any attempt previous. I can send these on
demand, so I did and just this message came through the gateway. What
can I take from this error message to help me track down why BOA is,
evidently, generating this message?
This is when we enter the recipient address in their alert system while
loged in as sscri...@lcmgroup.com. There is no SPF record for
lcmgroup.com. I'm assuming this has something to do with Exchange, but
why can I not see the original attempt to send the message in my gateway
logs?
Thanks for any help, Robert
Ralf Hildebrandt
> Your message did not reach some or all of the intended recipients.
>
> Subject: LCM Summary
> Sent: 6/2/2010 10:18 AM
>
> The following recipient(s) could not be reached:
>
> rob...@webtent.com on 6/2/2010 10:19 AM
> You do not have permission to send to this recipient. For
> assistance, contact your system administrator.
> <crprdnbrd10.bankofamerica.com #5.7.1 smtp;550 5.7.1
> sscri...@lcmgroup.com Not Authorized To Send Internet E-mail>
I guess Exchange didn't like that and did reject the mail.
Usually the error message contains info about "mailserver generating
this message".
If you don't see that sender on your postfix gateway, then I guess
it's your internal exchange server.
Robert Fitzpatrick
> I guess Exchange didn't like that and did reject the mail.
> Usually the error message contains info about "mailserver generating
> this message".
Yes, that is what I hate about Exchange, the error messages vagueness.
Thanks.