Recipient address rejected [#24644]

Submitted by methownet on Fri, 12/21/2012 - 18:09 Pro Licensee

We are getting a ton of this mail suddenly. How can I tell where it is coming from? How can I stop it? Thanks, Jeff

Dec 21 15:24:56 gto postfix/smtpd[18684]: 1B2C316A6C3: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 tikaboo@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=tikaboo@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:24:56 gto postfix/smtpd[18684]: 1B2C316A6C3: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 tikaboo@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=tikaboo@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:24:57 gto postfix/smtpd[18684]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 ralph@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=ralph@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:24:57 gto postfix/smtpd[18684]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 ralph@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=ralph@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:25:37 gto postfix/smtpd[23012]: NOQUEUE: reject: RCPT from unknown[10.10.50.107]: 550 5.1.1 amyclements@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=dchristensen@methownet.com to=amyclements@methownet.com proto=ESMTP helo= Dec 21 15:25:56 gto postfix/smtpd[18684]: C455A167D51: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 jennisue@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=jennisue@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:25:56 gto postfix/smtpd[18684]: C455A167D51: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 jennisue@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=jennisue@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:27:22 gto postfix/smtpd[23012]: 92DF7167D51: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:27:22 gto postfix/smtpd[23012]: 92DF7167D51: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:27:24 gto postfix/smtpd[23012]: 92DF7167D51: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:27:24 gto postfix/smtpd[23012]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:28:22 gto postfix/smtpd[18684]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 methownet@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=methownet@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:28:22 gto postfix/smtpd[18684]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 methownet@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=methownet@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:18 gto postfix/smtpd[23012]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:18 gto postfix/smtpd[23012]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:19 gto postfix/smtpd[23012]: B07FD167E0E: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 timbercreek@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=timbercreek@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:19 gto postfix/smtpd[23012]: B07FD167E0E: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 timbercreek@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=timbercreek@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:37 gto postfix/smtpd[26921]: NOQUEUE: reject: RCPT from unknown[10.10.50.107]: 550 5.1.1 amyclements@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=dchristensen@methownet.com to=amyclements@methownet.com proto=ESMTP helo= Dec 21 15:30:56 gto postfix/smtpd[26921]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 pisco@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=pisco@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:30:56 gto postfix/smtpd[26921]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 pisco@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=pisco@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:31:19 gto postfix/smtpd[26921]: 48A64160C64: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 valleybike@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=valleybike@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:31:19 gto postfix/smtpd[26921]: 48A64160C64: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 valleybike@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=valleybike@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:31:52 gto postfix/smtpd[26013]: 43D23160C64: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 claudiascatering@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=claudiascatering@methownet.com proto=ESMTP helo=<bara.methownet.com> Dec 21 15:31:52 gto postfix/smtpd[26013]: 43D23160C64: reject: RCPT

Status:

Active

Comments

Submitted by methownet on Fri, 12/21/2012 - 18:28 Pro Licensee Comment #1

It looks like there are thousands of attempts to send messages to random addresses on our domain. They are mostly close to real addresses but come from domains all over the map.

Submitted by andreychek on Fri, 12/21/2012 - 18:32 Comment #2

Howdy -- it looks like the messages are being generates from the IP "63.142.200.163" -- is that your own server?

If so, that may mean a web app is generating those.

The messages you're seeing should then be delivered somewhere -- do you see anything in the mail log, or in /var/log/procmail.log, that shows where they're being delivered?

It's not obvious what's occurring from the logs, but the exact problem should be available within the message body.

Submitted by methownet on Fri, 12/21/2012 - 18:55 Pro Licensee Comment #3

The 163 is our spam server. All mail comes through there first and then arrives at the email servers. There is no subject or message body, but the header has a variety of domains which look almost randomly generated.
None of these messages shows in the procmail.log as they are undeliverable. In the mail log we see lines like this:

Dec 21 16:20:28 gto postfix/smtpd[31887]: NOQUEUE: reject: RCPT from bara.methownet.com[63.142.200.163]: 550 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table; from=postmaster@methownet.com to=captain@methownet.com proto=ESMTP helo=<bara.methownet.com>

we see them coming through our 163 spam server log file. In other words they seem to be coming from the outside world, but not from one source.

From: suodu@yahoo.com Time: 2012-12-21 16:39:29
To: captain@methownet.com Action: Blocked
Subject: Reason: Invalid Recipient (cuda_nsu 5.1.1 captain@methownet.com: Recipient address rejected: User unknown in virtual alias table )
Size: Score:
Source IP: (mail scanner service)

Submitted by methownet on Fri, 12/21/2012 - 19:14 Pro Licensee Comment #4

Perhaps unrelated to this but SpamAssassin keeps turning itself off as well