PDA

View Full Version : Hundreds Of Mail Delivery Failure



rhodan
07-17-2004, 01:37 AM
OK my default email account seems to be getting thousands of emails being bounced to it saying the following:

----- Transcript of session follows -----
553 5.0.0 Unbalanced '('
... while talking to mailin-01.mx.aol.com.:
<<< 554-(RLY:B1) The information presently available to AOL indicates this
<<< 554-server is generating high volumes of member complaints from AOL's
<<< 554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
<<< 554-http://www.aol.com/info/bulkemail.html AOL may not accept further
<<< 554-e-mail transactions from this server or domain. For more information,
<<< 554 please visit http://postmaster.info.aol.com.
... while talking to mailin-03.mx.aol.com.:
>>> QUIT
<<< 554-(RLY:B1) The information presently available to AOL indicates this
<<< 554-server is generating high volumes of member complaints from AOL's
<<< 554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
<<< 554-http://www.aol.com/info/bulkemail.html AOL may not accept further
<<< 554-e-mail transactions from this server or domain. For more information,
<<< 554 please visit http://postmaster.info.aol.com.
... while talking to mailin-02.mx.aol.com.:
>>> QUIT
<<< 554-(RLY:B1) The information presently available to AOL indicates this
<<< 554-server is generating high volumes of member complaints from AOL's
<<< 554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
<<< 554-http://www.aol.com/info/bulkemail.html AOL may not accept further
<<< 554-e-mail transactions from this server or domain. For more information,
<<< 554 please visit http://postmaster.info.aol.com.
... while talking to mailin-04.mx.aol.com.:
>>> QUIT
<<< 554-(RLY:B1) The information presently available to AOL indicates this
<<< 554-server is generating high volumes of member complaints from AOL's
<<< 554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
<<< 554-http://www.aol.com/info/bulkemail.html AOL may not accept further
<<< 554-e-mail transactions from this server or domain. For more information,
<<< 554 please visit http://postmaster.info.aol.com.
554 5.0.0 Service unavailable
554 5.0.0 Service unavailable
554 5.0.0 Service unavailable

All of the emails being sent out are to aol and each delivery failure seems to have hundreds of email addy's in it. Plus now my entire domain is banned from sending any email to aol.

Is my email being hijacked or is somebody just using my email name as their reply-to address?

This is becomming a major battle now and my disk space is being severly compromised because of this. I just downloaded over 3,000 rejected email notices.

Thanks for any help you can offer.

rhodan
07-17-2004, 02:12 AM
Ok I figured out where this seems to be coming from.

Mon, 12 Jul 2004 09:44:13 MDT
X-Mailer: cgiemail 1.6
(form="http://www.pittsburghnewage.net/")
(action="/cgi-bin/cgiemail/forms/order.txt")
From: treva732@pittsburghnewage.net ()
from: AmazingIPOIssue289@tcw.net
bcc:

I don't remember ever installing cgiemail on my site, but some of the scripts were there, although the /cgi-bin/cgiemail/forms/order.txt is not a valid path. Major security issue with cgiemail: http://ask-leo.com/archives/000028.html

Uggggggg..............

I deleted anything that says cgiemail in it, but I don't know if I got it all. Anyone familiar with this issue? Anyone know what I need to remove in order to destroy this security issue?

wildjokerdesign
07-17-2004, 05:17 AM
If you have removed the file from your cgi-bin then you should be fine. The is the program itself. The order.txt file is simply a default config example and is just a text file that is not harm by itself. I believe those are the ony two files the default WH version had. An email warning was sent out by WH a month or so back. Did you get it or have you been getting there monthly notices. If not you may check to make sure they have a current email address for you so you can make sure and get notices of such issues.

GhoulFAN
07-24-2004, 11:28 AM
This is what exactly happend to me also. I found the cgiemail mentioned and moved it into another folder and locked it. After about another 48 hours, the last of emails that were bouncing back to me stopped and my email is quiet again