Sender address rejected: Domain not found
in [Postfix]
|
From: Robert Fitzpatrick on 2 Jun 2010 08:50 I am getting a lot of these for various domains... Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 <onlinebanking.elarts(a)onlinealert.bankofamerica.com>: Sender address rejected: Domain not found; from=<onlinebanking.elarts(a)onlinealert.bankofamerica.com> to=<deanr(a)plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com> I assume these are legitimate rejects since the helo domain is cypresspartners.com and I did not find an A record for that domain. Is that correct? Just want to confirm since I have a user not receiving an auto-email from BOA. But not this user above. Thanks, Robert
From: John Peach on 2 Jun 2010 08:55 On Wed, 02 Jun 2010 08:50:53 -0400 Robert Fitzpatrick <lists(a)webtent.net> wrote: > I am getting a lot of these for various domains... > > Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT > from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 > <onlinebanking.elarts(a)onlinealert.bankofamerica.com>: Sender address > rejected: Domain not found; > from=<onlinebanking.elarts(a)onlinealert.bankofamerica.com> > to=<deanr(a)plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com> > > I assume these are legitimate rejects since the helo domain is > cypresspartners.com and I did not find an A record for that domain. > Is that correct? > > Just want to confirm since I have a user not receiving an auto-email > from BOA. But not this user above. Phishing scam: ** server can't find onlinealert.bankofamerica.com: NXDOMAIN besides which, BoA is not likely to send anything through cypresspartners.com. > > Thanks, Robert -- John
From: Ralf Hildebrandt on 2 Jun 2010 08:56 * Robert Fitzpatrick <lists(a)webtent.net>: > I am getting a lot of these for various domains... > > Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT > from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 > <onlinebanking.elarts(a)onlinealert.bankofamerica.com>: Sender address > rejected: Domain not found; > from=<onlinebanking.elarts(a)onlinealert.bankofamerica.com> > to=<deanr(a)plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com> > > I assume these are legitimate rejects since the helo domain is > cypresspartners.com and I did not find an A record for that domain. > Is that correct? No. $ host onlinealert.bankofamerica.com Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN) $ host -t mx onlinealert.bankofamerica.com Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Matt Hayes on 2 Jun 2010 08:57 On 6/2/2010 8:50 AM, Robert Fitzpatrick wrote: > I am getting a lot of these for various domains... > > Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT from > mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 > <onlinebanking.elarts(a)onlinealert.bankofamerica.com>: Sender address > rejected: Domain not found; > from=<onlinebanking.elarts(a)onlinealert.bankofamerica.com> > to=<deanr(a)plasticert.com> proto=ESMTP helo=<mail.cypresspartners.com> > > I assume these are legitimate rejects since the helo domain is > cypresspartners.com and I did not find an A record for that domain. Is > that correct? > > Just want to confirm since I have a user not receiving an auto-email > from BOA. But not this user above. > > Thanks, Robert Considering that 'mail.cypresspartners.com' isn't showing as an authorized MX for bankofamerica.com, I'm assuming this is a spam attempt that has failed. It appears that mail.cypresspartners.com is a postfix server which appears, to me at least, to be sending out spam. -Matt
From: Ralf Hildebrandt on 2 Jun 2010 09:00
* Matt Hayes <dominian(a)slackadelic.com>: > It appears that mail.cypresspartners.com is a postfix server which > appears, to me at least, to be sending out spam. http://www.robtex.com/ip/72.242.211.227.html#blacklists They should stick to trees, no servers. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de |