# Help! Spam / relay problem with Sendmail



## Pipo (Jan 23, 2021)

Can anyone help me out with this.

Part 1. I am seeing daily messages in my Sendmail mail log.

[37.49.225.165] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
[185.100.87.191] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA

If I am correct, this means someone is trying to relay mail at my server. But not successful?
There are no lines in my log for mails being send.

Can anyone confirm there is no problem?

Part 2. Maybe this is related, but I am not sure.

I am also getting several Mailer-Daemon mails from other servers from their Mail Delivery System.

Content is: "A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:"
With may email addresses.

I think this is from email spoofing, but not through my server, because these are not in my logs.
If this is the case, it is a different problem which is insolvable. 

Can anyone confirm my conclusions, so I can sleep better.


----------



## drhowarddrfine (Jan 23, 2021)

1) Is no problem for you as you surmised.


----------



## ondra_knezour (Jan 23, 2021)

First "problem" is usually caused by spam viruses/malware, which burst whole message to the mail server ignoring proper SMTP protocol to achieve as fast as possible distribution.

Second one is this https://en.wikipedia.org/wiki/Backscatter_(email)


----------



## Pipo (Jan 24, 2021)

Thanks for the replies. Now I know I don't have a problem to solve.


----------



## facedebouc (Jan 24, 2021)

DSN (Delivery Status Notification) activated by default could be a problem for backscatter. With a valid email recipient on your domain a spammer can request a receipt sent by your mail server to any recipient in the From: or Return-Receipt-To: header fields.
More information on http://billauer.co.il/blog/2020/07/dsn-backscatter-spam-sendmail/


----------



## Pipo (Jan 26, 2021)

Very useful link. Thank you.
I am not an expert on this, but I think for me this is not the problem I have.
He gets failure warnings for the use of his email server for mails he never send.
My failure warnings are from other email servers. Because those email servers look legit, I cannot post them here.


----------

