Skip to main content

1000s of "Mail delivery deferred" messages for emails from non-existent addresses

Comments

6 comments

  • cPanelLauren
    Hello, To clarify you are receiving thousands of emails to addresses that don't exist on your server or you are sending them?
    0
  • Sharcupine
    Hi Lauren, I'm receiving thousands of "Mail Delivery Deferred" emails from "Mail Delivery System" to one of the client's inboxes. Inside those emails it reads: "This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred: [xxxx]@gmail.com Domain [my client's domain] has exceeded the max emails per hour (506/500 (101%)) allowed. Message will be reattempted later ------- This is a copy of the message, including all the headers. ------" Then the copied messages below that line vary, including the "From" email address in the header. However, the "From" emails all of have the client's domain name, but the actual email addresses don't exist on the server. I hope that makes sense. -Scott
    0
  • keat63
    Could this be caused by the following scenario. Spammer sends 1000's of emails to nonexistent-email@yourdomain.com Your server responds with 'no such user here' Godaddy maybe has a sending per hour limitation and now all those bounce messages are stuck in a queue. If so then maybe consider, in Cpanel > Email > Default User > Advanced Options Setting the default to 'Discard' It's not recommended purely because its not RFC complaint. However, it won't have any adverse effect as it's not policed. The only adverse effect it might have is if someone send to an email and does a typo. Sends to 'jon.doe' instead of 'john.doe', he wouldn't get a bounce back. Or a similar situation where GreyListing is invoked
    0
  • cPanelLauren
    Hi Lauren, I'm receiving thousands of "Mail Delivery Deferred" emails from "Mail Delivery System" to one of the client's inboxes. Inside those emails it reads: "This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred: [xxxx]@gmail.com Domain [my client's domain] has exceeded the max emails per hour (506/500 (101%)) allowed. Message will be reattempted later ------- This is a copy of the message, including all the headers. ------" Then the copied messages below that line vary, including the "From" email address in the header. However, the "From" emails all of have the client's domain name, but the actual email addresses don't exist on the server. I hope that makes sense. -Scott

    Ok that's why I clarified, one user is receiving bounceback for a large amount of mail that the didn't send correct? I would suggest that this user immediately change their password or you do it for them as this appears to be on the surface (from the information I have thus far) to be a password compromise.
    0
  • Sharcupine
    Could this be caused by the following scenario. Spammer sends 1000's of emails to nonexistent-email@yourdomain.com Your server responds with 'no such user here' Godaddy maybe has a sending per hour limitation and now all those bounce messages are stuck in a queue. If so then maybe consider, in Cpanel > Email > Default User > Advanced Options Setting the default to 'Discard' It's not recommended purely because its not RFC complaint. However, it won't have any adverse effect as it's not policed. The only adverse effect it might have is if someone send to an email and does a typo. Sends to 'jon.doe' instead of 'john.doe', he wouldn't get a bounce back. Or a similar situation where GreyListing is invoked

    You described the situation perfectly, but the default was already set to "Discard." Thank you for the idea though.
    0
  • Sharcupine
    Ok that's why I clarified, one user is receiving bounceback for a large amount of mail that the didn't send correct? I would suggest that this user immediately change their password or you do it for them as this appears to be on the surface (from the information I have thus far) to be a password compromise.

    Thanks Lauren. Yes, it is the one email address that is receiving a large amount of bounceback messages for emails no one had sent. I've gone ahead and deleted the email address altogether, as it wasn't actively being used anyway. So far it seems to have unclogged the pipes, as legitimate emails are finally going out without a problem. Hopefully, things continues to run smoothly. Thanks again, Scott
    0

Please sign in to leave a comment.