> -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of > kevin.kempter@xxxxxxxxxxxxxxxxx > Sent: Wednesday, September 14, 2005 8:40 PM > To: fedora-list@xxxxxxxxxx > Subject: OT - has my email domain been hijacked? > > Returned mail: User unknown > Hi List; > > I keep getting emails similar to the text below. I/We own the > domain dataintellect.com and we have email addresses setup > however I always see a bogus dataintellect.com email address > as the sender. > > -or is this simply a random spam email? > > Thanks in advance for any advice... > > > ================================================ > > From: > Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxx> > To: > carina_x@xxxxxxxxxxxxxxxxx > Date: > Today 13:31:26 > > Spam Status: Spamassassin 0% probability of being spam. > > Full report: > No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no > version=3.0.4 The original message was received at Wed, 14 > Sep 2005 15:31:23 -0400 (EDT) from > client-201.230.112.161.speedy.net.pe [201.230.112.161] > > > *** ATTENTION *** > > Your e-mail is being returned to you because there was a > problem with its delivery. The address which was > undeliverable is listed in the section > labeled: "----- The following addresses had permanent fatal > errors -----". > > The reason your mail is being returned to you is listed in the section > labeled: "----- Transcript of Session Follows -----". > > The line beginning with "<<<" describes the specific reason > your e-mail could not be delivered. The next line contains a > second error message which is a general translation for other > e-mail servers. > > Please direct further questions regarding this message to > your e-mail administrator. > > --AOL Postmaster > > > > ----- The following addresses had permanent fatal errors > ----- <acardi@xxxxxx> <adorablealicia@xxxxxx> > <aclaudet@xxxxxx> <acarter5@xxxxxx> <acrader@xxxxxx> > > ----- Transcript of session follows ----- ... while > talking to air-yg01.mail.aol.com.: > >>> RCPT To:<acrader@xxxxxx> > <<< 550 MAILBOX NOT FOUND > 550 <acrader@xxxxxx>... User unknown > >>> RCPT To:<acarter5@xxxxxx> > <<< 550 MAILBOX NOT FOUND > 550 <acarter5@xxxxxx>... User unknown > >>> RCPT To:<aclaudet@xxxxxx> > <<< 550 MAILBOX NOT FOUND > 550 <aclaudet@xxxxxx>... User unknown > >>> RCPT To:<adorablealicia@xxxxxx> > <<< 550 MAILBOX NOT FOUND > 550 <adorablealicia@xxxxxx>... User unknown > >>> RCPT To:<acardi@xxxxxx> > <<< 550 MAILBOX NOT FOUND > 550 <acardi@xxxxxx>... User unknown > unnamed > > Received: from client-201.230.112.161.speedy.net.pe > (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by > rly-yg02.mx.aol.com (v107.10) with ESMTP id > MAILRELAYINYG23-26f43287a8232f; Wed, 14 Sep 2005 15:31:21 -0400 > Received: from mail.strawberrysampler.com ([64.118.71.80]) by > 201.230.112.161 with ESMTP id 4868741; > Wed, 14 Sep 2005 19:21:59 -0100 > Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 > Sep 2005 19:21:59 -0100 > Date: Wed, 14 Sep 2005 19:21:59 -0100 > Message-ID: <20050914.68664.carina_x@xxxxxxxxxxxxxxxxx> > From: "Men of Focus" <carina_x@xxxxxxxxxxxxxxxxx> > Sender: carina_x@xxxxxxxxxxxxxxxxx > To: acardi@xxxxxx, adorablealicia@xxxxxx, aclaudet@xxxxxx, > acarter5@xxxxxx, > acrader@xxxxxx > X-Responder-ID: 14 > Subject: Living without concerns! > Content-Type: text/html; charset="UTF-8" > X-AOL-IP: 201.230.112.161 > X-AOL-SCOLL-SCORE: 1:2:306687321:10737418 > X-AOL-SCOLL-URL_COUNT: 3 > That appears to be a SPAMMER who is faking a user ID at your domain in the from address. The dumb mail server of some of the recipients hasn't worked out that the headers are forged, so it is returning the 'unknown address error' back to you instead of the source. What it should do is look at the headers to see that it is faked, and just bin it without doing nothing. It appears to be from: 201.230.112.161 client-201.230.112.161.speedy.net.pe Host reachable, 488 ms. average 201.230.112.128 - 201.230.112.255 PE-TDPERX3-LACNIC Av. San Felipe 1144 Surquillo, 1144, edi A 34 - Lima - Peru +51 1 210-6771 [] Gestion Dir. IP Telefonica del Peru gestionip@xxxxxxxxxxxxxxxxx Calle San Felipe 1144, 1144, LI34 - Lima - LI Peru phone: +51 1 2106771 [] PE-PETD9-LACNIC Created: 17-Aug-2005 Updated: 17-Aug-2005 Source: whois.lacnic.net So I would forward on to them: That is unless of course your server is acting like an open relay (which it is not). Regards Chris
