On Thu, 2005-01-06 at 15:49 +0000, Paul Howarth wrote: > Don Flinn wrote: > > I suspect that an intruder may be using my node to send e-mail, because > > I have received some notices from my e-mail daemon that such and such > > was not available when I never sent e-mail to that person/address. > > > > How do I check if someone is logged in/using my machine? I'm running > > FC3. > > Please post the full headers of one of these notices. It's possible that > you're just getting backscatter due to a virus somewhere else forging > your address as the sender. > > Paul. > Paul Here is the info from the Mail Daemon (For clarity my name is not Monika :-). Some others on this mailing list also speculated that someone is spoofing my address and have not compromised my machine. Thanks to all for your suggestions. Don ------ Mail daemon message follows ------------ Reporting-MTA: dns; rly-nc05.mx.aol.com Arrival-Date: Thu, 30 Dec 2004 10:50:31 -0500 (EST) Final-Recipient: RFC822; beachboy99@xxxxxxxxxxxx Action: failed Status: 5.1.1 Remote-MTA: DNS; air-nc02.mail.aol.com Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND Last-Attempt-Date: Thu, 30 Dec 2004 10:50:55 -0500 (EST) Received: from 31.red-212-40-232.user.auna.net (31.red-212-40-232.user.auna.net [212.40.232.31]) by rly-nc05.mx.aol.com (v103.7) with ESMTP id MAILRELAYINNC56-68c41d423a72b4; Thu, 30 Dec 2004 10:50:18 -0500 Date: Thu, 30 Dec 2004 15:43:33 +0000 From: Monika <flinn@xxxxxxxxxxxx> To: beachboy99@xxxxxxxxxxxx Subject: =?Windows-1251?B?1OXp5fDi5fDq6CDu8iDv8O7o5+Lu5Ojy5ev/IO/uIO3o5 +ro7CD25e3g7C4=?= MIME-Version: 1.0 Content-Type: multipart/related; boundary="----------6BE01FA8FBDE43307081C8A850" X-AOL-IP: 212.40.232.31 X-AOL-SCOLL-SCORE: 0:2:31266268:1342177 X-AOL-SCOLL-URL_COUNT: 0 Message-ID: <200412301050.68c41d423a72b4@xxxxxxxxxxxxxxxxxxx> -- Don Flinn President, Flint Security LLC Tel: 781-856-7230 Fax: 781-631-7693 http://flintsecurity.com