-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Don Flinn wrote:
|On Thu, 2005-01-06 at 15:49 +0000, Paul Howarth wrote: | |>Don Flinn wrote: |> |>>I suspect that an intruder may be using my node to send e-mail, because |>>I have received some notices from my e-mail daemon that such and such |>>was not available when I never sent e-mail to that person/address. |>> |>>How do I check if someone is logged in/using my machine? I'm running |>>FC3. |> |>Please post the full headers of one of these notices. It's possible that |>you're just getting backscatter due to a virus somewhere else forging |>your address as the sender. |> |>Paul. |> | |Paul | |Here is the info from the Mail Daemon (For clarity my name is not |Monika :-). Some others on this mailing list also speculated that |someone is spoofing my address and have not compromised my machine. |Thanks to all for your suggestions. | |Don | |------ Mail daemon message follows ------------ |Reporting-MTA: dns; rly-nc05.mx.aol.com |Arrival-Date: Thu, 30 Dec 2004 10:50:31 -0500 (EST) | |Final-Recipient: RFC822; beachboy99@xxxxxxxxxxxx |Action: failed |Status: 5.1.1 |Remote-MTA: DNS; air-nc02.mail.aol.com |Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND |Last-Attempt-Date: Thu, 30 Dec 2004 10:50:55 -0500 (EST) | | |Received: from 31.red-212-40-232.user.auna.net |(31.red-212-40-232.user.auna.net [212.40.232.31]) by rly-nc05.mx.aol.com |(v103.7) with ESMTP id MAILRELAYINNC56-68c41d423a72b4; Thu, 30 Dec 2004 |10:50:18 -0500 |Date: Thu, 30 Dec 2004 15:43:33 +0000 |From: Monika <flinn@xxxxxxxxxxxx> |To: beachboy99@xxxxxxxxxxxx |Subject: =?Windows-1251?B?1OXp5fDi5fDq6CDu8iDv8O7o5+Lu5Ojy5ev/IO/uIO3o5 |+ro7CD25e3g7C4=?= |MIME-Version: 1.0 |Content-Type: multipart/related; | boundary="----------6BE01FA8FBDE43307081C8A850" |X-AOL-IP: 212.40.232.31 |X-AOL-SCOLL-SCORE: 0:2:31266268:1342177 |X-AOL-SCOLL-URL_COUNT: 0 |Message-ID: <200412301050.68c41d423a72b4@xxxxxxxxxxxxxxxxxxx> | | (1) AOL doesn't relay messages for non members, that I'm aware of. (2) The IP address in question: 212.40.232.31 has a slow response time at the destination... probably due to the 100's of emails being sent out.
In conclusion: ~ The email is probably a VIRUS, sent directly from the above IP... spoofing as AOL sending a return notice back to you. ~ I've had this happen a few times. The best you can do is email the domain administrator for the domain that owns the IP address in question asking them to investigate the matter.
Thanks, James
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB3tuUkNLDmnu1kSkRAlviAJ9OfEf0ZNE70aI4a3Xn/tBwlcFDSACfbEcO yu1uysPQfXFxAlNowCNFxf4= =Mef3 -----END PGP SIGNATURE-----