On Mon, Jan 27, 2003 at 11:09:54AM -0600, will trillich wrote: | does this [see attachment] indicate that some spammer has found | a way to get me to relay his mail? aaugh!
No. It means you are the victim of a spammer using your addess as the return address. Follow the headers in the message : | Return-path: <> The "return-path" is a header the MTA can add to show what the envelope sender (return address) was. In this case it is the "NULL" sender which indicates the message is a bounce message. | Envelope-to: [EMAIL PROTECTED] It was sent to you. | Received: from mail by server with spam-scanned (Exim 3.35 #1 (Debian)) | id 18d1GP-0001TE-00 | for <[EMAIL PROTECTED]>; Sun, 26 Jan 2003 22:52:55 -0600 Your machine received it from your machine, probably using the SA configuration documented on my web site. This is normal. | Received: from mx02.lexis-nexis.com ([207.25.178.45] helo=lexis-nexis.com) | by server with esmtp (Exim 3.35 #1 (Debian)) | id 18d1GP-0001TB-00 | for <[EMAIL PROTECTED]>; Sun, 26 Jan 2003 22:52:53 -0600 Here's the key. Some other machine (mx02.lexis-nexis.com, 207.25.178.45) connected to yours and handed off a message intended for [EMAIL PROTECTED] Since the message was for you, exim took it and delivered it to you. | Received: from localhost (localhost) | by lexis-nexis.com (8.10.2+Sun/8.10.2) id h0R4pnc10794; | Sun, 26 Jan 2003 23:51:49 -0500 (EST) Apparently they are running sendmail. The bounce message came from their own machine since sendmail generated it. Next look at the original message : | Return-Path: <[EMAIL PROTECTED]> You were the "sender" of the message. (the return address is all that matters, and that's where bounces will go, and it is trivial to forge it) | Received: from lexisnexis.com ([211.144.100.21]) | by lexis-nexis.com (8.10.2+Sun/8.10.2) with ESMTP id h0R4pgc10779 | for <[EMAIL PROTECTED]>; | Sun, 26 Jan 2003 23:51:44 -0500 (EST) Their machine received it from another one of their machines. This, combined with the X-Mailer header, makes it appear that they have an outer sendmail that takes the message from the world (without verifying the recipient), clears the existing Received: headers, and passes it on to their "real" sendmail. The real sendmail rejected the recipient as an unknown user, hence the relay system generated the bounce message. | X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Your system is ok, Will. It is unfortunate, however, when spammers can abuse correct but sub-optimal SMTP servers to deliver the spam as a bounce. -D -- Microsoft has argued that open source is bad for business, but you have to ask, "Whose business? Theirs, or yours?" --Tim O'Reilly http://dman.ddts.net/~dman/
msg26632/pgp00000.pgp
Description: PGP signature
