I found the following message sitting in my queue. I didn't personally
send it or expect it. Am I compromised? Or have I misconfigured
something? What's happening?
# smtpctl show queue
a75cffe88aefb624|local|mta|auth|@|[email protected]|[email protected]|1426254563|1426600163|0|18|pending|2029|Network
error on destination MXs
# smtpctl show envelope a75cffe88aefb624
version: 2
tag: local
type: mta
smtpname: localhost
helo: mail.targetmeister.com
hostname: localhost
errorline: Network error on destination MXs
sockaddr: local
sender: @
rcpt: [email protected]
dest: [email protected]
ctime: 1426254563
last-try: 0
last-bounce: 1426268963
expire: 345600
retry: 18
flags: authenticated
dsn-notify: 0
esc-class: 4
esc-code: 0
# smtpctl show message a75cffe88aefb624
Received: from mail.targetmeister.com (localhost [local]);
by localhost (OpenSMTPD) with ESMTPA id a75cffe8;
for <[email protected]>;
Fri, 13 Mar 2015 06:49:23 -0700 (MST)
Subject: Delivery status notification: error
From: Mailer Daemon <[email protected]>
To: [email protected]
Date: Fri, 13 Mar 2015 06:49:23 -0700 (MST)
Hi!
This is the MAILER-DAEMON, please DO NOT REPLY to this e-mail.
An error has occurred while attempting to deliver a message for
the following list of recipients:
[email protected]: Loop detected
Below is a copy of the original message:
Received: from dbec7fb95.dslam-172-17-49-245-0758-337.dsl.cantv.net
(190-199-251-149.dyn.dsl.cantv.net [190.199.251.149]);
by mail.targetmeister.com (OpenSMTPD) with ESMTP id 83ff3847;
for <[email protected]>;
Fri, 13 Mar 2015 06:49:19 -0700 (MST)
MIME-Version: 1.0
Date: Fri, 13 Mar 2015 09:19:15 -0430
Delivered-To: [email protected]
Message-ID: <[email protected]>
Subject: Invoice (13\03\2015) for payment to SOPHEON
From: Mitchell Holmes <[email protected]>
To: pachl <[email protected]>
Content-Type: multipart/mixed; boundary=001a348494BE3C1D8277EDA51815
--001a348494BE3C1D8277EDA51815
Content-Type: multipart/alternative; boundary=001a348494BE3C122577EDA51813
--001a348494BE3C122577EDA51813
Content-Type: text/plain; charset=UTF-8
--001a348494BE3C122577EDA51813
Content-Type: text/html; charset=UTF-8
--001a348494BE3C122577EDA51813--
--001a348494BE3C1D8277EDA51815
Content-Type: application/msword; name="7530AAH.doc"
Content-Disposition: attachment; filename="7530AAH.doc"
Content-Transfer-Encoding: base64
==========TRIMMED (PROBABLY A VIRUS)==========
--001a348494BE3C1D8277EDA51815--
# cat /etc/mail/smtpd.conf
table users "/etc/mail/users"
table passwd "/etc/mail/passwd"
table aliases "/etc/mail/aliases"
table domains "/etc/mail/domains"
pki mail.targetmeister.com certificate "/etc/ssl/mail.targetmeister.com.crt"
pki mail.targetmeister.com key "/etc/ssl/private/mail.targetmeister.com.key"
listen on localhost
listen on mail port smtp tls auth-optional <passwd>
listen on mail port submission tls-require auth <passwd>
accept from local for local alias <aliases> deliver to mbox
accept from any for domain <domains> virtual <users> deliver to maildir \
"/var/spool/vmail/%{dest.domain:lowercase}/%{dest.user:lowercase|strip}"
accept from local for any relay
# cat /etc/mail/domains
ecentryx.com
mokaz.com
targetmeister.com
# cat /etc/mail/mailname
mail.targetmeister.com
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
