On Sat, Mar 14, 2015 at 06:27:24PM -0700, Clint Pachl wrote: > I found the following message sitting in my queue. I didn't personally send > it or expect it. Am I compromised? Or have I misconfigured something? What's > happening? >
No you are not compromised. You didn't misconfigure anything. Read below. > > [...] > > # smtpctl show message a75cffe88aefb624 > Received: from mail.targetmeister.com (localhost [local]); > by localhost (OpenSMTPD) with ESMTPA id a75cffe8; > for <[email protected]>; > Fri, 13 Mar 2015 06:49:23 -0700 (MST) > Subject: Delivery status notification: error > From: Mailer Daemon <[email protected]> > To: [email protected] > Date: Fri, 13 Mar 2015 06:49:23 -0700 (MST) > > Hi! > > This is the MAILER-DAEMON, please DO NOT REPLY to this e-mail. > > An error has occurred while attempting to deliver a message for > the following list of recipients: > > [email protected]: Loop detected > > Below is a copy of the original message: > > Received: from dbec7fb95.dslam-172-17-49-245-0758-337.dsl.cantv.net > (190-199-251-149.dyn.dsl.cantv.net [190.199.251.149]); > by mail.targetmeister.com (OpenSMTPD) with ESMTP id 83ff3847; > for <[email protected]>; > Fri, 13 Mar 2015 06:49:19 -0700 (MST) > MIME-Version: 1.0 > Date: Fri, 13 Mar 2015 09:19:15 -0430 > Delivered-To: [email protected] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The original message contained a Delivered-To line that actually matched the recipient it was currently trying to deliver to. The Delivered-To header is prepended by OpenSMTPD _after_ a message gets accepted and _before_ it is delivered to the end users. If OpenSMTPD see the Delivered-To header matching the end user before it has prepended it then it can assume that delivering to the user causes a loop. So, in practice, if you see the Delivered-To in your original message it can only mean two things: 1- the recipient has a script in his ~/.forward file which sends message back to himself over the network. 2- the sender has forged it (which is the case here as the header is not even prepended but inserted in the middle of other headers. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
