[lug] Email spam

Justin glow at jackmoves.com
Wed Apr 24 08:15:39 MDT 2002 

I have been getting spam email in my www mailbox on my server for quite 
a while now. I have the from header being rejected by the mail server 
but I'm still getting messages in the www box. I don't know if 
something is configured wrong with my mail server or what is allowing 
someone to still do something like this. The emails come daily and are 
always exactly the same thing. Below is the actuall text for the email 
box from /var/spool/mail/www:

++++
>From MAILER-DAEMON  Mon Apr 22 15:44:07 2002
Return-Path: <>
Delivered-To: www at jackmoves.com
Received: by oldschool.jackmoves.com (Postfix) via BOUNCE
        id C5D413D3E; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
From: MAILER-DAEMON at jackmoves.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: www at jackmoves.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="B5E693D3D.1019511847/oldschool.jackmoves.com"
Message-Id: <20020422214407.C5D413D3E at oldschool.jackmoves.com>

This is a MIME-encapsulated message.

--B5E693D3D.1019511847/oldschool.jackmoves.com
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host oldschool.jackmoves.com.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

                        The Postfix program

<unknown>: Message processing aborted: No recipients specified

--B5E693D3D.1019511847/oldschool.jackmoves.com
Content-Description: Delivery error report
Content-Type: message/delivery-status

Reporting-MTA: dns; oldschool.jackmoves.com
Arrival-Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)

Final-Recipient: rfc822; unknown
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; Message processing aborted: No recipients 
specified

--B5E693D3D.1019511847/oldschool.jackmoves.com
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: by oldschool.jackmoves.com (Postfix, from userid 80)
        id B5E693D3D; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
To: 
From: BritneySpears at hollywood.net
Reply-To: BritneySpears at hollywood.net
Subject: new site feedback
Message-Id: <20020422214407.B5E693D3D at oldschool.jackmoves.com>
Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)

Whatup, foo.  Somebody said something about your site.
--B5E693D3D.1019511847/oldschool.jackmoves.com--
++++

I'm not sure why the bounce message comes first? 

And here is what was in my /var/log/maillog for the same time frame:

++++
Apr 22 15:44:07 oldschool postfix/cleanup[24411]: B5E693D3D: reject: 
header From: 
BritneySpears at hollywood.net; from=<www at jackmoves.com> to=<unknown>
++++

I have a feeling something is not right with my mail server. I'm 
running Postfix and other than this everything is fine. Can anyone shed 
some light on this? TIA.

Justin

-----
glow at jackmoves.com
www.jackmoves.com

More information about the LUG mailing list