[lug] Email spam

Hugh Brown hugh at vecna.com
Wed Apr 24 09:52:20 MDT 2002


It looks like you are set to autoreply to the messages sent to www at ...

So, the bounce reply comes because the autoreply mechanism can't find
anyone to send the message to, so it is letting you know that your
message back to the spammer failed.

That's what it looks like to me, whatever that's worth.

Hugh


On Wed, 2002-04-24 at 10:15, Justin wrote:
> I have been getting spam email in my www mailbox on my server for quite 
> a while now. I have the from header being rejected by the mail server 
> but I'm still getting messages in the www box. I don't know if 
> something is configured wrong with my mail server or what is allowing 
> someone to still do something like this. The emails come daily and are 
> always exactly the same thing. Below is the actuall text for the email 
> box from /var/spool/mail/www:
> 
> ++++
> >From MAILER-DAEMON  Mon Apr 22 15:44:07 2002
> Return-Path: <>
> Delivered-To: www at jackmoves.com
> Received: by oldschool.jackmoves.com (Postfix) via BOUNCE
>         id C5D413D3E; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> From: MAILER-DAEMON at jackmoves.com (Mail Delivery System)
> Subject: Undelivered Mail Returned to Sender
> To: www at jackmoves.com
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
>         boundary="B5E693D3D.1019511847/oldschool.jackmoves.com"
> Message-Id: <20020422214407.C5D413D3E at oldschool.jackmoves.com>
> 
> This is a MIME-encapsulated message.
> 
> --B5E693D3D.1019511847/oldschool.jackmoves.com
> Content-Description: Notification
> Content-Type: text/plain
> 
> This is the Postfix program at host oldschool.jackmoves.com.
> 
> I'm sorry to have to inform you that the message returned
> below could not be delivered to one or more destinations.
> 
> For further assistance, please send mail to <postmaster>
> 
> If you do so, please include this problem report. You can
> delete your own text from the message returned below.
> 
>                         The Postfix program
> 
> <unknown>: Message processing aborted: No recipients specified
> 
> --B5E693D3D.1019511847/oldschool.jackmoves.com
> Content-Description: Delivery error report
> Content-Type: message/delivery-status
> 
> Reporting-MTA: dns; oldschool.jackmoves.com
> Arrival-Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> 
> Final-Recipient: rfc822; unknown
> Action: failed
> Status: 5.0.0
> Diagnostic-Code: X-Postfix; Message processing aborted: No recipients 
> specified
> 
> --B5E693D3D.1019511847/oldschool.jackmoves.com
> Content-Description: Undelivered Message
> Content-Type: message/rfc822
> 
> Received: by oldschool.jackmoves.com (Postfix, from userid 80)
>         id B5E693D3D; Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> To: 
> From: BritneySpears at hollywood.net
> Reply-To: BritneySpears at hollywood.net
> Subject: new site feedback
> Message-Id: <20020422214407.B5E693D3D at oldschool.jackmoves.com>
> Date: Mon, 22 Apr 2002 15:44:07 -0600 (MDT)
> 
> Whatup, foo.  Somebody said something about your site.
> --B5E693D3D.1019511847/oldschool.jackmoves.com--
> ++++
> 
> I'm not sure why the bounce message comes first? 
> 
> And here is what was in my /var/log/maillog for the same time frame:
> 
> ++++
> Apr 22 15:44:07 oldschool postfix/cleanup[24411]: B5E693D3D: reject: 
> header From: 
> BritneySpears at hollywood.net; from=<www at jackmoves.com> to=<unknown>
> ++++
> 
> I have a feeling something is not right with my mail server. I'm 
> running Postfix and other than this everything is fine. Can anyone shed 
> some light on this? TIA.
> 
> Justin





More information about the LUG mailing list