Getting a lot of 'Postmaster' returned emails...

Tue Jun 29 16:52:49 IST 2004

In the last couple of days, I have received quite a few postmaster emails
in my inbox, with the problem being that the user in the email does not
exist. This morning, I received about a dozen of them.

Looking at the headers, it looks as if there is some virus running around
that is spoofing my domain, trying to send out random emails. The end
result is my inbox is filled with postmaster emails. I have yet to
implement a LDAP solution that will allow only email specified for legit users.

In the meantime, here are a few headers from some of the emails:

Final-Recipient: RFC822; 69jvb at courtesymortgage.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [192.168.1.165]
Diagnostic-Code: SMTP; 550 5.1.1 <69jvb at courtesymortgage.com>... User unknown
Last-Attempt-Date: Tue, 29 Jun 2004 04:32:50 -0700 (PDT)
Received: from mail2.ca.slr.com (exchrelay2.ca.slr.com [158.116.134.232])
        by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id i5TBWj0Z009165
        for <69jvb at courtesymortgage.com>; Tue, 29 Jun 2004 04:32:48 -0700 (PDT)
Received: from milexcbh2.slr.com ([10.134.8.219]) by mail2.ca.slr.com with
Microsoft SMTPSVC(5.0.2195.5329);
        Tue, 29 Jun 2004 04:38:17 -0700
Received: by milexcbh2.slr.com with Internet Mail Service (5.5.2657.72)
        id <M0GMA4SR>; Tue, 29 Jun 2004 04:35:50 -0700
Message-ID: <A9D60D615464D51186140003474186B53FFFA646 at milexcbh1.slr.com>
From: System Administrator <postmaster at ca.slr.com>
To: 69jvb at courtesymortgage.com
Subject: Undeliverable: You have Spyware! You must take action now! dpgsv

Final-Recipient: RFC822; rw at courtesymortgage.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [192.168.1.165]
Diagnostic-Code: SMTP; 550 5.1.1 <rw at courtesymortgage.com>... User unknown
Last-Attempt-Date: Tue, 29 Jun 2004 04:28:08 -0700 (PDT)
Return-Path: <>
Received: from computan.computan.on.ca (root at computan.computan.on.ca
[209.5.80.10])
        by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id i5TBRxgk009144
        for <rw at courtesymortgage.com>; Tue, 29 Jun 2004 04:28:03 -0700 (PDT)
Received: from localhost (localhost)
        by computan.computan.on.ca (8.12.10/8.12.10) id i5TBW8vd019803;
        Tue, 29 Jun 2004 07:32:08 -0400 (EDT)
Date: Tue, 29 Jun 2004 07:32:08 -0400 (EDT)
From: Mail Delivery Subsystem <MAILER-DAEMON at computan.com>
Message-Id: <200406291132.i5TBW8vd019803 at computan.computan.on.ca>
To: <rw at courtesymortgage.com>

Final-Recipient: RFC822; ysj at courtesymortgage.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [192.168.1.165]
Diagnostic-Code: SMTP; 550 5.1.1 <ysj at courtesymortgage.com>... User unknown
Last-Attempt-Date: Tue, 29 Jun 2004 03:42:25 -0700 (PDT)
Return-Path: <>
Received: from oca.otari.com (adsl-68-123-231-94.dsl.irvnca.pacbell.net
[68.123.231.94])
        by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id i5TAgL4A009050
        for <ysj at courtesymortgage.com>; Tue, 29 Jun 2004 03:42:22 -0700 (PDT)
Received: by OCA with Internet Mail Service (5.5.2650.21)
        id <N5GDYG0K>; Tue, 29 Jun 2004 03:55:45 -0700
Message-ID: <700DB9E35FDAD71199CC00609771317C66C697 at OCA>
From: System Administrator <postmaster at OTARI.com>
To: ysj at courtesymortgage.com
Subject: Undeliverable: FTC Consumer Alert qqxxl

Anyone else seen an increase in receiving these lately?
Any recommendations on how to fix this?

I appreciate the help.

Jason

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html