Getting a lot of 'Postmaster' returned emails...

Scott Phillips spam at CORN-BREAD.ORG
Tue Jun 29 20:35:31 IST 2004 

 This email spoofing has been a huge problem ever since the virus outbreaks
 last August.
 In fact, this part of the reason why virus scanners no longer notify the
 remote party
 if an infected email is found: chances are it didn't come from that person
 in the first place.

 Not much you can really do though.  At first I would look at the sender IP
 and try to
 notify the admin that they have a virused user.  However that proved
futile.

 These days I have my admin messages delivered to another account, one that
 is rarely checked :/

> ----- Original Message -----
> From: "Jason Williams" <jwilliams at COURTESYMORTGAGE.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Tuesday, June 29, 2004 8:52 AM
> Subject: Getting a lot of 'Postmaster' returned emails...
>
>
> > In the last couple of days, I have received quite a few postmaster
emails
> > in my inbox, with the problem being that the user in the email does not
> > exist. This morning, I received about a dozen of them.
> >
> > Looking at the headers, it looks as if there is some virus running
around
> > that is spoofing my domain, trying to send out random emails. The end
> > result is my inbox is filled with postmaster emails. I have yet to
> > implement a LDAP solution that will allow only email specified for legit
> users.
> >
> > In the meantime, here are a few headers from some of the emails:
> >
> > Final-Recipient: RFC822; 69jvb at courtesymortgage.com
> > Action: failed
> > Status: 5.1.1
> > Remote-MTA: DNS; [192.168.1.165]
> > Diagnostic-Code: SMTP; 550 5.1.1 <69jvb at courtesymortgage.com>... User
> unknown
> > Last-Attempt-Date: Tue, 29 Jun 2004 04:32:50 -0700 (PDT)
> > Received: from mail2.ca.slr.com (exchrelay2.ca.slr.com
[158.116.134.232])
> >         by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id
> i5TBWj0Z009165
> >         for <69jvb at courtesymortgage.com>; Tue, 29 Jun 2004
04:32:48 -0700
> (PDT)
> > Received: from milexcbh2.slr.com ([10.134.8.219]) by mail2.ca.slr.com
with
> > Microsoft SMTPSVC(5.0.2195.5329);
> >         Tue, 29 Jun 2004 04:38:17 -0700
> > Received: by milexcbh2.slr.com with Internet Mail Service (5.5.2657.72)
> >         id <M0GMA4SR>; Tue, 29 Jun 2004 04:35:50 -0700
> > Message-ID: <A9D60D615464D51186140003474186B53FFFA646 at milexcbh1.slr.com>
> > From: System Administrator <postmaster at ca.slr.com>
> > To: 69jvb at courtesymortgage.com
> > Subject: Undeliverable: You have Spyware! You must take action now!
dpgsv
> >
> >
> >
> >
> > Final-Recipient: RFC822; rw at courtesymortgage.com
> > Action: failed
> > Status: 5.1.1
> > Remote-MTA: DNS; [192.168.1.165]
> > Diagnostic-Code: SMTP; 550 5.1.1 <rw at courtesymortgage.com>... User
unknown
> > Last-Attempt-Date: Tue, 29 Jun 2004 04:28:08 -0700 (PDT)
> > Return-Path: <>
> > Received: from computan.computan.on.ca (root at computan.computan.on.ca
> > [209.5.80.10])
> >         by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id
> i5TBRxgk009144
> >         for <rw at courtesymortgage.com>; Tue, 29 Jun 2004 04:28:03 -0700
> (PDT)
> > Received: from localhost (localhost)
> >         by computan.computan.on.ca (8.12.10/8.12.10) id i5TBW8vd019803;
> >         Tue, 29 Jun 2004 07:32:08 -0400 (EDT)
> > Date: Tue, 29 Jun 2004 07:32:08 -0400 (EDT)
> > From: Mail Delivery Subsystem <MAILER-DAEMON at computan.com>
> > Message-Id: <200406291132.i5TBW8vd019803 at computan.computan.on.ca>
> > To: <rw at courtesymortgage.com>
> >
> >
> >
> > Final-Recipient: RFC822; ysj at courtesymortgage.com
> > Action: failed
> > Status: 5.1.1
> > Remote-MTA: DNS; [192.168.1.165]
> > Diagnostic-Code: SMTP; 550 5.1.1 <ysj at courtesymortgage.com>... User
> unknown
> > Last-Attempt-Date: Tue, 29 Jun 2004 03:42:25 -0700 (PDT)
> > Return-Path: <>
> > Received: from oca.otari.com (adsl-68-123-231-94.dsl.irvnca.pacbell.net
> > [68.123.231.94])
> >         by mail.courtesymortgage.com (8.12.11/8.12.11) with ESMTP id
> i5TAgL4A009050
> >         for <ysj at courtesymortgage.com>; Tue, 29 Jun 2004 03:42:22 -0700
> (PDT)
> > Received: by OCA with Internet Mail Service (5.5.2650.21)
> >         id <N5GDYG0K>; Tue, 29 Jun 2004 03:55:45 -0700
> > Message-ID: <700DB9E35FDAD71199CC00609771317C66C697 at OCA>
> > From: System Administrator <postmaster at OTARI.com>
> > To: ysj at courtesymortgage.com
> > Subject: Undeliverable: FTC Consumer Alert qqxxl
> >
> >
> >
> > Anyone else seen an increase in receiving these lately?
> > Any recommendations on how to fix this?
> >
> > I appreciate the help.
> >
> > Jason
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list