kevin.kempter at dataintellect.com
2005-Sep-14 19:39 UTC
[CentOS] OT - has my email domain been hijacked?
Returned mail: User unknown Hi List; I keep getting emails similar to the text below. I/We own the domain dataintellect.com and we have email addresses setup however I always see a bogus dataintellect.com email address as the sender. -or is this simply a random spam email? Thanks in advance for any advice... ======================================== From: Mail Delivery Subsystem <MAILER-DAEMON at aol.com> To: carina_x at dataintellect.com Date: Today 13:31:26 ? Spam Status:?Spamassassin 0% probability of being spam. Full report: No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.4 ? The original message was received at Wed, 14 Sep 2005 15:31:23 -0400 (EDT) from client-201.230.112.161.speedy.net.pe [201.230.112.161] *** ATTENTION *** Your e-mail is being returned to you because there was a problem with its delivery. ?The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----". The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----". The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. ?The next line contains a second error message which is a general translation for other e-mail servers. Please direct further questions regarding this message to your e-mail administrator. --AOL Postmaster ? ?----- The following addresses had permanent fatal errors ----- <acardi at cs.com> <adorablealicia at cs.com> <aclaudet at cs.com> <acarter5 at cs.com> <acrader at cs.com> ? ?----- Transcript of session follows ----- ... while talking to air-yg01.mail.aol.com.:>>> RCPT To:<acrader at cs.com><<< 550 MAILBOX NOT FOUND 550 <acrader at cs.com>... User unknown>>> RCPT To:<acarter5 at cs.com><<< 550 MAILBOX NOT FOUND 550 <acarter5 at cs.com>... User unknown>>> RCPT To:<aclaudet at cs.com><<< 550 MAILBOX NOT FOUND 550 <aclaudet at cs.com>... User unknown>>> RCPT To:<adorablealicia at cs.com><<< 550 MAILBOX NOT FOUND 550 <adorablealicia at cs.com>... User unknown>>> RCPT To:<acardi at cs.com><<< 550 MAILBOX NOT FOUND 550 <acardi at cs.com>... User unknown unnamed Received: from ?client-201.230.112.161.speedy.net.pe (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by rly-yg02.mx.aol.com (v107.10) with ESMTP id MAILRELAYINYG23-26f43287a8232f; Wed, 14 Sep 2005 15:31:21 -0400 Received: from mail.strawberrysampler.com ([64.118.71.80]) by 201.230.112.161 with ESMTP id 4868741; ???????? Wed, 14 Sep 2005 19:21:59 -0100 Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005 19:21:59 -0100 Date: Wed, 14 Sep 2005 19:21:59 -0100 Message-ID: <20050914.68664.carina_x at dataintellect.com> From: "Men of Focus" <carina_x at dataintellect.com> Sender: carina_x at dataintellect.com To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com, acarter5 at cs.com, ? ? ? ? acrader at cs.com X-Responder-ID: 14 Subject: Living without concerns! Content-Type: text/html; charset="UTF-8" X-AOL-IP: 201.230.112.161 X-AOL-SCOLL-SCORE: 1:2:306687321:10737418 X-AOL-SCOLL-URL_COUNT: 3
More than likely they're just forging the From: header in the email. Spammers do that. A lot. It's easy. -Alan On Wed, 2005-09-14 at 13:39, kevin.kempter at dataintellect.com wrote:> Returned mail: User unknown > Hi List; > > I keep getting emails similar to the text below. I/We own the domain > dataintellect.com and we have email addresses setup however I always see a > bogus dataintellect.com email address as the sender. > > -or is this simply a random spam email? > > Thanks in advance for any advice... > > > ========================================> > > From: > Mail Delivery Subsystem <MAILER-DAEMON at aol.com> > To: > carina_x at dataintellect.com > Date: > Today 13:31:26 > > Spam Status: Spamassassin 0% probability of being spam. > > Full report: > No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.4 > The original message was received at Wed, 14 Sep 2005 15:31:23 -0400 (EDT) > from client-201.230.112.161.speedy.net.pe [201.230.112.161] > > > *** ATTENTION *** > > Your e-mail is being returned to you because there was a problem with its > delivery. The address which was undeliverable is listed in the section > labeled: "----- The following addresses had permanent fatal errors -----". > > The reason your mail is being returned to you is listed in the section > labeled: "----- Transcript of Session Follows -----". > > The line beginning with "<<<" describes the specific reason your e-mail could > not be delivered. The next line contains a second error message which is a > general translation for other e-mail servers. > > Please direct further questions regarding this message to your e-mail > administrator. > > --AOL Postmaster > > > > ----- The following addresses had permanent fatal errors ----- > <acardi at cs.com> > <adorablealicia at cs.com> > <aclaudet at cs.com> > <acarter5 at cs.com> > <acrader at cs.com> > > ----- Transcript of session follows ----- > ... while talking to air-yg01.mail.aol.com.: > >>> RCPT To:<acrader at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acrader at cs.com>... User unknown > >>> RCPT To:<acarter5 at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acarter5 at cs.com>... User unknown > >>> RCPT To:<aclaudet at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <aclaudet at cs.com>... User unknown > >>> RCPT To:<adorablealicia at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <adorablealicia at cs.com>... User unknown > >>> RCPT To:<acardi at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acardi at cs.com>... User unknown > unnamed > > Received: from client-201.230.112.161.speedy.net.pe > (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by > rly-yg02.mx.aol.com (v107.10) with ESMTP id MAILRELAYINYG23-26f43287a8232f; > Wed, 14 Sep 2005 15:31:21 -0400 > Received: from mail.strawberrysampler.com ([64.118.71.80]) by 201.230.112.161 > with ESMTP id 4868741; > Wed, 14 Sep 2005 19:21:59 -0100 > Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 Sep 2005 19:21:59 > -0100 > Date: Wed, 14 Sep 2005 19:21:59 -0100 > Message-ID: <20050914.68664.carina_x at dataintellect.com> > From: "Men of Focus" <carina_x at dataintellect.com> > Sender: carina_x at dataintellect.com > To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com, acarter5 at cs.com, > acrader at cs.com > X-Responder-ID: 14 > Subject: Living without concerns! > Content-Type: text/html; charset="UTF-8" > X-AOL-IP: 201.230.112.161 > X-AOL-SCOLL-SCORE: 1:2:306687321:10737418 > X-AOL-SCOLL-URL_COUNT: 3 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
centos-bounces at centos.org <> scribbled on Wednesday, September 14, 2005 2:40 PM:> Returned mail: User unknown > Hi List; > > I keep getting emails similar to the text below. I/We own the > domain dataintellect.com and we have email addresses setup > however I always see a bogus dataintellect.com email address > as the sender. > > -or is this simply a random spam email? > > Thanks in advance for any advice... > > > ========================================> > > From: > Mail Delivery Subsystem <MAILER-DAEMON at aol.com> > To: > carina_x at dataintellect.com > Date: > Today 13:31:26 > > Spam Status:?Spamassassin 0% probability of being spam. > > Full report: > No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no > version=3.0.4 The original message was received at Wed, 14 > Sep 2005 15:31:23 -0400 (EDT) from > client-201.230.112.161.speedy.net.pe [201.230.112.161] > > > *** ATTENTION *** > > Your e-mail is being returned to you because there was a > problem with its delivery. ?The address which was > undeliverable is listed in the section > labeled: "----- The following addresses had permanent fatal > errors -----". > > The reason your mail is being returned to you is listed in the section > labeled: "----- Transcript of Session Follows -----". > > The line beginning with "<<<" describes the specific reason > your e-mail could not be delivered. ?The next line contains a > second error message which is a general translation for other > e-mail servers. > > Please direct further questions regarding this message to > your e-mail administrator. > > --AOL Postmaster > > > > ? ?----- The following addresses had permanent fatal errors > ----- <acardi at cs.com> <adorablealicia at cs.com> > <aclaudet at cs.com> <acarter5 at cs.com> <acrader at cs.com> > > ? ?----- Transcript of session follows ----- ... while > talking to air-yg01.mail.aol.com.: >>>> RCPT To:<acrader at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acrader at cs.com>... User unknown >>>> RCPT To:<acarter5 at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acarter5 at cs.com>... User unknown >>>> RCPT To:<aclaudet at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <aclaudet at cs.com>... User unknown >>>> RCPT To:<adorablealicia at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <adorablealicia at cs.com>... User unknown >>>> RCPT To:<acardi at cs.com> > <<< 550 MAILBOX NOT FOUND > 550 <acardi at cs.com>... User unknown > unnamed > > Received: from ?client-201.230.112.161.speedy.net.pe > (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by > rly-yg02.mx.aol.com (v107.10) with ESMTP id > MAILRELAYINYG23-26f43287a8232f; Wed, 14 Sep 2005 15:31:21 -0400 > Received: from mail.strawberrysampler.com ([64.118.71.80]) by > 201.230.112.161 with ESMTP id 4868741; > ???????? Wed, 14 Sep 2005 19:21:59 -0100 > Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14 > Sep 2005 19:21:59 -0100 > Date: Wed, 14 Sep 2005 19:21:59 -0100 > Message-ID: <20050914.68664.carina_x at dataintellect.com> > From: "Men of Focus" <carina_x at dataintellect.com> > Sender: carina_x at dataintellect.com > To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com, > acarter5 at cs.com, > ? ? ? ? acrader at cs.com > X-Responder-ID: 14 > Subject: Living without concerns! > Content-Type: text/html; charset="UTF-8" > X-AOL-IP: 201.230.112.161 > X-AOL-SCOLL-SCORE: 1:2:306687321:10737418 > X-AOL-SCOLL-URL_COUNT: 3 > _______________________________________________I have to deal with this all the time. Some spammer or zombie is sending out emails from @yourdomain.com and there's not much you can do about it. You might consider adding SPF records to your DNS. If you have a catch-all address, you might consider temporarily disabling it. I also use milter-sender on my boxen which blocks a BUNCH of these. Mike