dhumble Posted September 29, 2006 Share Posted September 29, 2006 I'm getting a few messages as of late that appear to have been sent from my email account (actually my domain name) but the user name before the [at] symbol is nothing I have ever used before. Most of these are coming from overseas accounts and I was wondering if this was some kind of a new method to spam folks and try and get them to reply or something. I have included the source of one of the messages here and removed my domain name and replaced it with 1234.com. I obviously didn't send this out and no one in my business did because it is just myself. Anyone have a clue as to what this is all about? Could someone have gained access to my server on estarr.com and is sending out bogus spam emails to others? I'm confused.... Doug Return-path: <> Envelope-to: trac[at]1234.com Delivery-date: Fri, 29 Sep 2006 13:04:18 -0400 Received: from [22.214.171.124] (helo=mx2.itl.no) by tyme.estarr-9.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1GTLmZ-0002Rs-LR for trac[at]1234.com; Fri, 29 Sep 2006 13:04:16 -0400 Received: (qmail 19105 invoked for bounce); 29 Sep 2006 18:43:23 +0200 Date: 29 Sep 2006 18:43:23 +0200 From: MAILER-DAEMON[at]mx2.itl.no To: trac[at]1234.com Subject: failure notice X-ESTARR-MailScanner-Information: Please contact the ISP for more information X-ESTARR-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-ESTARR-MailScanner-SpamCheck: X-ESTARR-MailScanner-From: X-spam-Status: No X-Antivirus: avast! (VPS 0639-4, 09/29/2006), Inbound message X-Antivirus-Status: Clean Hi. This is the qmail-send program at mx2.itl.no. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <cope[at]stien.com>: Sorry, no mailbox here by that name. vpopmail (#5.1.1) --- Below this line is a copy of the message. Return-Path: <trac[at]1234.com> Received: (qmail 18962 invoked by uid 509); 29 Sep 2006 18:43:10 +0200 Received: from 126.96.36.199 by localhost.localdomain (envelope-from <trac[at]1234.com>, uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.80/855. spamassassin: 3.0.1. perlscan: 1.24-st-qms. Clear:RC:0(188.8.131.52):SA:0(0.3/4.0):. Processed in 2.075336 secs); 29 Sep 2006 16:43:10 -0000 X-spam-Status: No, hits=0.3 required=4.0 X-Antivirus-MYDOMAIN-Mail-From: trac[at]1234.com via localhost.localdomain X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(184.108.40.206):SA:0(0.3/4.0):. Processed in 2.075336 secs Process 18927) Received: from p508720c2.dip0.t-ipconnect.de (HELO ciwvnq) (220.127.116.11) by mx2.itl.no with SMTP; 29 Sep 2006 18:43:08 +0200 Received: (qmail 5099 invoked from network); Fri, 29 Sep 2006 19:03:55 +0200 Received: from unknown (HELO tsxy) (18.104.22.168) by ciwvnq with SMTP; Fri, 29 Sep 2006 19:03:55 +0200 Message-ID: <000501c6e3e9$3efeaa96$cd8c8750[at]tsxy> From: "Dan Mitchell" <trac[at]1234.com> To: <cope[at]stien.com> Subject: freeload Date: Fri, 29 Sep 2006 18:55:19 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0001_01C6E3FA.02877A1E" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 This is a multi-part message in MIME format. Moderator Edit: Actual spam deleted ..... Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.