[CentOS] OT - has my email domain been hijacked?
Mike Kercher
mike at CamaroSS.net
Wed Sep 14 20:25:58 UTC 2005
centos-bounces at centos.org <> scribbled on Wednesday, September 14, 2005 2:40
PM:
> Returned mail: User unknown
> Hi List;
>
> I keep getting emails similar to the text below. I/We own the
> domain dataintellect.com and we have email addresses setup
> however I always see a bogus dataintellect.com email address
> as the sender.
>
> -or is this simply a random spam email?
>
> Thanks in advance for any advice...
>
>
> =========================================
>
>
> From:
> Mail Delivery Subsystem <MAILER-DAEMON at aol.com>
> To:
> carina_x at dataintellect.com
> Date:
> Today 13:31:26
>
> Spam Status: Spamassassin 0% probability of being spam.
>
> Full report:
> No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no
> version=3.0.4 The original message was received at Wed, 14
> Sep 2005 15:31:23 -0400 (EDT) from
> client-201.230.112.161.speedy.net.pe [201.230.112.161]
>
>
> *** ATTENTION ***
>
> Your e-mail is being returned to you because there was a
> problem with its delivery. The address which was
> undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal
> errors -----".
>
> The reason your mail is being returned to you is listed in the section
> labeled: "----- Transcript of Session Follows -----".
>
> The line beginning with "<<<" describes the specific reason
> your e-mail could not be delivered. The next line contains a
> second error message which is a general translation for other
> e-mail servers.
>
> Please direct further questions regarding this message to
> your e-mail administrator.
>
> --AOL Postmaster
>
>
>
> ----- The following addresses had permanent fatal errors
> ----- <acardi at cs.com> <adorablealicia at cs.com>
> <aclaudet at cs.com> <acarter5 at cs.com> <acrader at cs.com>
>
> ----- Transcript of session follows ----- ... while
> talking to air-yg01.mail.aol.com.:
>>>> RCPT To:<acrader at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acrader at cs.com>... User unknown
>>>> RCPT To:<acarter5 at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acarter5 at cs.com>... User unknown
>>>> RCPT To:<aclaudet at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <aclaudet at cs.com>... User unknown
>>>> RCPT To:<adorablealicia at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <adorablealicia at cs.com>... User unknown
>>>> RCPT To:<acardi at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acardi at cs.com>... User unknown
> unnamed
>
> Received: from client-201.230.112.161.speedy.net.pe
> (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
> rly-yg02.mx.aol.com (v107.10) with ESMTP id
> MAILRELAYINYG23-26f43287a8232f; Wed, 14 Sep 2005 15:31:21 -0400
> Received: from mail.strawberrysampler.com ([64.118.71.80]) by
> 201.230.112.161 with ESMTP id 4868741;
> Wed, 14 Sep 2005 19:21:59 -0100
> Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14
> Sep 2005 19:21:59 -0100
> Date: Wed, 14 Sep 2005 19:21:59 -0100
> Message-ID: <20050914.68664.carina_x at dataintellect.com>
> From: "Men of Focus" <carina_x at dataintellect.com>
> Sender: carina_x at dataintellect.com
> To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com,
> acarter5 at cs.com,
> acrader at cs.com
> X-Responder-ID: 14
> Subject: Living without concerns!
> Content-Type: text/html; charset="UTF-8"
> X-AOL-IP: 201.230.112.161
> X-AOL-SCOLL-SCORE: 1:2:306687321:10737418
> X-AOL-SCOLL-URL_COUNT: 3
> _______________________________________________
I have to deal with this all the time. Some spammer or zombie is sending
out emails from @yourdomain.com and there's not much you can do about it.
You might consider adding SPF records to your DNS. If you have a catch-all
address, you might consider temporarily disabling it. I also use
milter-sender on my boxen which blocks a BUNCH of these.
Mike
More information about the CentOS
mailing list