One of my users has been getting these about once a day. What it looks
like is happening is that since AOL doesn't immediately report back with
a 550 user unknown, the spammer can fill in a return address of my user,
so the bounce ends up in his mailbox. The other option is that they're
trying to spam this aol address, and for some reason chose this guy's
address to forge from...this seems less likely than the first.
I'm using 2.31, and the spam scores 1.7 (1.3 with the AWL). I'm going
to write a local rule for this particular one, but I'm wondering if
anyone else has seen this kind of thing?
Here's the email, his username is munged:
> Received: from omr-d10.mx.aol.com (omr-d10.mx.aol.com [205.188.156.78])
> by sol.csr.utexas.edu (8.11.6/8.11.0) with ESMTP id gA52dnd01482
> for <[EMAIL PROTECTED]>; Mon, 4 Nov 2002 20:39:49 -0600 (CST)
> Received: from rly-xg01.mx.aol.com (rly-xg01.mail.aol.com
[172.20.115.198]) by omr-d10.mx.aol.com (v86_r1.15) with ESMTP id
RELAYIN8-1104213925; Mon, 04 Nov 2002 21:39:25 -0400
> Received: from localhost (localhost)
> by rly-xg01.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
> with internal id VAA06470;
> Mon, 4 Nov 2002 21:39:04 -0500 (EST)
> Date: Mon, 4 Nov 2002 21:39:04 -0500 (EST)
> From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> Message-Id: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary="VAA06470.1036463944/rly-xg01.mx.aol.com"
> Subject: Returned mail: User unknown
> Auto-Submitted: auto-generated (failure)
> X-Spam-Status: No, hits=1.3 required=8.5
> tests=PORN_11,PORN_3,AWL
> version=2.31
> X-Spam-Level: *
> X-UIDL: /?a!!/iX"!W?f"!o(b!!
>
> The original message was received at Mon, 4 Nov 2002 21:38:48 -0500 (EST)
> from osiris.phronesys.cl [200.72.130.66]
>
>
> *** ATTENTION ***
>
> Your e-mail is being returned to you because there was a problem with its
> delivery. The address which was undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal errors
-----".
>
> The reason your mail is being returned to you is listed in the section
> labeled: "----- Transcript of Session Follows -----".
>
> The line beginning with "<<<" describes the specific reason your
e-mail could
> not be delivered. The next line contains a second error message
which is a
> general translation for other e-mail servers.
>
> Please direct further questions regarding this message to your e-mail
> administrator.
>
> --AOL Postmaster
>
>
>
> ----- The following addresses had permanent fatal errors -----
> <[EMAIL PROTECTED]>
>
> ----- Transcript of session follows -----
> ... while talking to air-xg04.mail.aol.com.:
> >>> RCPT To:<[EMAIL PROTECTED]>
> <<< 550 MAILBOX NOT FOUND
> 550 <[EMAIL PROTECTED]>... User unknown
> Reporting-MTA: dns; rly-xg01.mx.aol.com
> Arrival-Date: Mon, 4 Nov 2002 21:38:48 -0500 (EST)
>
> Final-Recipient: RFC822; [EMAIL PROTECTED]
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; air-xg04.mail.aol.com
> Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
> Last-Attempt-Date: Mon, 4 Nov 2002 21:39:04 -0500 (EST)
> Received: from csr.utexas.edu (osiris.phronesys.cl [200.72.130.66])
by rly-xg01.mx.aol.com (v89.10) with ESMTP id
MAILRELAYINXG16-1104213846; Mon, 04 Nov 2002 21:38:46 1900
> Reply-To: <[EMAIL PROTECTED]>
> Message-ID: <002a51a63e6e$8754b1c3$6ae52cc5@ntfnlr>
> From: <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Adults Only
2741sKPy9-660VFfl7-17
> Date: Mon, 04 Nov 2002 19:31:34 +0700
> MiME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> Hey cutie how are you its Debbie your web cam girl I wanted to let
you know where you can find me now I had to move my site.
> http://www.debbieshomepage.com
> Come see what I can do for you!!
> 6273WIsO2-494UPwO8811OUrw0-l25
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
- Re: [SAtalk] Spamming through returned mail John Schutz
- Re: [SAtalk] Spamming through returned mail Matt Sergeant
- Re: [SAtalk] Spamming through returned mail John Schutz
- RE: [SAtalk] Spamming through returned mail James Bly
