I'm trying to figure out the route this took to get to me....
My guess is...
Some trojan/whetever sent an email to a nonexistent address
([EMAIL PROTECTED])
The return address was spoofed as one of my addresses ([EMAIL PROTECTED])
Their brain-dead mailer daemon then sent the failure back to me.
I've gotten a few of these today from "mailhub.intercaf.ru", one was
even a bounce of an attempt to deliver an email to my domain that was
blocked by an RBL lookup in postfix. Nothing like blocking something
only to have it bounce back to me.
Any suggestions on the best way to block this or have it detected as
spam?
---
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED] <---- one of my local addresses
Received: by cheezmo.com (Postfix, from userid 88)
id 590A4E0C48; Thu, 11 Aug 2005 11:24:03 -0500 (CDT)
Received: from mailhub.intercaf.ru (mailhub.intercaf.ru [83.102.221.67])
by cheezmo.com (Postfix) with ESMTP id B3859E0C39
for <[EMAIL PROTECTED]>; Thu, 11 Aug 2005 11:23:57 -0500 (CDT)
Received: from localhost (localhost)
by mailhub.intercaf.ru (8.12.10/8.12.10) id j7BGMat1040225;
Thu, 11 Aug 2005 20:22:36 +0400 (MSD)
(envelope-from MAILER-DAEMON)
Date: Thu, 11 Aug 2005 20:22:36 +0400 (MSD)
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="j7BGMat1040225.1123777356/mailhub.intercaf.ru"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on closet.local
X-Spam-Level:
X-Spam-Hammy: 0.001-2--98h-0s--4d--512, 0.001-1--60h-0s--9d--Host,
0.013-1--4h-0s--15d--5.1.2, 0.017-10--916h-1s--0d--UD:yyyy.com
X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_60
autolearn=ham
version=3.0.4
X-Spam-Spammy: 0.994-302--9h-107s--0d--H*Ad:D*yyyy.com,
0.980-14--1h-5s--0d--D*ru, 0.976-11--1h-4s--0d--H*r:sk:mailhub,
0.976-11--1h-4s--0d--H*MI:intercaf
X-Spam-Tokens: Tokens: new, 20; hammy, 29; neutral, 100; spammy, 65.
X-Spam-Report:
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.7756]
* -1.4 AWL AWL: From: address is in the auto white-list
Status:
This is a MIME-encapsulated message
--j7BGMat1040225.1123777356/mailhub.intercaf.ru
The original message was received at Thu, 11 Aug 2005 20:22:35 +0400
(MSD)
from 172.18.6.44.intercaf.ru [172.18.6.44] (may be forged)
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 <[EMAIL PROTECTED]>... Host unknown (Name server: razyr.cz:
host not found)
--j7BGMat1040225.1123777356/mailhub.intercaf.ru
Content-Type: message/delivery-status
Reporting-MTA: dns; mailhub.intercaf.ru
Received-From-MTA: DNS; 172.18.6.44.intercaf.ru
Arrival-Date: Thu, 11 Aug 2005 20:22:35 +0400 (MSD)
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.1.2
Remote-MTA: DNS; razyr.cz
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Thu, 11 Aug 2005 20:22:36 +0400 (MSD)
--j7BGMat1040225.1123777356/mailhub.intercaf.ru
Content-Type: text/rfc822-headers
Return-Path: <[EMAIL PROTECTED]>
Received: from yyyy.com (172.18.6.44.intercaf.ru [172.18.6.44] (may
be forged))
by mailhub.intercaf.ru (8.12.10/8.12.10) with ESMTP id
j7BGMZt1040223
for <[EMAIL PROTECTED]>; Thu, 11 Aug 2005 20:22:35 +0400 (MSD)
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: test
Date: Thu, 11 Aug 2005 20:23:25 +0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0003_AFA03F19.4131F551"
X-Priority: 3
X-MSMail-Priority: Normal
X-Greylist: Sender IP whitelisted, not delayed by milter-
greylist-1.5.6 (mailhub.intercaf.ru [83.102.221.67]); Thu, 11 Aug
2005 20:22:36 +0400 (MSD)
--j7BGMat1040225.1123777356/mailhub.intercaf.ru--
--
Steve Martin http://www.cheezmo.com/
Smart Calibration, LLC http://www.smartcalibration.com/
The Widescreen Movie Center http://www.widemovies.com/
Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
