[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Spamming detected by Mailscanner?

Subject: [cobalt-users] Spamming detected by Mailscanner?
From: "Robert Fitzpatrick" <robert@xxxxxxxxxxx>
Date: Wed Aug 6 16:35:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I installed MailScanner 3.21 a couple of days ago on my Cobalt RaQ4r and
it has been working fine, however, ever since I have been receiving a
lot of messages generated only to me and not any users (thank you). I'm
sure I am getting the messages because they all seem to be related to
undeliverable messages after trying the local host name for delivery,
which is my mailboxes.

It seems that there may be some spammer messages being sent to a bogus
address and the server is tacking on the local domain to try and find
the users address and that results in an undeliverable message from the
MAILER-DAEMON. This is what seems to be happening:

1) A message comes in with a virus to a bogus address:

From: fr <fr@xxxxxxxxxxxxxxxxx>
To: Ifrainfr@xxxxxxxxxxxxxxxxx
Subject: {VIRUS?} Your password
MIME-Version: 1.0
content-type: multipart/mixed; boundary="XOXJ1ZfVG249"
X-WebTent-MailScanner: Found to be infected
Warning: This message has had one or more attachments removed. Please
read the "VirusWarning.txt" attachment(s) for more information.

2) For some reason, MailScanner generates the following message in
response to me at the webmaster account:

From: "WebTent MailScanner" <postmaster>
To: <webmaster@xxxxxxxxxxx>
Subject: Warning: E-mail viruses detected
Our virus detector has just been triggered by a message you sent:-
  To: <Ifrainfr@xxxxxx>
  Subject: List box which will display. 
  Date: Wed Aug  6 19:26:02 2003
Any infected parts of the message have not been delivered.

This message is simply to warn you that your computer system may have a
virus present and should be checked.

The virus detector said this about the message:
Report: /home/spool/MailScanner/incoming/h76NPTf13779/name.scr
Infection: W32/Klez.H@mm Windows Screensavers often hide viruses in
email in name.scr

MailScanner
Email Virus Scanner
www.mailscanner.info

3) Finally, the webmaster and postmaster accounts are notified of the
message failure (notice how is tacks on the end of the bogus address, my
local host domain):

From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <200308062326.h76NQ3b13841@xxxxxxxxxxxxxxxx>
To: postmaster
To: <webmaster@xxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="h76NQ3b13841.1060212363/host.example.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
The original message was received at Wed, 6 Aug 2003 19:25:29 -0400 from
Stinson.cpe.abrn.al.charter.com [68.119.76.158]

   ----- The following addresses had permanent fatal errors -----
<Ifrainfr@xxxxxx>
    (reason: system config error)

   ----- Transcript of session follows -----
553 5.3.5 h-ec.e.example.com. config error: mail loops back to me (MX
problem?) 554 5.3.5 <Ifrainfr@xxxxxx>... Local configuration error

------------------------------------

Can anyone point me the direction of finding out how to stop these
messages?

Thanks,
--
Robert

Follow-Ups:
- Re: [cobalt-users] Spamming detected by Mailscanner?
  - From: wcstaff

Prev by Date: [cobalt-users] protecting a folder in FTP
Next by Date: Re: [cobalt-users] Spamming detected by Mailscanner?
Previous by thread: Re: [cobalt-users] protecting a folder in FTP
Next by thread: Re: [cobalt-users] Spamming detected by Mailscanner?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index