I seem to be getting a lot of mail coming through my server, reporting "Mail Delivery Status (Undeliverable)", (or others with similar subjects). When I check the headers, these all appear to originate outside my network, and the embedded message itself is clearly spam. However, I'm a little worried I'm inadvertently relaying mail. Can I get a second opinion? Here's the headers:
Return-Path: <> Delivered-To: [EMAIL PROTECTED] Received: (qmail 17478 invoked by uid 210); 24 Sep 2005 22:50:53 -0600 Received: from 142.67.28.35 by srv (envelope-from <>, uid 201) with qmail-scanner-1.25st (f-prot: 4.6.1/3.16.8. spamassassin: 3.0.4. perlscan: 1.25st. Clear:RC:0(142.67.28.35):SA:0(0.4/5.0):. Processed in 1.241097 secs); 25 Sep 2005 04:50:53 -0000 X-Spam-Status: No, hits=0.4 required=5.0 Received: from user.emera.com (HELO spark.nspower.ca) (142.67.28.35) by 192.168.0.5 with SMTP; 24 Sep 2005 22:50:51 -0600 Received: from fibretek.com (localhost [127.0.0.1]) by spark.nspower.ca (8.11.7+Sun/biteme) with SMTP id j8P4pXc02042 for <[EMAIL PROTECTED]>; Sun, 25 Sep 2005 01:51:33 -0300 (ADT) Received: from FIBRETEK#u#DOM-Message_Server by fibretek.com with Novell_GroupWise; Sun, 25 Sep 2005 01:56:19 -0300 Message-Id: <[EMAIL PROTECTED]> X-Mailer: Novell GroupWise 5.2 Date: Sun, 25 Sep 2005 01:56:19 -0300 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Message status - undeliverable Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_D3F1ABE3.E687D128" Status: R X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Obviously, the open2space.com domain is mine. Some of the header is legit - the first 7 or so lines (up to the X-Spam-Status) are typical for my mail, and the 192.168.0.5 address is correct for my mail server (internal address). But this looks to originate from fibretek.com. My network does not have a jeffreycaselk account, nor do I use Groupwise (or Eudora, or Exchange as reported by some of the other messages) Is this a bad relay attempt? Should I be locking down my network even more? (My mail server has never been configured as a mail relay, but I did have some issues in the not too distant past that required some tweaking, maybe I inadvertently opened something? Or can I safely ignore this and wait until spamassassin decides this is spam? Regardless I'll be looking into my server settings, but I am curious if anyone else is seeing these messages. Thanks. Shawn _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
