Shawn, I have been seeing exactly this kind of stuff coming from my webform, at first glance, it may look like something wrong, but if you look again, the second set of headers are actually in the body, it beats me who would think something like this could actually work. Incidentally my script can only send e-mail to me, it does not even try to parse what gets submitted, the second set of headers are just stuffed in. Cheers Szemir
On September 25, 2005 02:32, Shawn wrote: > I seem to be getting a lot of mail coming through my server, reporting > "Mail Delivery Status (Undeliverable)", (or others with similar subjects). > When I check the headers, these all appear to originate outside my network, > and the embedded message itself is clearly spam. However, I'm a little > worried I'm inadvertently relaying mail. Can I get a second opinion? > Here's the headers: > > Return-Path: <> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 17478 invoked by uid 210); 24 Sep 2005 22:50:53 -0600 > Received: from 142.67.28.35 by srv (envelope-from <>, uid 201) with > qmail-scanner-1.25st > (f-prot: 4.6.1/3.16.8. spamassassin: 3.0.4. perlscan: 1.25st. > Clear:RC:0(142.67.28.35):SA:0(0.4/5.0):. > Processed in 1.241097 secs); 25 Sep 2005 04:50:53 -0000 > X-Spam-Status: No, hits=0.4 required=5.0 > Received: from user.emera.com (HELO spark.nspower.ca) (142.67.28.35) > by 192.168.0.5 with SMTP; 24 Sep 2005 22:50:51 -0600 > Received: from fibretek.com (localhost [127.0.0.1]) > by spark.nspower.ca (8.11.7+Sun/biteme) with SMTP id j8P4pXc02042 > for <[EMAIL PROTECTED]>; Sun, 25 Sep 2005 01:51:33 -0300 > (ADT) > Received: from FIBRETEK#u#DOM-Message_Server by fibretek.com > with Novell_GroupWise; Sun, 25 Sep 2005 01:56:19 -0300 > Message-Id: <[EMAIL PROTECTED]> > X-Mailer: Novell GroupWise 5.2 > Date: Sun, 25 Sep 2005 01:56:19 -0300 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Message status - undeliverable > Mime-Version: 1.0 > Content-Type: multipart/mixed; > boundary="=_D3F1ABE3.E687D128" > Status: R > X-Status: NC > X-KMail-EncryptionState: > X-KMail-SignatureState: > X-KMail-MDN-Sent: > > Obviously, the open2space.com domain is mine. Some of the header is legit > - the first 7 or so lines (up to the X-Spam-Status) are typical for my > mail, and the 192.168.0.5 address is correct for my mail server (internal > address). But this looks to originate from fibretek.com. My network does > not have a jeffreycaselk account, nor do I use Groupwise (or Eudora, or > Exchange as reported by some of the other messages) Is this a bad relay > attempt? Should I be locking down my network even more? (My mail server > has never been configured as a mail relay, but I did have some issues in > the not too distant past that required some tweaking, maybe I inadvertently > opened something? Or can I safely ignore this and wait until spamassassin > decides this is spam? > > Regardless I'll be looking into my server settings, but I am curious if > anyone else is seeing these messages. > > Thanks. > > Shawn > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
