Has anyone else been receiving these suspicious email bounces?
It appears the original message attempted to send my wtmp log
to [EMAIL PROTECTED], but my mail log has no such entries:
BEGIN SUSPICIOUS MESSAGE:
============================================================
>From MAILER-DAEMON Sun Jul 14 10:00:56 2002
Return-Path: <MAILER-DAEMON>
Received: from mail3.atl.registeredsite.com ([EMAIL PROTECTED]
[64.224.219.77])
by thewavecave.com (8.10.2/8.10.2) with ESMTP id g6EF0uB16938
for <[EMAIL PROTECTED]>; Sun, 14 Jul 2002 10:00:56 -0500
Received: from localhost (localhost)
by mail3.atl.registeredsite.com (8.12.2/8.12.5) id g6EF0wuA012978;
Sun, 14 Jul 2002 11:01:01 -0400
Date: Sun, 14 Jul 2002 11:01:01 -0400
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="g6EF0wuA012978.1026658861/mail3.atl.registeredsite.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: R Simple headers
All attachments
*** ATTENTION ***
This email is being returned to you because the remote server would not
or could not accept the message. The registeredsite servers are just
reporting to you what happened and are not the source of the problem.
The address which was undeliverable is in the section labeled:
"----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is in the section labeled:
"----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--Registeredsite Postmaster
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
(reason: 550 5.0.0 Access denied)
----- Transcript of session follows -----
... while talking to mail1.prod.customerasset.com.:
>>> MAIL From:<[EMAIL PROTECTED]>
<<< 550 5.0.0 Access denied
554 5.0.0 Service unavailable
Original-Recipient: RFC822;<[EMAIL PROTECTED]>
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 550 5.0.0 Access denied
Last-Attempt-Date: Sun, 14 Jul 2002 11:01:01 -0400
Date: Sun, 14 Jul 2002 09:01:01 -0600 (MDT)
From: [EMAIL PROTECTED] (internet communications)
To: [EMAIL PROTECTED]
Subject: ssl7
ssl7 ttyp0 209.196.18.253 Thu Apr 25 12:22 - 12:45 (00:22)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Jan 30 10:01 - 10:17
(00:15)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Jan 30 09:44 - 10:00
(00:16)
ssl7 ttyp0 fw.wampum.sagenetworks.com Mon Dec 24 08:18 - 09:24
(01:05)
ssl7 ttyp0 fw.wampum.sagenetworks.com Mon Nov 26 14:08 - 14:11
(00:03)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Nov 21 17:06 - 17:06
(00:00)
--------------------------( 571 similar entries snipped )------------------------
ssl7 ttyp0 209.170.57.34 Wed Sep 29 08:49 - 09:40 (00:50)
wtmp begins Wed Dec 11 14:03
============================================================
: END SUSPICIOUS MESSAGE
If anyone can shed light on this situation, I'd greatly appreciate it.
Thank you for your valuable time.
:D
--
David Black
Web Developer
http://theWaveCave.com
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
