It sounds like the same thing that has been occurring lately, in that-spammers are using authenticated SMTP to get into a mail servers to forward their trash.
It looks like your account authenticated to your mail server and tried sending outbound spam. Then you received the bounce. If it's a spammer who is authenticating on your behalf- your Outlook will never show outbound email. If you look into your firewall logs when these messages come in, you will find the actual IP of the offender (not that there is much you can do about it). Looking at: "Authenticated [EMAIL PROTECTED]", I would seriously change the spam@ account's password. That should clear it up. I have found that many of these incidents source from overseas (esp: China). No offense to any non pig-dog spammers ;) Stan Lyzak, BSEE, CISSP, MCSE�, CCNA, Security+, A+ Network Security Engineer ASysTech, Inc. -----Original Message----- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 9:44 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] [OT] WEIRD Problem! Hello, I've recently discovered something interesting happening with my laptop. Just a little FYI about it. I have all spam messages that fail the Declude Tests forwarded to a [EMAIL PROTECTED] account, which I download and review on my computer. I have NIS 2004 running on my laptop as well. I'm also running NIS Anti-virus 2004 and it's updated with Virus defs dated 10/15/2003 and a full system scan was just completed (attempted liveupdate this morning, but it's just sitting there). Anyway, the other day I received 3 Undeliverable Mail messages in this spam account and upon reviewing the message, saw that it was coming from the WAN IP address of my laptop (cable providers IP address when at home (2), and the firewall WAN IP when at work (1)). So I setup NIS to inform me whenever Outlook 2002 tried to send out messages; NIS is also configured to only allow Outlook to connect to our mail server to send and receive messages. Well, it happened again this morning; I knew because NIS popped up a window stating such. I've included the Undeliverable Mail message as well as the iMail log entry. I attempted to lookup the D*.SMD and Q*.SMD (to see what the message contained), but iMail has already deleted them and even though I have Outlook setup to store all sent messages in the sent items folder, there is nothing there as well. I got the alert while receiving messages from the spam account. Anyone every hear of anything like this before? Thank you for your time and attention.. -Jeff undeliverable to [EMAIL PROTECTED] Original message follows. Received: from %computername% [67.17.218.x] by crescentdigital.com with ESMTP (SMTPD32-6.06) id A30560E0134; Tue, 21 Oct 2003 08:13:57 -0400 From: "DO NOT REPLY TO THIS ACCOUNT - Please reply to original sender" <[EMAIL PROTECTED]> To: "'Catalina'" <[EMAIL PROTECTED]> Date: Tue, 21 Oct 2003 08:13:40 -0400 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-MS-TNEF-Correlator: 00000000A762BD7065A7A046BC679108E78E7F89447F2800 Subject: Not read: This is not loan j X-Declude-Sender: [EMAIL PROTECTED] [67.17.218.x] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. eJ8+Ii4MAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9S eJ8+VC5J UE0uTm90ZS5JUE5OUk4AtwYBDYAEAAIAAAACAAIAAQqAAQAhAAAAQTA2MEZEM0Q4MzEwQUI0MjhB MjYwNDEyREVBMkYwNjQAEQcBA5AGAIQDAAAaAAAACwAjAAAAAAALACkAAAAAAEAAMgDgQjiyzJfD AR4ASQABAAAAJgAAAFtOb3J0b24gQW50aVNwYW1dIFRoaXMgaXMgbm90IGxvYW4gIGoAAAACAUwA AQAAADUAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAQBBbGx5c3NhAFNNVFAAY3B5dXNAeWFob28u Y29tAAAAAEAATgAAvK6jApjDAUAAVQCAuMGTv5fDAR4AcAABAAAAJgAAAFtOb3J0b24gQW50aVNw YW1dIFRoaXMgaXMgbm90IGxvYW4gIGoAAAACAXEAAQAAABYAAAABw5fMsjhj1+r3oAhAD5a+slvd v2KaAAAeAHIAAQAAAAEAAAAAAAAAHgBzAAEAAAABAAAAAAAAAB4AdAABAAAADgAAAFN1YnNjcmli ZXIgMzcAAAALAAgMAAAAAAIBHQwBAAAAHgAAAFNNVFA6U1BBTUBDUkVTQ0VOVERJR0lUQUwuQ09N AAAACwABDgEAAAADABQOAAAAAB4AKA4BAAAAOwAAADAwMDAwMDA1AXNwYW1AY3Jlc2NlbnRkaWdp dGFsLmNvbQFzcGFtQGNyZXNjZW50ZGlnaXRhbC5jb20AAB4AKQ4BAAAAOwAAADAwMDAwMDA1AXNw YW1AY3Jlc2NlbnRkaWdpdGFsLmNvbQFzcGFtQGNyZXNjZW50ZGlnaXRhbC5jb20AAB4AARABAAAA GQAAAE1lc3NhZ2Ugd2FzIG5vdCByZWFkIGJ5OgAAAAACAfgPAQAAABAAAACnYr1wZaegRrxnkQjn jn+JAgH6DwEAAAAQAAAAp2K9cGWnoEa8Z5EI545/iQIB+w8BAAAAkgAAAAAAAAA4obsQBeUQ jn+GqG7 [message truncated] iMail Log Entry: 10:21 08:13 SMTPD(060E0134) [67.17.218.5] connect 67.17.218.x port 1371 10:21 08:13 SMTPD(060E0134) [67.17.218.x] EHLO %computername% 10:21 08:13 SMTPD(000003E0) Authenticated [EMAIL PROTECTED], session treated as local. 10:21 08:13 SMTPD(060E0134) [67.17.218.x] MAIL FROM: <[EMAIL PROTECTED]> 10:21 08:13 SMTPD(060E0134) [67.17.218.x] RCPT TO: <[EMAIL PROTECTED]> 10:21 08:13 SMTPD(060E0134) [67.17.218.x] MAIL FROM: <[EMAIL PROTECTED]> 10:21 08:13 SMTPD(060E0134) [67.17.218.x] RCPT TO: <[EMAIL PROTECTED]> 10:21 08:13 SMTPD(060E0134) [67.17.218.x] C:\IMAIL\spool\D2305134.SMD 2267 10:21 08:13 SMTP-(00000878) processing C:\IMAIL\spool\Q2305134.SMD 10:21 08:13 SMTP-(00000878) Trying yahoo.com (0) 10:21 08:13 SMTP-(00000878) Connect yahoo.com [64.157.4.78:25] (1) 10:21 08:13 SMTP-(00000878) 220 YSmtp mta109.mail.sc5.yahoo.com ESMTP service ready 10:21 08:13 SMTP-(00000878) >EHLO crescentdigital.com 10:21 08:13 SMTP-(00000878) 250-mta109.mail.sc5.yahoo.com 10:21 08:13 SMTP-(00000878) 250-8BITMIME 10:21 08:13 SMTP-(00000878) 250-SIZE 10485760 10:21 08:13 SMTP-(00000878) 250 PIPELINING 10:21 08:13 SMTP-(00000878) >MAIL FROM:<[EMAIL PROTECTED]> 10:21 08:13 SMTP-(00000878) 250 sender <[EMAIL PROTECTED]> ok 10:21 08:13 SMTP-(00000878) >RCPT To:<[EMAIL PROTECTED]> 10:21 08:13 SMTP-(00000878) 250 recipient <[EMAIL PROTECTED]> ok 10:21 08:13 SMTP-(00000878) >DATA 10:21 08:13 SMTP-(00000878) 354 go ahead 10:21 08:13 SMTP-(00000878) >. 10:21 08:14 SMTP-(00000878) 554 delivery error: dd This user doesn't have a yahoo.com account ([EMAIL PROTECTED]) [-5] - mta109.mail.sc5.yahoo.com 10:21 08:14 SMTP-(00000878) ERR undeliverable 554 delivery error: dd This user doesn't have a yahoo.com account ([EMAIL PROTECTED]) [-5] - mta109.mail.sc5.yahoo.com 10:21 08:14 SMTP-(00000878) SMTP_DELIV_FAILED 10:21 08:14 SMTP-(00000878) >QUIT 10:21 08:14 SMTP-(00000878) 221 mta109.mail.sc5.yahoo.com 10:21 08:14 SMTP-(00000878) Creating message from Postmaster 10:21 08:14 SMTP-(00000878) finished C:\IMAIL\spool\Q2305134.SMD status=2 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
