Please bear with me. I've been getting bounces that I don't understand, and
I do feel stupid. If any one has the time or patience to clear help me this
up it would be appreciated:
If a virus forges my e-mail address as the from and attempts to send it to a
non-existent user on my domain - wouldn't the bounce message simply be
coming from my domain? It looks like other servers are answering for
prudentialrand.com - am I nuts? Highly confused? Screwed?
I see lines like the following in non deliverable messages:
Received: from prudentialrand.com (cpe-68-174-20-197.si.res.rr.com
[68.174.20.197])
by ms-smtp-03.rdc-nyc.rr.com (8.12.10/8.12.7) with ESMTP id
j6BMlhGi015287
for <[EMAIL PROTECTED]>; Mon, 11 Jul 2005 18:47:44 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Received: from prudentialrand.com (ipn36373-b01578.cidr.lightship.net
[216.204.209.74])
by spirit.lightshipmail.net (Postfix) with ESMTP id DD5571D5A6D
for <[EMAIL PROTECTED]>; Mon, 11 Jul 2005 20:58:09 -0400 (EDT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
FULL HEADERS BELOW:
MESSAGE 1:
Received: from spirit.lightshipmail.net [216.204.0.205] by
mail.prudentialrand.com with ESMTP
(SMTPD32-8.05) id A70D12200C6; Mon, 11 Jul 2005 21:04:13 -0400
Received: by spirit.lightshipmail.net (Postfix)
id 0B4BE1D5BBC; Mon, 11 Jul 2005 20:58:12 -0400 (EDT)
Date: Mon, 11 Jul 2005 20:58:12 -0400 (EDT)
From: [EMAIL PROTECTED] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="DD5571D5A6D.1121129892/spirit.lightshipmail.net"
Message-Id: <[EMAIL PROTECTED]>
X-IMAIL-SPAM-VALFROM: (19005638)
X-Declude-Sender: <> [216.204.0.205]
X-Declude-Spoolname: D170d012200c613e1.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: None [0]
X-Country-Chain:
X-Note: This E-mail was sent from ([216.204.0.205]).
This is a MIME-encapsulated message.
--DD5571D5A6D.1121129892/spirit.lightshipmail.net
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host spirit.lightshipmail.net.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<[EMAIL PROTECTED]>: host mail.prudentialrand.com[64.63.165.172] said:
550 unknown user <[EMAIL PROTECTED]> (in reply to RCPT TO command)
--DD5571D5A6D.1121129892/spirit.lightshipmail.net
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; spirit.lightshipmail.net
X-Postfix-Queue-ID: DD5571D5A6D
X-Postfix-Sender: rfc822; [EMAIL PROTECTED]
Arrival-Date: Mon, 11 Jul 2005 20:58:09 -0400 (EDT)
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host mail.prudentialrand.com[64.63.165.172]
said:
550 unknown user <[EMAIL PROTECTED]> (in reply to RCPT TO command)
--DD5571D5A6D.1121129892/spirit.lightshipmail.net
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from prudentialrand.com (ipn36373-b01578.cidr.lightship.net
[216.204.209.74])
by spirit.lightshipmail.net (Postfix) with ESMTP id DD5571D5A6D
for <[EMAIL PROTECTED]>; Mon, 11 Jul 2005 20:58:09 -0400 (EDT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: lnsuh
Date: Mon, 11 Jul 2005 20:58:37 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_F70A1BAE.73E16A2C"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: [EMAIL PROTECTED]
MESSAGE 2:
Headers:
Received: from SMTP32-FWD by mail.prudentialrand.com
(SMTP32) id A047001F2; Mon, 11 Jul 2005 18:57:02 -0400
Received: from ms-smtp-03.rdc-nyc.rr.com [24.29.109.7] by
mail.prudentialrand.com with ESMTP
(SMTPD32-8.05) id A7E973D0088; Mon, 11 Jul 2005 18:51:21 -0400
Received: from localhost (localhost)
by ms-smtp-03.rdc-nyc.rr.com (8.12.10/8.12.7) id j6BMlmGi015336;
Mon, 11 Jul 2005 18:47:48 -0400 (EDT)
Date: Mon, 11 Jul 2005 18:47:48 -0400 (EDT)
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="j6BMlmGi015336.1121122068/ms-smtp-03.rdc-nyc.rr.com"
Subject: [OVER DELETE]Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-IMAIL-SPAM-VALFROM: (121438344)
X-RBL-Warning: ANTI-AV: Message failed ANTI-AV test (line 167, weight 7)
X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 153, weight 4)
X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 127,
weight -4)
X-RBL-Warning: Y!DIRECTED: Message failed Y!DIRECTED test (line 229, weight
11)
X-RBL-Warning: ANTI-Y!DIRECTED: Message failed ANTI-Y!DIRECTED test (line
60, weight -11)
X-RBL-Warning: FILTER: Message failed FILTER test (line 389, weight 33)
X-RBL-Warning: WEIGHT10: Weight of 40 reaches or exceeds the limit of 10.
X-RBL-Warning: WEIGHT25: Weight of 40 reaches or exceeds the limit of 25.
X-RBL-Warning: WEIGHT40: Weight of 40 reaches or exceeds the limit of 40.
X-Declude-Sender: <> [24.29.109.7]
X-Declude-Spoolname: Df7e9073d00886e57.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: ANTI-AV, GIBBERISH, ANTI-GIBBERISH, Y!DIRECTED,
ANTI-Y!DIRECTED, FILTER, WEIGHT10, WEIGHT15, WEIGHT20, WEIGHT25, WEIGHT30,
WEIGHT40, CATCHALLMAILS [40]
X-Country-Chain:
X-Note: This E-mail was sent from ms-smtp-03-smtplb.rdc-nyc.rr.com
([24.29.109.7]).
X-RCPT-TO: [EMAIL PROTECTED]>
Status: U
X-UIDL: 410406848
BODY:
The original message was received at Mon, 11 Jul 2005 18:47:44 -0400 (EDT)
from cpe-68-174-20-197.si.res.rr.com [68.174.20.197]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
(reason: 550 unknown user <[EMAIL PROTECTED]>)
----- Transcript of session follows -----
... while talking to mail.prudentialrand.com.:
>>> RCPT To:<[EMAIL PROTECTED]>
<<< 550 unknown user <[EMAIL PROTECTED]>
550 5.1.1 <[EMAIL PROTECTED]>... User unknown
Attachment 1
Reporting-MTA: dns; ms-smtp-03.rdc-nyc.rr.com
Received-From-MTA: DNS; cpe-68-174-20-197.si.res.rr.com
Arrival-Date: Mon, 11 Jul 2005 18:47:44 -0400 (EDT)
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Remote-MTA: DNS; mail.prudentialrand.com
Diagnostic-Code: SMTP; 550 unknown user <[EMAIL PROTECTED]>
Last-Attempt-Date: Mon, 11 Jul 2005 18:47:48 -0400 (EDT)
Attachment 2:
Received: from prudentialrand.com (cpe-68-174-20-197.si.res.rr.com
[68.174.20.197])
by ms-smtp-03.rdc-nyc.rr.com (8.12.10/8.12.7) with ESMTP id
j6BMlhGi015287
for <[EMAIL PROTECTED]>; Mon, 11 Jul 2005 18:47:44 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: YOUR PASSWORD HAS BEEN SUCCESSFULLY UPDATED
Date: Mon, 11 Jul 2005 18:46:26 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0010_CDC4E07D.EE85C8F4"
X-Priority: 3
X-MSMail-Priority: Normal
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Virus-Scan-Result: Repaired 15810 [EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
