Hi We're seeing bounce messages similar to the following. I don't think our server has been compromised, but I want to be sure. We legitimately send mail from 208.100.26.91, but I think (hope) its appearance in the following is spoofed.
==================================================================== --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil The-original-message-was-received-at-Fri,-16-Mar-2007-08: 55:31 -0400 (EDT) ----- The following addresses had permanent fatal errors ----- <[EMAIL PROTECTED]> (reason: 550 5.7.1 Unable to relay for [EMAIL PROTECTED]) ----- Transcript of session follows ----- ... when talking to ahrc00bh0106287.nae.ds.army.mil. while trying to contact hrcmail.hoffman.army.mil.: >>> DATA <<< 550 5.7.1 Unable to relay for [EMAIL PROTECTED] 550 5.1.1 <[EMAIL PROTECTED]>... User unknown <<< 554 5.5.2 No valid recipients --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil Content-Type: message/delivery-status Reporting-MTA: dns; hrcpro21.hoffman.army.mil Arrival-Date: Fri, 16 Mar 2007 08:55:31 -0400 (EDT) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.7.1 Remote-MTA: DNS; hrcmail.hoffman.army.mil Diagnostic-Code: SMTP; 550 5.7.1 Unable to relay for [EMAIL PROTECTED] Last-Attempt-Date: Fri, 16 Mar 2007 08:55:34 -0400 (EDT) --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil Content-Type: message/rfc822 Return-Path: <[EMAIL PROTECTED]> Received: from cbs-6rhxyt1d3ub.chello.pl (chello089078068055.chello.pl [89.78.68.55]) by hrcpro21.hoffman.army.mil with ESMTP id l2GCtQV4006425; Fri, 16 Mar 2007 08:55:31 -0400 (EDT) Received: from 208.100.26.91 (HELO smtp.igive.com) by hoffman.army.mil with esmtp (9(A'R/,ZVN :36=Q+) id JLM3A5-)G'4.A-M/ for [EMAIL PROTECTED]; Fri, 16 Mar 2007 12:55:33 -0060 From: "Effie Drummond" To: <[EMAIL PROTECTED]> Subject: Choosing Online Pharmacy. Date: Fri, 16 Mar 2007 12:55:33 -0060 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C767D2.C434B490" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal X-Antivirus: avast! (VPS 000724-0, 2007-03-15), Outbound message X-Antivirus-Status: Clean x-scc-prev-hop: 89.78.68.55 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.