[Discuss] Hacked or Scam?

Wed, 16 Jan 2019 12:20:50 -0800

I've gotten two of these emails so far saying my email is hacked.  I get these kinds of emails all the time about a password that got exposed in a company breach, but I haven't used that password in a long time, so I'm not worried about that.  Just making sure I should not be worried about this either.  My mail server is a Linode node running postfix, amavix, spamassassin, and dovecot.
Looking at the headers, it looks to me like they just sent an email to my server through their server like normal, not that it originated on my server.  Using "last" I don't see any logins that were probably not me. 

Return-Path: <da...@thekramers.net>
Delivered-To: da...@thekramers.net
Received: from zenyatta.bostongeeks.net
        by zenyatta.bostongeeks.net with LMTP id cIJcBpCJP1znZgAAFPy8Cg
        for <da...@thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500
Received: from localhost (localhost [127.0.0.1])
        by zenyatta.bostongeeks.net (Postfix) with ESMTP id 1360A3E861
        for <da...@thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at bostongeeks.net
X-Spam-Flag: NO
X-Spam-Score: 3.033
X-Spam-Level: ***
X-Spam-Status: No, score=3.033 tagged_above=-999 required=6
        tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
        MIME_HTML_ONLY=0.723, MISSING_MID=0.497, RCVD_IN_SBL_CSS=3.335]
        autolearn=no autolearn_force=no
Received: from zenyatta.bostongeeks.net ([127.0.0.1])
        by localhost (mail.bostongeeks.net [127.0.0.1]) (amavisd-new, port 
10024)
        with ESMTP id l5Wdu0TKdSPB for <da...@thekramers.net>;
        Wed, 16 Jan 2019 14:44:15 -0500 (EST)
Received: from serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23])
        by zenyatta.bostongeeks.net (Postfix) with ESMTPS id 492533E844
        for <da...@thekramers.net>; Wed, 16 Jan 2019 14:44:15 -0500 (EST)
MIME-Version: 1.0
From: "da...@thekramers.net" <da...@thekramers.net>
To: da...@thekramers.net
Date: 16 Jan 2019 11:32:08 -0800
Subject: Your email was hacked!
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <20190116194416.1360a3e...@zenyatta.bostongeeks.net>
Hi There,<br><br>As you can tell from the subject of this mail yo=
ur software has been jeopardized. Check out this COMPLETE mail to=
 learn how it occurred and exactly what action to take.<br>
...


Do you agree this is just a scam mail sent to me?  The "Received: from 
serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23])" seems pretty 
conclusive to me.

Is there anything else I can check?
Thanks.

_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss






















					Reply via email to