This morning, I got email purportedly from the gentoo-doc mailing list
admin saying my computer was sending spam (plausible because I run my
own MTA, and it happened once before -- significant hardware and
software changes afterward, though).
I had to leave right away, so I shut down postfix.
When I got back, I looked at their email more closely, and I'm confused.
The envelope headers look genuine, but the attachment is a .exe which
makes me think it's likely the Windows worm de jour. But what's the
gentoo-doc mailing list doing sending out naughty email?
Have any of you received spam from slsware.com or from my mailer's IP
(206.168.186.2)?
Here's what I got:
========================================================================
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from eagle.gentoo.org (eagle.gentoo.oregonstate.edu
[128.193.0.34]) by mail.slsware.com (Postfix) with ESMTP id
0092CF9A8 for
<[EMAIL PROTECTED]>; Fri, 12 Mar 2004 11:02:33 -0700 (MST)
Received: (qmail 29329 invoked by uid 50004); 12 Mar 2004 18:02:33 +0000
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Post: <mailto:[email protected]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
List-Id: Gentoo Linux mail <gentoo-doc.gentoo.org>
X-BeenThere: [email protected]
Delivered-To: mailing list [email protected]
Received: (qmail 12169 invoked from network); 12 Mar 2004 18:02:32 +0000
Date: Fri, 12 Mar 2004 12:02:14 -0600
To: [email protected]
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--ayqqvgdkyxxbcgvkbbnv"
Subject: [gentoo-doc] Warning about your e-mail account.
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.13.7.2
X-Evolution-Source: imap://[EMAIL PROTECTED]/
--ayqqvgdkyxxbcgvkbbnv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Dear user of Gentoo.org gateway e-mail server,
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected
by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.
For more information see the attached file.
In order to read the attach you have to use the following password:
51254.
Cheers,
The Gentoo.org team
http://www.gentoo.org
--ayqqvgdkyxxbcgvkbbnv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"
========================================================================
And in file roller, Document.zip is fdjiy.exe (approx).
--
Glenn English
[EMAIL PROTECTED]
--
[email protected] mailing list
