Its commom these days for virii to grab addresses out of the victim's address book and send mails to them. Whats more it uses another address out of the address book as the sender address.
That means that when the mail bounces, the bounce message comes to you. There are many variations, and by the time these addresses float around, and are bounced all over the place its a mess. There also seems to be a trend for virii/spam to masquerade as bounce messages. move them to the spam folder and run sa-learn. On Tue, 2004-05-25 at 19:02, Ken.McAllister wrote: > I've been getting one or two of these letters a week, saying that "my" > mail cannot be delivered. The addresses are entirely strange to me. > There appears to be no content, just attachments, couple of ".tmp" > attachments in this case. They may not survive forwarding to the list. > I never open attachments on principle. > > Have I been kidnapped and is my address being used for nefarious > purposes? How? I've been 100% Linux for ages! > > Ken McAllister. > > -------- Original Message -------- > From: - Tue May 25 18:47:40 2004 > X-UIDL: 28997-1014316118 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-path: <> > Received: from fep8 (fep8-yellow.clear.net.nz [192.168.16.108]) by > local-daemon (CLEAR Net Mail) with ESMTP id > <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Tue, 25 > May 2004 18:27:57 +1200 (NZST) > Received: from omr-m01.mx.aol.com (omr-m01.mx.aol.com [64.12.138.1]) by > mx2.clear.net.nz (CLEAR Net Mail) with ESMTP id > <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Tue, > 25 May 2004 18:27:57 +1200 (NZST) > Received: from rly-xh03.mx.aol.com (rly-xh03.mail.aol.com > [172.20.115.232]) by omr-m01.mx.aol.com (v98.19) with ESMTP id > RELAYIN8-940b2e75f3bb; Tue, 25 May 2004 02:27:43 -0400 > Received: from localhost (localhost) by rly-xh03.mx.aol.com > (8.8.8/8.8.8/AOL-5.0.0) with internal id CAH09361; Tue, 25 May 2004 > 02:27:43 -0400 (EDT) > Date: Tue, 25 May 2004 02:27:43 -0400 (EDT) > From: Mail Delivery Subsystem <[EMAIL PROTECTED]> > Subject: Returned mail: User unknown > X-Envelope-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Message-id: <[EMAIL PROTECTED]> > Auto-submitted: auto-generated (failure) > MIME-version: 1.0 > Content-type: multipart/report; report-type=delivery-status; > boundary="CAH09361.1085466463/rly-xh03.mx.aol.com" > X-AOL-IP: 172.20.115.232 > Original-recipient: rfc822;[EMAIL PROTECTED] > > The original message was received at Tue, 25 May 2004 02:27:23 -0400 (EDT) > from flashcafe.snap.net.nz [203.97.28.214] > > > *** ATTENTION *** > > Your e-mail is being returned to you because there was a problem with its > delivery. The address which was undeliverable is listed in the section > labeled: "----- The following addresses had permanent fatal errors -----". > > The reason your mail is being returned to you is listed in the section > labeled: "----- Transcript of Session Follows -----". > > The line beginning with "<<<" describes the specific reason your e-mail > could > not be delivered. The next line contains a second error message which is a > general translation for other e-mail servers. > > Please direct further questions regarding this message to your e-mail > administrator. > > --AOL Postmaster > > > > ----- The following addresses had permanent fatal errors ----- > <[EMAIL PROTECTED]> > > ----- Transcript of session follows ----- > ... while talking to air-xh01.mail.aol.com.: > >>> RCPT To:<[EMAIL PROTECTED]> > <<< 550 MAILBOX NOT FOUND > 550 <[EMAIL PROTECTED]>... User unknown > > > ______________________________________________________________________ > Reporting-MTA: dns; rly-xh03.mx.aol.com > Arrival-Date: Tue, 25 May 2004 02:27:23 -0400 (EDT) > > Final-Recipient: RFC822; [EMAIL PROTECTED] > Action: failed > Status: 5.1.1 > Remote-MTA: DNS; air-xh01.mail.aol.com > Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND > Last-Attempt-Date: Tue, 25 May 2004 02:27:43 -0400 (EDT) > > > ______________________________________________________________________ > Received: from aol.com (flashcafe.snap.net.nz [203.97.28.214]) by > rly-xh03.mx.aol.com (v99_r4.3) with ESMTP id MAILRELAYINXH310-49c40b2e749263; Tue, > 25 May 2004 02:27:22 -0400 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: info > Date: Tue, 25 May 2004 18:27:01 +1200 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0003_00000ECE.0000221F" > X-Priority: 3 > X-MSMail-Priority: Normal > X-AOL-IP: 203.97.28.214 > X-AOL-SCOLL-SCORE: 0:XXX:XX > X-AOL-SCOLL-URL_COUNT: 0 > Message-ID: <[EMAIL PROTECTED]> >
