Gustavo, Sorry, no Spanish. But it was highly likely a spam, and the spammer spoofed their email address. this is a typical tactic of spammers; they send the email with the from: populated with the recipients email address (I believe this is what shows up as the from name in email clients) or another user at the same domain as the recipient. Reply-to: and return-path: are also often spoofed and have misinformation. It is highly unlikely that your server was at all compromised.
To find the origin of spam, you must look at the headers of the received email and note the received: field. For instance, here are the headers from your message to the list: Return-Path: <qmailtoaster-list-return-18584-helmut=fritz.us....@qmailtoaster.com> Delivered-To: [email protected] Received: (qmail 26927 invoked by uid 89); 5 Apr 2016 17:06:33 -0000 Received: by simscan 1.4.0 ppid: 26910, pid: 26916, t: 0.9676s scanners: attach: 1.4.0 clamav: 0.98.4/m:57/d:21485 spam: 3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on svr4.fritz.us.com X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.1 tests=BAYES_50,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,RDNS_NONE,T_DKIM_INVALID autolearn=disabled version=3.3.2 pyzor=Reported 0 times. Received: from unknown (HELO mail.qmailtoaster.com) (162.213.42.64) by svr4.fritz.us.com with SMTP; 5 Apr 2016 17:06:32 -0000 Received-SPF: pass (svr4.fritz.us.com: SPF record at _spf.qmailtoaster.com designates 162.213.42.64 as permitted sender) Received: (qmail 8386 invoked by uid 89); 5 Apr 2016 17:06:18 -0000 Mailing-List: contact [email protected]; run by ezmlm Precedence: bulk List-Post: <mailto:[email protected]> List-Help: <mailto:[email protected]> List-Unsubscribe: <mailto:[email protected]> List-Subscribe: <mailto:[email protected]> Reply-To: [email protected] Delivered-To: mailing list [email protected] Received: (qmail 8380 invoked by uid 89); 5 Apr 2016 17:06:18 -0000 Received-SPF: pass (mail.qmailtoaster.com: SPF record at _netblocks.google.com designates 209.85.218.42 as permitted sender) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=t2yMLEkqI0Ptj0Ei6YPwiln8qr30el9Y+NsN9w7krSM=; b=kmZ9Qpjoy1gHi80d6BeRfQiKsbazyYK1HRM/LhIKtEt1VGAyozMWBlZBlNUIvAhq3E T5v/+re69i5fE2a6A3Q0mxm7hR2S8WEm32V8/URmZ03evqev6C3sTSVSpdRJMCZkNGUh c/oMMfSD9PMUWGouU2DeFdjh5bRWpkZNljqjn0QaXtV/Cj9r2J47nOD/d8PPQqxUrrSn CG+h4qsg6/oaXMqwyO4bJV57/Mz4h95DGoh9/0f1UK+n2k2KrwvpV/Huco4ccaPbdwCv 0lcGCg1lEIBbHS3pETYjcMOvrmuUNfHSn1Ooad/ILYynC/gd+LUe5avt8lj4ALAfEX2h 2XvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=t2yMLEkqI0Ptj0Ei6YPwiln8qr30el9Y+NsN9w7krSM=; b=NGVqmxtJEWFtukHKbkxutRCbfWITK1+UfLHvkPFBOaFn5SxVwvZ5trnCZcL+0PFesr VeJkR7uj6p3vZ5oUGs6ylgAYKxcfLkpplEEx/Jy9e0SirHS1yuEMeM/syyXwKGRrqA3L fEslLkcXDKTNzmabFlwGInfx/gi6/B7OiQyoUB5orPrzJEFV3igViNpWSBM1L7BYuAkl 18Mzp09iOwLb1ievjjNFlAPCCYfTUlMQm98k+HwOegl1IaAJrFueae/0TR2fpYkyUuqQ nKaTuJpNwHRNGY1iGGowfvqR5R5zlmVMV5x0jb83so80zkId6gnJtBy6jczbkvsV+G4q J12w== X-Gm-Message-State: AD7BkJK8KUloUSOEhBUC5e64HlAkmylxL1hIfeP9KlAPwoO+mLN9vgr+vxHjDGcH4LL+4nmlZBCWP1D+it/7PQ== MIME-Version: 1.0 X-Received: by 10.157.55.130 with SMTP id x2mr15224728otb.120.1459875965876; Tue, 05 Apr 2016 10:06:05 -0700 (PDT) Date: Tue, 5 Apr 2016 14:06:05 -0300 Message-ID: <cafcm53wpoudqft0g452gahujoxv0xjh23hqnmjbpuwfoze9...@mail.gmail.com> From: Gustavo De Poli <[email protected]> To: [email protected] Content-Type: multipart/alternative; boundary=001a11408f265cbfce052fbfdc69 Subject: [qmailtoaster] Problems Hope some of this helps, and I hope others on the list will correct anything I might have wrong! Helmut From: Gustavo De Poli [mailto:[email protected]] Sent: Tuesday, April 05, 2016 10:06 AM To: [email protected] Subject: [qmailtoaster] Problems Hi: Sorry my ingl. i have aclient with qmailtoaster under centos 5. just 50 users (email-address) a few week ago, they recibed mails from themselves, and i dont know where lookfor de problem. i changed de password af all email-address, i inspected logs, but i cant see where is de origin of de spam. someone can help me???? if its posible in spanish??? thanks Gustavo
