[Linux-Anyway] Have I hosted an open mail relay?

• From: horrorvacui@xxxxxxx
• To: Linux-Anyway@xxxxxxxxxxxxx <Linux-Anyway@xxxxxxxxxxxxx>
• Date: Wed, 5 Mar 2003 13:12:57 +0100

Blimey! Got this today, and it made me suspicious... Most probably this is
a spoof, but who knows. I'm not very good at determining whether mail
headers are genuine, tracking mail to its source or mail transfer in
general. Could someone please give this a once-over? I've included the
full headers of the received message.

A brief explanation: normally, my machine runs no mail handlers (at least
none that I know of), I use sylpheed to connect to my ISP's POP3/SMTP
server as necessary. I've been trying (unsuccessfully) to set up the
standard UNIX mail handling a couple of weeks ago, running sendmail for
brief periods of time. I simply needed something to listen on the
appropriate port so I could configure and test fetchmail, I just ran the
SuSE-installed sendmail without touching any configuration files. When I
tried to send a test mail to myself, it failed because it came from an
invalid domain I've set up here (linux.local, private address range).
Before I even as much as started to google for a fix, I decided that I
don't want sendmail to send anything before the other problems are fixed,
so I left it as it is.

Could it have served as an open relay, then? Or should I send this to my
ISP, because they might be hosting an open relay (there's no need for SMTP
authentication to send mail)? Or is some slimebag of a spammer using my
mail address to spam people? In the headers of the original message I
can't find any received-line that looks anything as if it came from me.

The message in full:
----------------------------------------------------


Return-Path: <>
Delivered-To: faruk@xxxxxx
Received: (qmail 307272 invoked from network); 5 Mar 2003 06:16:46 -0000
Received: from unknown ([172.18.5.72]) (envelope-sender <>)
          by qmail4.highway.telekom.at (qmail-ldap-1.03) with QMQP
          for <>; 5 Mar 2003 06:16:46 -0000
Received: (qmail 573114 invoked from network); 5 Mar 2003 06:16:46 -0000
Received: from omr-m02.mx.aol.com ([64.12.138.2]) (envelope-sender <>)
          by qmail1rs.highway.telekom.at (qmail-ldap-1.03) with SMTP
          for <faruk@xxxxxx>; 5 Mar 2003 06:16:46 -0000
Received: from  rly-st08.mail.aol.com (rly-st08.mail.aol.com
[172.20.75.165]) by omr-m02.mx.aol.com (v90_r2.6) with ESMTP id
RELAYIN3-0305011544; Wed, 05 Mar 2003 01:15:44 -0500
Received: from localhost (localhost)
          by rly-st08.mail.aol.com (8.8.8/8.8.8/AOL-5.0.0)
          with internal id BAC08148;
          Wed, 5 Mar 2003 01:15:43 -0500 (EST)
Date: Wed, 5 Mar 2003 01:15:43 -0500 (EST)
From: Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxx>
Message-Id: <200303050615.BAC08148@xxxxxxxxxxxxxxxxxxxxx>
To: <faruk@xxxxxx>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="BAC08148.1046844943/rly-st08.mail.aol.com"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)

The original message was received at Wed, 5 Mar 2003 01:15:20 -0500 (EST)
from rly-xh05.mail.aol.com [172.20.115.234]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery.  The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered.  The next line contains a second error message which is
a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



   ----- The following addresses had permanent fatal errors -----
<jacnytxftw@xxxxxxx>
<jade7400@xxxxxxx>
<jabronie80@xxxxxxx>
<jakeieone@xxxxxxx>
<jag277@xxxxxxx>
<jacke321@xxxxxxx>

   ----- Transcript of session follows -----
... while talking to air-yc04.mail.aol.com.:
>>> RCPT To:<jacke321@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jacke321@xxxxxxx>... User unknown
>>> RCPT To:<jag277@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jag277@xxxxxxx>... User unknown
>>> RCPT To:<jakeieone@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jakeieone@xxxxxxx>... User unknown
>>> RCPT To:<jabronie80@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jabronie80@xxxxxxx>... User unknown
>>> RCPT To:<jade7400@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jade7400@xxxxxxx>... User unknown
>>> RCPT To:<jacnytxftw@xxxxxxx>
<<< 550 MAILBOX NOT FOUND
550 <jacnytxftw@xxxxxxx>... User unknown


[message/delivery-status (1408 bytes)]
Reporting-MTA: dns; rly-st08.mail.aol.com
Arrival-Date: Wed, 5 Mar 2003 01:15:20 -0500 (EST)

Final-Recipient: RFC822; jacnytxftw@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:43 -0500 (EST)

Final-Recipient: RFC822; jade7400@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:42 -0500 (EST)

Final-Recipient: RFC822; jabronie80@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:42 -0500 (EST)

Final-Recipient: RFC822; jakeieone@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:42 -0500 (EST)

Final-Recipient: RFC822; jag277@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:41 -0500 (EST)

Final-Recipient: RFC822; jacke321@xxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-yc04.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 5 Mar 2003 01:15:41 -0500 (EST)


Received: from  rly-xh05.mail.aol.com (rly-xh05.mail.aol.com
[172.20.115.234]) by rly-st08.mail.aol.com (v90.10) with ESMTP id
RELAYIN6-0305011520; Wed, 05 Mar 2003 01:15:20 1900
Received: from  ce7f8364.com ([149.43.182.11]) by rly-xh05.mail.aol.com
(v90_r2.6) with ESMTP id MAILRELAYINXH510-0305011502; Wed, 05 Mar 2003
01:15:02 -0500
From: faruk@xxxxxx
To: jaclajac@xxxxxxx
CC: jacke321@xxxxxxx, jag277@xxxxxxx, jack797456@xxxxxxx,
jakeieone@xxxxxxx
Date: Wed, 5 Mar 2003 00:15:09 -0600
Subject: Doctor approved diet pills!
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <200303050115.10BbLZEzhuvbk@xxxxxxxxxxxxxxxxxxxxx>

Hello jaclajac ,

All Natural Human Growth Hormone! Guarenteed Results!!!

Pheromone Perfumes and Colognes!!

Doctor Recommended Diet Pills!!

Click Here Now!! [BJK9^":}H]


-------------------------------------------------
end message.

Cheers

-- 
Horror Vacui

Registered Linux user #257714

Go get yourself... counted: http://counter.li.org/
- and keep following the GNU.
To unsubcribe send e-mail with the word unsubscribe in the body to:   
Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe

• Follow-Ups:
  • [Linux-Anyway] Re: Have I hosted an open mail relay?
    • From: Godwin Stewart

Other related posts:

• » [Linux-Anyway] Have I hosted an open mail relay?
• » [Linux-Anyway] Re: Have I hosted an open mail relay?
• » [Linux-Anyway] Re: Have I hosted an open mail relay?

1. Home
2. linux-anyway
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---