[Exim] How this message arived here

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Frank S. Bernhardt
Datum:  
To: Exim Users List
Betreff: [Exim] How this message arived here
Being a newbie at this e-mail thing, please bear with me.

I'm running EXIM 4.10 with Spamassassin (latest version).

I received this e-mail and it was properly flagged as spam. So far ok.
But, the e-mail appears to be a bounce to an e-mail which I supposedly
sent but which I didn't send.

As near as I can figure out the e-mail originated from 48.211.102.224
and was addressed to deher333@??? with my forged return address. The
aol server then bounced the message back to me.

Am I close?

If I am, then this would indicate to me that AOL's smtp server is not
set up correctly in that it is not looking at the correct part of the
message header for the reply address. Should AOL be informed of this or
would they even care? Should I even care?

Attached are the headers:

************************ start message
>From MAILER-DAEMON@204.225.103.222 Wed Nov 27 11:28:03 2002

Return-path: <MAILER-DAEMON@204.225.103.222>
Envelope-to: frank@???
Delivery-date: Wed, 27 Nov 2002 11:28:03 -0500
Received: from spamkill by bcsisco.bcsi1.com with spam-scanned (Exim
4.10)
 id 18H52P-0002mK-00
 for frank@???; Wed, 27 Nov 2002 11:28:03 -0500
Received: from bcsisco.bcsi1.com ([207.112.1.33])
 by bcsisco.bcsi1.com with esmtp (Exim 4.10)
 id 18H52K-0002mH-00
 for frank@???; Wed, 27 Nov 2002 11:27:40 -0500
Received: from 204.225.103.222
 by bcsisco.bcsi1.com (fetchmail-4.3.9 POP3)
 for <frank/bcsisco.bcsi1.com> (single-drop); Wed, 27 Nov 2002 11:27:40
EST
Received: from zephir.primus.ca (mail.tor.primus.ca [216.254.136.21])
 by diplomatic.passport.ca (8.11.3/8.11.3) with ESMTP id gARGN7106124
 for <cbqfrank@???>; Wed, 27 Nov 2002 11:23:08 -0500 (EST)
Received: from mail.tor.primus.ca ([216.254.136.21]
helo=notus.primus.ca)
 by zephir.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168)
 (Exim 3.33 #16)
 id 18H4xa-0002KS-0A
 for cbqfrank@???; Wed, 27 Nov 2002 11:22:46 -0500
Received: from mail.tor.primus.ca ([216.254.136.21]
helo=zephir.primus.ca)
 by notus.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168)
 (Exim 3.33 #16)
 id 18H4xZ-0000j6-0A
 for cbqfrank@???; Wed, 27 Nov 2002 11:22:45 -0500
Received: from mail.tor.primus.ca ([216.254.136.21]
helo=notus.primus.ca)
 by zephir.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168)
 (Exim 3.33 #16)
 id 18H4xW-0002Jk-0A
 for cbqfrank@???; Wed, 27 Nov 2002 11:22:42 -0500
Received: from mail.tor.primus.ca ([216.254.136.21]
helo=boreas1.primus.ca)
 by notus.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168)
 (Exim 3.33 #16)
 id 18H4xV-0000ie-0A
 for cbqfrank@???; Wed, 27 Nov 2002 11:22:41 -0500
Received: from omr-r07.mx.aol.com ([152.163.225.147])
 by boreas1.primus.ca with esmtp (Exim 3.36 #3)
 id 18H4xV-0006MW-0A
 for cbqfrank@???; Wed, 27 Nov 2002 11:22:41 -0500
Received: from  rly-xi04.mx.aol.com (rly-xi04.mail.aol.com
[172.20.116.9]) by omr-r07.mx.aol.com (v86_r1.15) with ESMTP id
RELAYIN10-1127112231; Wed, 27 Nov 2002 11:22:31 -0500
Received: from localhost (localhost)
   by rly-xi04.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
   with internal id LAE17679;
   Wed, 27 Nov 2002 11:22:31 -0500 (EST)
Date: Wed, 27 Nov 2002 11:22:31 -0500 (EST)
From: Mail Delivery Subsystem <MAILER-DAEMON@???>
Message-Id: <200211271622.LAE17679@???>
To: <cbqfrank@???>
MIME-Version: 1.0
Content-Type: text/plain
Subject: *****SPAM***** Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
X-Spam-Status: Yes, hits=9.6 required=5.0
 tests=ASCII_FORM_ENTRY,ASKS_BILLING_ADDRESS,BULK_EMAIL,EMAIL_MARK
       ETING,EXCUSE_10,FAILURE_NOTICE_1,FAILURE_NOTICE_2,LINES_OF_
       YELLING,LINES_OF_YELLING_2,LINES_OF_YELLING_3,MAILER_DAEMON
       ,MAILTO_TO_SPAM_ADDR,MAIL_IN_ORDER_FORM,MLM,ONLY_COST,OPT_I
       N,PRINT_FORM_SIGNATURE,SPAM_PHRASE_13_21,SUPERLONG_LINE,WAN
       TS_CREDIT_CARD
 version=2.43
X-Spam-Flag: YES
X-Spam-Level: *********
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
X-Spam-Prev-Content-Type: multipart/report; report-type=delivery-status;
boundary="LAE17679.1038414151/rly-xi04.mx.aol.com"
Status: RO
X-Status:


SPAM: -------------------- Start SpamAssassin results
----------------------
SPAM: This mail is probably spam. The original message has been altered

SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details:   (9.60 hits, 5 required)
SPAM: MAILER_DAEMON      (-1.5 points) From the Mailer-Daemon
SPAM: FAILURE_NOTICE_1   (-0.1 points) Mailer daemon failure notice (1)
SPAM: FAILURE_NOTICE_2   (-1.0 points) BODY: Mailer daemon failure
notice (2)
SPAM: WANTS_CREDIT_CARD  (2.9 points)  BODY: Asks for credit card
details
SPAM: BULK_EMAIL         (1.7 points)  BODY: Talks about bulk email
SPAM: OPT_IN             (1.5 points)  BODY: Talks about opting in
SPAM: MLM                (1.0 points)  BODY: Multi Level Marketing
mentioned
SPAM: MAIL_IN_ORDER_FORM (0.6 points)  BODY: Contains mail-in order form


SPAM: PRINT_FORM_SIGNATURE (0.5 points)  BODY: Asks you for your
signature on a form
SPAM: ASKS_BILLING_ADDRESS (0.4 points)  BODY: Asks for a billing
address
SPAM: EXCUSE_10          (0.3 points)  BODY: "if you do not wish to
receive any more"
SPAM: EMAIL_MARKETING    (0.3 points)  BODY: Talks about email marketing


SPAM: ONLY_COST          (0.2 points)  BODY: Only $$$
SPAM: SPAM_PHRASE_13_21  (1.3 points)  BODY: Spam phrases score is 13 to
21 (high)
SPAM:                    [score: 13]
SPAM: LINES_OF_YELLING_3 (0.3 points)  BODY: 3 WHOLE LINES OF YELLING
DETECTED
SPAM: LINES_OF_YELLING_2 (0.2 points)  BODY: 2 WHOLE LINES OF YELLING
DETECTED
SPAM: LINES_OF_YELLING   (0.2 points)  BODY: A WHOLE LINE OF YELLING
DETECTED
SPAM: ASCII_FORM_ENTRY   (0.1 points)  BODY: Contains an ASCII-formatted
form
SPAM: SUPERLONG_LINE     (0.0 points)  BODY: Contains a line >=199
characters long
SPAM: MAILTO_TO_SPAM_ADDR (0.7 points)  URI: Includes a link to a likely
spammer email address
SPAM:
SPAM: -------------------- End of SpamAssassin results
---------------------


This is a MIME-encapsulated message

--LAE17679.1038414151/rly-xi04.mx.aol.com

The original message was received at Wed, 27 Nov 2002 11:21:56 -0500
(EST)
from lsanca1-ar3-153-094.biz.dsl.gtei.net [4.33.153.94]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with
its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors
-----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which
is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



----- The following addresses had permanent fatal errors -----
<deher333@???>

----- Transcript of session follows -----
... while talking to air-xi01.mail.aol.com.:
>>> RCPT To:<deher333@???>

<<< 550 MAILBOX NOT FOUND
550 <deher333@???>... User unknown

--LAE17679.1038414151/rly-xi04.mx.aol.com
Content-Type: message/delivery-status

Reporting-MTA: dns; rly-xi04.mx.aol.com
Arrival-Date: Wed, 27 Nov 2002 11:21:56 -0500 (EST)

Final-Recipient: RFC822; deher333@???
Action: failed
Status: 2.0.0
Remote-MTA: DNS; air-xi01.mail.aol.com
Diagnostic-Code: SMTP; 250 OK
Last-Attempt-Date: Wed, 27 Nov 2002 11:22:31 -0500 (EST)

--LAE17679.1038414151/rly-xi04.mx.aol.com
Content-Type: message/rfc822

Received: from 196.15.158.3 (lsanca1-ar3-153-094.biz.dsl.gtei.net
[4.33.153.94]) by rly-xi04.mx.aol.com (v89.21) with ESMTP id
MAILRELAYINXI45-1127112146; Wed, 27 Nov 2002 11:21:46 -0500
Received: from unknown (52.127.142.42) by rly-xl04.mx.aol.com with smtp;
Nov, 27 2002 10:55:22 AM +0300
Received: from [203.186.145.225] by hotmail.com (3.2) with ESMTP id
MHotMailBE7297E1009B400437E7CBBA91E10D0B0; Nov, 27 2002 9:59:33 AM -0800

Received: from mx.rootsystems.net ([60.127.54.24]) by
smtp-server6.tampabay.rr.com with SMTP; Nov, 27 2002 9:04:31 AM +0600
Received: from [48.211.102.224] by rly-xl05.mx.aol.com with local; Nov,
27 2002 7:59:10 AM -0200
From: wvmkGilnei MorOes <cbqfrank@???>
To: adenine
Cc:
Subject: 400 Million worldwide emails + 7 Million Chinese Emails $139
Sender: wvmkGilnei MorOes <cbqfrank@???>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Wed, 27 Nov 2002 11:20:56 -0500
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Message-ID: <200211271121.05LBGCW_eiOzn@???>

********************** start message cut

********************** end message cut




--LAE17679.1038414151/rly-xi04.mx.aol.com--
************************ end message
--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON.
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???