Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] FW: Undeliverable Mail
Robert Cates wrote: >
> How is this happening, and what can/should I do to my configuration to stop
> it? Actually, is it even coming from my server? I mean, I don't think so,
> but I do not know enough to be able to really tell. I tried to grep
> 'isellsurplus.com' in my log file for 26/27 Nov., but it returned nothing.
> Is that sign enough that the mail was not sent through my server?
It's a virus sending mail from rcqsyep.net [67.8.174.175], faking your
address as the sender. The receiver (milton.aspiresite.com) is
collateral spamming by accepting the undeliverable message and then
bouncing it, instead of rejecting at SMTP time. Check the bounced
Received headers to confirm that this isn't your fault:
> Received: from rcqsyep.net [67.8.174.175] by milton.aspiresite.com
> (SMTPD32-8.15) id AF091180116; Sat, 26 Nov 2005 22:15:37 -0800