[TriLUG] I'm getting lots of Weird Bounces... any thoughts

Richard O. Hammer ROHammer at EarthLink.net
Thu Sep 18 15:52:24 EDT 2003


Can you send the headers of one of these messages?  An examination of 
the headers might confirm, for starters, that the messages from 
addresses such 6pqjukwytm at tumaz.com did not originate with your server.

as Joshua Gitlin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello Everyone... I haven't posted in a while. Good to be back :)
> 
> I've been getting all sorts of weird bounces from my email server as of 
> last night... They're bounce messages that are bouncing, so my confused 
> email server (qmail) is sending them to me.
> 
> The emails were all (originally) sent from various email addresses under 
> my domain that don't exist (nonsense addresses like 
> 6pqjukwytm at tumaz.com) and they were sent to AOL members (and who knows 
> who else). AOL is bouncing the messages "back" to me... although they 
> didn't even originate on my system... They're coming from a variety of 
> IP addresses, some of which appear to be in denmark. The messages read 
> something like this:
> 
> "--PAH03624.1063911700/str-d10.mail.aol.com--"
> 
> As far as I can tell, this has something to do with somebody trying to 
> figure out something about AOL's mail servers, and they're just using my 
> domain as a scapegoat... But I'm not really sure what's going on. I'm 
> worried that it's either a misconfiguration in my email server or 
> someone trying to do something nasty to one of my servers (and 
> succeeding). Any thoughts? Thanks guys!
> 
> Joshua Gitlin
> Website Developer/Designer
> Webmaster, Glow Films, Inc
> http://josh.tumaz.com/
> http://www.glowfilms.com/
> - - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
> 
> iEYEARECAAYFAj9qAyIACgkQdMO2CPVJoQ6RCACfZvAbSK3aTajkNDBBxGU3Tv/L
> s0cAmwQtaGBWhoqz8kJ0BBMV/gCcfxDp
> =Y9hi
> - - -----END PGP SIGNATURE-----
> 
> 
> - - -----------
> Due to the recent increase in spam and falsely sent email, I now PGP 
> Sign all of my outgoing mail to prove my identity. This means that you 
> will see a small line of code below all mail you receive from me; this 
> line of code proves that I am who I say I am. For more information, 
> please visit http://www.pgp.com/ or http://www.gnupg.org/
> 
> 
> 
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
> 
> iEYEARECAAYFAj9qA0MACgkQdMO2CPVJoQ7o2ACfSE7bGGw+oVBGSRNDbA2nlx9S
> RV8AnRi25ZhTjKZ/Mg3UGOGqmzvq26dA
> =V07M
> - -----END PGP SIGNATURE-----
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
> 
> iEYEARECAAYFAj9qBAcACgkQdMO2CPVJoQ4CCwCdHRD/CPAEX9TTe5bLKFRnrIue
> 52wAnjme1wO5A/9dw5wRCFuq3IKkQOl9
> =x00L
> -----END PGP SIGNATURE-----
> 






More information about the TriLUG mailing list