[clug-talk] Anyone else getting a lot of supposed bounced mail?
sgrover at open2space.com
Sun Sep 25 01:32:09 PDT 2005
I seem to be getting a lot of mail coming through my server, reporting
"Mail Delivery Status (Undeliverable)", (or others with similar subjects).
When I check the headers, these all appear to originate outside my network,
and the embedded message itself is clearly spam. However, I'm a little
worried I'm inadvertently relaying mail. Can I get a second opinion? Here's
Delivered-To: jeffreycaselk at open2space.com
Received: (qmail 17478 invoked by uid 210); 24 Sep 2005 22:50:53 -0600
Received: from 220.127.116.11 by srv (envelope-from <>, uid 201) with
(f-prot: 4.6.1/3.16.8. spamassassin: 3.0.4. perlscan: 1.25st.
Processed in 1.241097 secs); 25 Sep 2005 04:50:53 -0000
X-Spam-Status: No, hits=0.4 required=5.0
Received: from user.emera.com (HELO spark.nspower.ca) (18.104.22.168)
by 192.168.0.5 with SMTP; 24 Sep 2005 22:50:51 -0600
Received: from fibretek.com (localhost [127.0.0.1])
by spark.nspower.ca (8.11.7+Sun/biteme) with SMTP id j8P4pXc02042
for <jeffreycaselk at open2space.com>; Sun, 25 Sep 2005 01:51:33 -0300
Received: from FIBRETEK#u#DOM-Message_Server by fibretek.com
with Novell_GroupWise; Sun, 25 Sep 2005 01:56:19 -0300
Message-Id: <s33603c3.015 at fibretek.com>
X-Mailer: Novell GroupWise 5.2
Date: Sun, 25 Sep 2005 01:56:19 -0300
From: Mailer-Daemon at fibretek.com
To: jeffreycaselk at open2space.com
Subject: Message status - undeliverable
Obviously, the open2space.com domain is mine. Some of the header is legit -
the first 7 or so lines (up to the X-Spam-Status) are typical for my mail,
and the 192.168.0.5 address is correct for my mail server (internal address).
But this looks to originate from fibretek.com. My network does not have a
jeffreycaselk account, nor do I use Groupwise (or Eudora, or Exchange as
reported by some of the other messages) Is this a bad relay attempt? Should
I be locking down my network even more? (My mail server has never been
configured as a mail relay, but I did have some issues in the not too distant
past that required some tweaking, maybe I inadvertently opened something? Or
can I safely ignore this and wait until spamassassin decides this is spam?
Regardless I'll be looking into my server settings, but I am curious if anyone
else is seeing these messages.
More information about the clug-talk