[clug-talk] Anyone else getting a lot of supposed bounced mail?

Shawn sgrover at open2space.com
Sun Sep 25 01:32:09 PDT 2005


I seem to be getting a lot of mail coming through my server, reporting
"Mail Delivery Status (Undeliverable)", (or others with similar subjects).  
When I check the headers, these all appear to originate outside my network, 
and the embedded message itself is clearly spam.  However, I'm a little 
worried I'm inadvertently relaying mail.  Can I get a second opinion?  Here's 
the headers:

Return-Path: <>
 Delivered-To: jeffreycaselk at open2space.com
 Received: (qmail 17478 invoked by uid 210); 24 Sep 2005 22:50:53 -0600
 Received: from 142.67.28.35 by srv (envelope-from <>, uid 201) with 
qmail-scanner-1.25st 
 (f-prot: 4.6.1/3.16.8. spamassassin: 3.0.4. perlscan: 1.25st.  
 Clear:RC:0(142.67.28.35):SA:0(0.4/5.0):. 
 Processed in 1.241097 secs); 25 Sep 2005 04:50:53 -0000
 X-Spam-Status: No, hits=0.4 required=5.0
 Received: from user.emera.com (HELO spark.nspower.ca) (142.67.28.35)
  by 192.168.0.5 with SMTP; 24 Sep 2005 22:50:51 -0600
 Received: from fibretek.com (localhost [127.0.0.1])
        by spark.nspower.ca (8.11.7+Sun/biteme) with SMTP id j8P4pXc02042
        for <jeffreycaselk at open2space.com>; Sun, 25 Sep 2005 01:51:33 -0300 
(ADT)
 Received: from FIBRETEK#u#DOM-Message_Server by fibretek.com
        with Novell_GroupWise; Sun, 25 Sep 2005 01:56:19 -0300
 Message-Id: <s33603c3.015 at fibretek.com>
 X-Mailer: Novell GroupWise 5.2
 Date: Sun, 25 Sep 2005 01:56:19 -0300
 From: Mailer-Daemon at fibretek.com
 To: jeffreycaselk at open2space.com
 Subject: Message status - undeliverable
 Mime-Version: 1.0
 Content-Type: multipart/mixed;
  boundary="=_D3F1ABE3.E687D128"
 Status: R
 X-Status: NC
 X-KMail-EncryptionState: 
 X-KMail-SignatureState: 
 X-KMail-MDN-Sent: 

Obviously, the open2space.com domain is mine.  Some of the header is legit - 
the first 7 or so lines (up to the X-Spam-Status) are typical for my mail, 
and the 192.168.0.5 address is correct for my mail server (internal address).  
But this looks to originate from fibretek.com.  My network does not have a 
jeffreycaselk account, nor do I use Groupwise (or Eudora, or Exchange as 
reported by some of the other messages)  Is this a bad relay attempt?  Should 
I be locking down my network even more?  (My mail server has never been 
configured as a mail relay, but I did have some issues in the not too distant 
past that required some tweaking, maybe I inadvertently opened something?  Or 
can I safely ignore this and wait until spamassassin decides this is spam? 

Regardless I'll be looking into my server settings, but I am curious if anyone 
else is seeing these messages.

Thanks.

Shawn



More information about the clug-talk mailing list