Linux virus or forged address?

[Alexander Dalloz]

Am Mo, den 12.04.2004 schrieb Jonathan Ryshpan um 20:37:

> I recently received the following bounce message for a message I never
> sent.  Is it possible that some component of my email system (fetchmail
> + sendmail + evolution) has been infected by a virus?  Or has someone
> just forged my return address?
> 
> Thanks - Jonathan Ryshpan
> 
> -----Forwarded Message-----
> From: MAILER-DAEMON at admin.thenth.com
> To: jonrysh at pacbell.net
> Subject: failure notice
> Date: Mon, 12 Apr 2004 16:04:23 +0000
> 
> Hi. This is the qmail-send program at admin.thenth.com.
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
> 
> <php at elitemaps.com>:
> This address no longer accepts mail.

As others already replied it is caused by actual worms (running on
infected Windows[tm] machines) misusing your email address from the
address book.

And what you see too is the bad behaviour of qmail as MTA: it first
accepts the whole mail and later produces a bounce mail, hitting you
though you never sent the original mail.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 21:13:05 up 24 days, 4:54, load average: 0.17, 0.48, 0.85 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040412/e2ec30cb/attachment-0001.sig>