Mail Attack

Ed Wilts ewilts at ewilts.org
Tue Aug 23 22:14:38 UTC 2005 

On Tue, Aug 23, 2005 at 04:47:55PM -0400, Jessica Zhu wrote:
> Hi Steve,
> 
> Below is one. It is from mx.maria.choppy.com.cl, right? I guess I have to 
> scan all the bounces. It will be really time consuming.

Somebody claiming to be you sent an email to chingpao at ms28.hinet.net 
via mx.maria.choppy.com.cl.  That person bounced it back to you. You can
try to get a hold of the postmaster at mx.maria.choppy.com.cl but it's
probably too late - the spam has left their system and the bounces are
already making their way to you.  They could have been queued for hours
- you don't know.  Spammers move around a lot and they're likely already
spamming from another system.  You can contact the postmaster of the
original system and it may help in the future but it's likely already
too late to help you.

        .../Ed

> Date: Wed, 24 Aug 2005 03:43:57 +0800 (CST)
> From: Mail Delivery Subsystem <MAILER-DAEMON at ms28.hinet.net>
> To: Jessica at mathforum.org
> Subject: Returned mail: Service unavailable
> 
> The original message was received at Wed, 24 Aug 2005 03:43:52 +0800 (CST)
> from [211.106.177.167]
> 
>    ----- The following addresses had permanent fatal errors -----
> <chingyu7 at ms28.hinet.net>
> 
>    ----- Transcript of session follows -----
> mail.local: /var/mail/c/chingyu7: Disc quota exceeded
> 554 <chingyu7 at ms28.hinet.net>... Service unavailable
> 
>    ----- Original message follows -----
> 
> Return-Path: <Jessica at mathforum.org>
> Received: from 168.95.5.28 ([211.106.177.167])
>         by ms28.hinet.net (8.8.8/8.8.8) with SMTP id DAA01186;
>         Wed, 24 Aug 2005 03:43:52 +0800 (CST)
> Received: from mx.maria.choppy.com.cl (HELO 24-138.F.dial.o-tel-o.net)
>         by mx.maria.munich.com.cl (Estfix) with ESMTP id F86203BD55
>         for <Jessica at mathforum.org>; Wed, 24 Aug 2005 01:38:50 +0500
> Date: Tue, 23 Aug 2005 23:35:50 +0300
> From: "Deena " <Jessica at mathforum.org>
> Message-ID: <D004042DECF4D3118A4068600815F449E2DFA7 at lvcoh006>
> To: chingpao at ms28.hinet.net
> Subject: This may help
> X-Mailer: Mew version 3.2 on Emacs 21.3 / Mule 5.4 (SAKAKI)
> X-Virus-Scanned: by AMaViS perl-13
> MIME-Version: 1.0
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> 
> 
> On Tue, 23 Aug 2005, Steve Phillips wrote:
> 
> > On Tue, 23 Aug 2005, Jessica Zhu wrote:
> > >> The big trick is to find the originator. - If you need help with this
> > >> them let us know and we can probably track them down for you.
> > >
> > > Yes, with the bounce from all the places, it's really difficult for me to
> > > find out the originator. I really need help on this. What are the steps
> > > that I should take?
> > 
> > You will need to capture one of the messages in its entirety and post it 
> > will full headers here.
> > 
> > the easiest way to do this is to setup a catchall account for a few 
> > seconds, capture a message then turn off the catchall account.
> 
> Do you mean to set up a catchall for all the bounces?
> 
> 
> Jessica

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program

More information about the redhat-list mailing list