Re: [SLUG] strange returned mail

• Next message: Rich Morgan: "[SLUG] Limiting terminal access to root"
• Previous message: Bob Stia: "Re: [SLUG] strange returned mail"
• In reply to: Bob Stia: "[SLUG] strange returned mail"
• Next in thread: Bob Stia: "Re: [SLUG] strange returned mail"
• Reply: Bob Stia: "Re: [SLUG] strange returned mail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sun, Mar 09, 2008 at 09:41:31PM -0400, Bob Stia wrote:

> Hello Sluggers,
>
> Am getting quite a few of these Failed Mail messaages lately. Don't know what
> to make of it. I certainly didn't send it out.Anyone know what is happening
> here?
> -------------------------------------------------------------
> This is the mail system at host lbox.org.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>                    The mail system
>
> <zion@localhost.org> (expanded from <zion@localhost>): delivery temporarily
>     suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused
> unnamed
> Delivery report
> ---------------------------------------------------------------------
> And then there is an encapsulated message to a mailing list following it.
>

I'm not an expert, but here's my guess (without seeing the headers). It
looks like someone has spoofed your "From" address in sending an email
to lbox.org. I'm guessing that the "localhost" in this case is the
localhost of the receiving mail server. It looks like someone sent an
email to this mailserver, with zion@localhost as the "To" address.
Naturally, that didn't resolve, and the lbox mailserver bounced the
message to the presumed sender, you.

As administrator of this and other lists, I see traffic like this quite a
lot, and they're generally just spoof bounces. In fact, I see so many of
them that I have procmail recipes in place that just shove them into a
folder so I don't actually have to look at them. Every month, a script
sweeps the oldest ones away, but newer ones stay for a while in case I
need to investigate something about them.

Paul

-- 
Paul M. Foster
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Rich Morgan: "[SLUG] Limiting terminal access to root"
• Previous message: Bob Stia: "Re: [SLUG] strange returned mail"
• In reply to: Bob Stia: "[SLUG] strange returned mail"
• Next in thread: Bob Stia: "Re: [SLUG] strange returned mail"
• Reply: Bob Stia: "Re: [SLUG] strange returned mail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:20:18 EDT