What's this then?

mammaduck · 27 Jul 2010, 02:33 AM

I haven't posted here for a long time and now twice in a day. I just received the following e-mail: (I have changed my fastmail login name to "myname".

Is somebody using my account to send spam or "just" impersonating to send spam from my account?

Thanks in advance for your answers and input.
----------------------------------------------------------------------------------

This is the Postfix program at host UniKL-MICET.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

<myname@fastmail.fm>: delivery temporarily suspended: unknown mail transport
error

Reporting-MTA: dns; UniKL-MICET
X-Postfix-Queue-ID: 21D254C9F9
X-Postfix-Sender: rfc822; myname@fastmail.fm
Arrival-Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT)

Final-Recipient: rfc822; myname@fastmail.fm
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; delivery temporarily suspended: unknown mail
transport error

Gedeelte 1.2
Onderwerp:
myname@fastmail.fm VIAGRA � Official Site -53%
Van:
myname@fastmail.fm
Datum:
Tue, 20 Jul 2010 17:07:41 +0800 (MYT)
Aan:
myname@fastmail.fm

Return-Path: <>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store26m.internal (Cyrus v2.4.0-git-fastmail-5720) with LMTPA;
Mon, 26 Jul 2010 12:53:39 -0400
X-Sieve: CMU Sieve 2.3
Subject: {SPAM 24.7} Undelivered Mail Returned to Sender
X-Spam: high
X-Spam-score: 24.7
X-Spam-hits: BAYES_99 3.5, DATE_IN_PAST_24_48 1.34, DCC_CHECK 1.5,
FSL_HELO_NON_FQDN_1 0.001, HTML_IMAGE_ONLY_12 2.059, HTML_MESSAGE 0.001,
HTML_SHORT_LINK_IMG_1 0.001, RCVD_IN_BRBL_LASTEXT 1.449,
RCVD_IN_RP_RNBL 1.31, RCVD_IN_RTSSBL 2, RDNS_NONE 0.793,
T_SURBL_MULTI1 0.01, T_SURBL_MULTI2 0.01, URIBL_DBL_SPAM 1.7,
URIBL_INVALUEMENT 2, URIBL_JP_SURBL 1.25, URIBL_SBL 1.623,
URIBL_SC_SURBL 0.568, URIBL_WS_SURBL 1.608, WPBL_RBL 2, BAYES_USED user,
SA_VERSION 3.3.1
X-Backscatter: Yes
X-Backscatter-Hosts:
X-Spam-source: IP='110.159.214.37', Host='noreverse', Country='MY', FromHeader='unk',
MailFrom='unk'
X-Spam-charsets:
X-Resolved-to: myname@fastmail.fm
X-Delivered-to: myname@fastmail.fm
X-Mail-from:
Received: from mx3.messagingengine.com ([10.202.2.202])
by compute2.internal (LMTPProxy); Mon, 26 Jul 2010 12:53:39 -0400
Received: from UniKL-MICET (unknown [110.159.214.37])
by mx3.messagingengine.com (Postfix) with ESMTP id 1F4C123EEC6
for <myname@fastmail.fm>; Mon, 26 Jul 2010 12:53:37 -0400 (EDT)
Received: by UniKL-MICET (Postfix)
id 5049D46D84; Sun, 25 Jul 2010 19:23:33 +0800 (MYT)
Date: Sun, 25 Jul 2010 19:23:33 +0800 (MYT)
From: MAILER-DAEMON@UniKL-MICET.UniKL-MICET (Mail Delivery System)
X-Spam-orig-subject: Undelivered Mail Returned to Sender
To: myname@fastmail.fm
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="21D254C9F9.1280057013/UniKL-MICET"
Message-Id: <20100725112334.5049D46D84@UniKL-MICET>
X-Truedomain-SPF: None
X-Truedomain-DKIM: None
X-Truedomain: Neutral

This is a MIME-encapsulated message.

--21D254C9F9.1280057013/UniKL-MICET
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host UniKL-MICET.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

<myname@fastmail.fm>: delivery temporarily suspended: unknown mail transport
error

--21D254C9F9.1280057013/UniKL-MICET
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; UniKL-MICET
X-Postfix-Queue-ID: 21D254C9F9
X-Postfix-Sender: rfc822; myname@fastmail.fm
Arrival-Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT)

Final-Recipient: rfc822; myname@fastmail.fm
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; delivery temporarily suspended: unknown mail
transport error

--21D254C9F9.1280057013/UniKL-MICET
Content-Description: Undelivered Message
Content-Type: message/rfc822

And this is copied from the header:

Received: from user-18eb2d233e (unknown [192.167.40.188])
by UniKL-MICET (Postfix) with SMTP id 21D254C9F9
for <myname@fastmail.fm>; Tue, 20 Jul 2010 17:07:41 +0800 (MYT)
From: myname@fastmail.fm
To: myname@fastmail.fm
Subject: myname@fastmail.fm VIAGRA ® Official Site -53%
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20100720090741.21D254C9F9@UniKL-MICET>
Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT)

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" />
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0" style="width: 896px">
<tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;"><a href="http://nzb.wentwonder.ru?ndky=myname@fastmail.fm" style="text-decoration: none; color: #0099ff;">Click here. </td></tr>
<tr><td align="center">
<br />
<a href="http://ddk.wentwonder.ru?pjnb=myname@fastmail.fm"><img alt="Dear myname@fastmail.fm" src="http://bzv.wentwonder.ru/f.gif" style="border-width: 0px" /></a></td></tr>
</table>
</body>
</html>

--21D254C9F9.1280057013/UniKL-MICET--

n5bb · 28 Jul 2010, 01:00 PM

That appears to be backscatter sent from someone using the UniKL-MICET server in Malaysia. Anyone can spoof you (send using your address in the From email header). This has nothing to do with Fastmail, since this can happen with any email service.

Fastmail has a backscatter filter which attempts to find such rejection responses to the spoofed spam messages and put them in your Junk Mail folder.

This is no different than postal snailmail. Anyone can send a piece of mail with your name and address in the return address area of the envelope and the mail contents.

Bill

27 Jul 2010, 02:33 AM	#1
mammaduck Cornerstone of the Community Join Date: Mar 2002 Location: Netherlands Posts: 706	What's this then? Sending spam or not? I haven't posted here for a long time and now twice in a day. I just received the following e-mail: (I have changed my fastmail login name to "myname". Is somebody using my account to send spam or "just" impersonating to send spam from my account? Thanks in advance for your answers and input. ---------------------------------------------------------------------------------- This is the Postfix program at host UniKL-MICET. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <myname@fastmail.fm>: delivery temporarily suspended: unknown mail transport error Reporting-MTA: dns; UniKL-MICET X-Postfix-Queue-ID: 21D254C9F9 X-Postfix-Sender: rfc822; myname@fastmail.fm Arrival-Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT) Final-Recipient: rfc822; myname@fastmail.fm Action: failed Status: 4.0.0 Diagnostic-Code: X-Postfix; delivery temporarily suspended: unknown mail transport error Gedeelte 1.2 Onderwerp: myname@fastmail.fm VIAGRA � Official Site -53% Van: myname@fastmail.fm Datum: Tue, 20 Jul 2010 17:07:41 +0800 (MYT) Aan: myname@fastmail.fm Return-Path: <> Received: from compute2.internal (compute2.internal [10.202.2.42]) by store26m.internal (Cyrus v2.4.0-git-fastmail-5720) with LMTPA; Mon, 26 Jul 2010 12:53:39 -0400 X-Sieve: CMU Sieve 2.3 Subject: {SPAM 24.7} Undelivered Mail Returned to Sender X-Spam: high X-Spam-score: 24.7 X-Spam-hits: BAYES_99 3.5, DATE_IN_PAST_24_48 1.34, DCC_CHECK 1.5, FSL_HELO_NON_FQDN_1 0.001, HTML_IMAGE_ONLY_12 2.059, HTML_MESSAGE 0.001, HTML_SHORT_LINK_IMG_1 0.001, RCVD_IN_BRBL_LASTEXT 1.449, RCVD_IN_RP_RNBL 1.31, RCVD_IN_RTSSBL 2, RDNS_NONE 0.793, T_SURBL_MULTI1 0.01, T_SURBL_MULTI2 0.01, URIBL_DBL_SPAM 1.7, URIBL_INVALUEMENT 2, URIBL_JP_SURBL 1.25, URIBL_SBL 1.623, URIBL_SC_SURBL 0.568, URIBL_WS_SURBL 1.608, WPBL_RBL 2, BAYES_USED user, SA_VERSION 3.3.1 X-Backscatter: Yes X-Backscatter-Hosts: X-Spam-source: IP='110.159.214.37', Host='noreverse', Country='MY', FromHeader='unk', MailFrom='unk' X-Spam-charsets: X-Resolved-to: myname@fastmail.fm X-Delivered-to: myname@fastmail.fm X-Mail-from: Received: from mx3.messagingengine.com ([10.202.2.202]) by compute2.internal (LMTPProxy); Mon, 26 Jul 2010 12:53:39 -0400 Received: from UniKL-MICET (unknown [110.159.214.37]) by mx3.messagingengine.com (Postfix) with ESMTP id 1F4C123EEC6 for <myname@fastmail.fm>; Mon, 26 Jul 2010 12:53:37 -0400 (EDT) Received: by UniKL-MICET (Postfix) id 5049D46D84; Sun, 25 Jul 2010 19:23:33 +0800 (MYT) Date: Sun, 25 Jul 2010 19:23:33 +0800 (MYT) From: MAILER-DAEMON@UniKL-MICET.UniKL-MICET (Mail Delivery System) X-Spam-orig-subject: Undelivered Mail Returned to Sender To: myname@fastmail.fm MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="21D254C9F9.1280057013/UniKL-MICET" Message-Id: <20100725112334.5049D46D84@UniKL-MICET> X-Truedomain-SPF: None X-Truedomain-DKIM: None X-Truedomain: Neutral This is a MIME-encapsulated message. --21D254C9F9.1280057013/UniKL-MICET Content-Description: Notification Content-Type: text/plain This is the Postfix program at host UniKL-MICET. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <myname@fastmail.fm>: delivery temporarily suspended: unknown mail transport error --21D254C9F9.1280057013/UniKL-MICET Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; UniKL-MICET X-Postfix-Queue-ID: 21D254C9F9 X-Postfix-Sender: rfc822; myname@fastmail.fm Arrival-Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT) Final-Recipient: rfc822; myname@fastmail.fm Action: failed Status: 4.0.0 Diagnostic-Code: X-Postfix; delivery temporarily suspended: unknown mail transport error --21D254C9F9.1280057013/UniKL-MICET Content-Description: Undelivered Message Content-Type: message/rfc822 And this is copied from the header: Received: from user-18eb2d233e (unknown [192.167.40.188]) by UniKL-MICET (Postfix) with SMTP id 21D254C9F9 for <myname@fastmail.fm>; Tue, 20 Jul 2010 17:07:41 +0800 (MYT) From: myname@fastmail.fm To: myname@fastmail.fm Subject: myname@fastmail.fm VIAGRA ® Official Site -53% MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20100720090741.21D254C9F9@UniKL-MICET> Date: Tue, 20 Jul 2010 17:07:41 +0800 (MYT) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" /> </head> <body> <table border="0" cellpadding="0" cellspacing="0" style="width: 896px"> <tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;"><a href="http://nzb.wentwonder.ru?ndky=myname@fastmail.fm" style="text-decoration: none; color: #0099ff;">Click here. </td></tr> <tr><td align="center"> <br /> <a href="http://ddk.wentwonder.ru?pjnb=myname@fastmail.fm"><img alt="Dear myname@fastmail.fm" src="http://bzv.wentwonder.ru/f.gif" style="border-width: 0px" /></a></td></tr> </table> </body> </html> --21D254C9F9.1280057013/UniKL-MICET-- Last edited by mammaduck : 27 Jul 2010 at 05:27 AM. Reason: added to title

28 Jul 2010, 01:00 PM	#2
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,927	That appears to be backscatter sent from someone using the UniKL-MICET server in Malaysia. Anyone can spoof you (send using your address in the From email header). This has nothing to do with Fastmail, since this can happen with any email service. Fastmail has a backscatter filter which attempts to find such rejection responses to the spoofed spam messages and put them in your Junk Mail folder. This is no different than postal snailmail. Anyone can send a piece of mail with your name and address in the return address area of the envelope and the mail contents. Bill