Could our mail server be used by an outsider?
Posted on 2004-10-03
We have a dedicated server hosted with an ISP. We are running MailEnable and have a software program written to send out emails. We also have our own email coming through this MailEnable server. However one of our users has been receiving all kinds of emails concerning "Message Delivery Failure" and "Message Delivery Delay" (over 30 yesterday alone!). The problem is that she didn't send the emails. When I look at the contents of the message (from Postmaster), it shows the following contents on one:
MailEnable: Message Delivery Failure.
The following recipient(s) could not be reached:
[SMTP:email@example.com]: General Failure
Message contents follow:
Received: from Huufuljiq ([18.104.22.168]) by ourserver.com with MailEnable ESMTP; Sat, 02 Oct 2004 04:00:14 -0400
From: RBocas <RBocas@tidco.co.tt>
Subject: So cool a flash,enjoy it
Date: Sat, 02 Oct 2004 04:00:14 -0400
This looks to be a possible virus being sent from ourserver.com (which I've changed the name of), but our user is NOT RBocas@tidco.co.tt....... she's firstname.lastname@example.org and still receiving these messages??? Is this some kind of goofy virus that uses her name to send out bogus email messages??? If so, why does the FROM show someone else's email address?
MailEnable: Message delivery has been delayed.
Message is waiting at ourserver.com for delivery to com.
Reason: Mail Server for altavista.com could not be contacted at this time. MailEnable will keep trying to deliver this message and will notify you of any progress.
Message headers follow:
Received: from Hgy ([22.214.171.124]) by ourserver.com with MailEnable ESMTP; Sat, 02 Oct 2004 05:28:27 -0400
From: renaissancecruise <email@example.com>
Subject: A WinXP patch
Date: Sat, 02 Oct 2004 05:28:27 -0400
Again no where in this message is my user's name mentioned and she didn't send out any emails to these other people!!!
Any help/suggestions are greatly appreciated!!!