SPAM mail
Hi,
I had a spam mail undelivery message delivered to a critical user of mine. Could someone please help me to understand how this message is coming through and how the user is getting a undeliverable message when he had not sent the mail in the first place.
The user is going to log an incident with Information security and I need to know if this is just a case of his mail address being used in a spam incident and what we could do to prevent this.
The original message -
-----Original Message-----
From: robertnn@alpha-business-ce
Sent: 02 May 2011 21:16
To: robertnn@alpha-business-ce
Subject: from Lucile
I'm a atractive blonde, and I wish to become a pen pal (by email or Skype) of a handsome and clever guy, interested in further real dates!
My home page: www.rus-flirt.ru
The Undelivery message
From: Mail Delivery System <MAILER-DAEMON@localhost.u
To: robertnn@alpha-business-ce
Sent: Mon May 02 17:46:21 2011
Subject: Undeliverable: from Lucile
Delivery has failed to these recipients or distribution lists:
robertnn@alpha-business-ce
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
wttqcttfmpctpp@alpha-busin
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
robertn@alpha-business-cen
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
veronica@alpha-business-ce
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
Diagnostic information for administrators:
Generating server: localhost.ukdatastore.com
robertnn@alpha-business-ce
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
wttqcttfmpctpp@alpha-busin
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
robertn@alpha-business-cen
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
veronica@alpha-business-ce
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
Original message headers:
Received: from sura.ru (host-93-124-1-159.dsl.sur
localhost.ukdatastore.com (Postfix) with ESMTP id 2AC63EE025; Mon, 2 May
2011 16:46:18 +0100 (BST)
Received: from 93.124.1.159 (account <robertnn@alpha-business-c
<robertn@alpha-business-ce
<sales@alpha-business-cent
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
by alpha-business-centre.co.u
with ESMTPA id 654114290 for <robertnn@alpha-business-c
From: <robertnn@alpha-business-c
<robertn@alpha-business-ce
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
To: <robertnn@alpha-business-c
<robertn@alpha-business-ce
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
Subject: from Lucile
Date: Mon, 2 May 2011 18:46:18 +0300
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding:
X-Mailer: erjovftfnn-71
Message-ID: <9119358522.I7ZCO03W092370
X-Antivirus: avast! (VPS 110502-0, 02.05.2011), Outbound message
X-Antivirus-Status: Clean
I had a spam mail undelivery message delivered to a critical user of mine. Could someone please help me to understand how this message is coming through and how the user is getting a undeliverable message when he had not sent the mail in the first place.
The user is going to log an incident with Information security and I need to know if this is just a case of his mail address being used in a spam incident and what we could do to prevent this.
The original message -
-----Original Message-----
From: robertnn@alpha-business-ce
Sent: 02 May 2011 21:16
To: robertnn@alpha-business-ce
Subject: from Lucile
I'm a atractive blonde, and I wish to become a pen pal (by email or Skype) of a handsome and clever guy, interested in further real dates!
My home page: www.rus-flirt.ru
The Undelivery message
From: Mail Delivery System <MAILER-DAEMON@localhost.u
To: robertnn@alpha-business-ce
Sent: Mon May 02 17:46:21 2011
Subject: Undeliverable: from Lucile
Delivery has failed to these recipients or distribution lists:
robertnn@alpha-business-ce
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
wttqcttfmpctpp@alpha-busin
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
robertn@alpha-business-cen
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
veronica@alpha-business-ce
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
Diagnostic information for administrators:
Generating server: localhost.ukdatastore.com
robertnn@alpha-business-ce
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
wttqcttfmpctpp@alpha-busin
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
robertn@alpha-business-cen
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
veronica@alpha-business-ce
#< #5.0.0 X-Postfix; user unknown. Command output: Invalid user specified.> #SMTP#
Original message headers:
Received: from sura.ru (host-93-124-1-159.dsl.sur
localhost.ukdatastore.com (Postfix) with ESMTP id 2AC63EE025; Mon, 2 May
2011 16:46:18 +0100 (BST)
Received: from 93.124.1.159 (account <robertnn@alpha-business-c
<robertn@alpha-business-ce
<sales@alpha-business-cent
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
by alpha-business-centre.co.u
with ESMTPA id 654114290 for <robertnn@alpha-business-c
From: <robertnn@alpha-business-c
<robertn@alpha-business-ce
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
To: <robertnn@alpha-business-c
<robertn@alpha-business-ce
<wttqcttfmpctpp@alpha-busi
<veronica@alpha-business-c
Subject: from Lucile
Date: Mon, 2 May 2011 18:46:18 +0300
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding:
X-Mailer: erjovftfnn-71
Message-ID: <9119358522.I7ZCO03W092370
X-Antivirus: avast! (VPS 110502-0, 02.05.2011), Outbound message
X-Antivirus-Status: Clean
ASKER
Hi,
Thank you so much for the reply. But could I please know how you could zero in on the address.
How can we ensure that our domain email address is not seen as a open relay.
How do we Blacklist these email addresses algardo@sura.ru & petroff@sura.ru when I am not sure whether they were the actual perpetrators of this spoof?
Thank you so much for the reply. But could I please know how you could zero in on the address.
How can we ensure that our domain email address is not seen as a open relay.
How do we Blacklist these email addresses algardo@sura.ru & petroff@sura.ru when I am not sure whether they were the actual perpetrators of this spoof?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got a complete picture of the whole scenario and even if I did not get the solution for how to get the address from him, i truly feel that the user's knowledge and promptness in answering my query had gained him brownie points from me straight away.
Thank you so much for this forum.
Thank you so much for this forum.
You are most welcome, and I was pleased to assist. ... Thinkpads_User
Valery Petrov
Penza
Kuprina street 1/3
Russia
phone: +7 8412 551038
fax: +7 8412 552537
petroff@sura.ru
Alexey Perov
Volgatelecom
Kuprina, 1/3
Penza
Russia
phone: +7 8412 520215
fax: +7 8412 553541
algardo@sura.ru
It is standard spoofed email, so I don't know if you can prevent it. I see mail from myself in my spam filters frequently.
Make sure:
1. Your spam filters are trapping this stuff. I tend not to whitelist myself.
2. Your company email or internet are not seen as open relays.
3. That the user's computer has not been compromised with malware. Malware to take over a user's email engine is very common.
... Thinkpads_User