We help IT Professionals succeed at work.

Is this coming from my server?

Hello Folks,

I have an NDR in my mailbox that says my address sent out a spam email that resulted in an NDR. Looking at the information in the email though I do not see my server's IP address anywhere. I basically want to know if someone falsified my email address or if they did in fact manage to relay off my server? Here is the contents of the NDR:

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     foster@24.159.84.230

Message will be retried for 1 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[24.159.84.230 (1): Connection timed out]

----- Original message -----

X-pstn-nxp: bodyHash=ad1725ebc2fd19dfa4e8094a8bce14570be26873, headerHash=7ff02a74ca93be4b187130905515e28ed8396396, keyName=4, rcptHash=1c37a8db53165d8f2bf54b1e40f0116f3d11be6e, sourceip=189.69.99.233, version=1
Received: by 10.68.74.4 with SMTP id p4mr20798857pbv.47.1320036250006;
        Sun, 30 Oct 2011 21:44:10 -0700 (PDT)
X-pstn-nxpr: disp=neutral, envrcpt=foster@colacademy.com
X-pstn-nxp: bodyHash=ad1725ebc2fd19dfa4e8094a8bce14570be26873, headerHash=7ff02a74ca93be4b187130905515e28ed8396396, keyName=4, rcptHash=1c37a8db53165d8f2bf54b1e40f0116f3d11be6e, sourceip=189.69.99.233, version=1
Received: by 10.68.74.4 with SMTP id p4mr20798853pbv.47.1320036249974;
        Sun, 30 Oct 2011 21:44:09 -0700 (PDT)
Return-Path: <myadress@mydomain.com>
Received: from psmtp.com ([74.125.245.111])
        by mx.google.com with SMTP id v9si10324659pbi.243.2011.10.30.21.44.08;
        Sun, 30 Oct 2011 21:44:09 -0700 (PDT)
Received-SPF: neutral (google.com: 189.69.99.233 is neither permitted nor denied by best guess record for domain of myadress@mydomain.com) client-ip=189.69.99.233;
Authentication-Results: mx.google.com; spf=neutral (google.com: 189.69.99.233 is neither permitted nor denied by best guess record for domain of myadress@mydomain.com) smtp.mail=myadress@mydomain.com
Date: Sun, 30 Oct 2011 21:44:09 -0700 (PDT)
Received: from tom ([189.69.99.233]) by na3sys010amx111.postini.com ([74.125.244.14]) with SMTP;
      Mon, 31 Oct 2011 04:44:08 GMT
X-Originating-Email: [foster@colacademy.com]
X-Sender: foster@colacademy.com
From: <foster@colacademy.com>
To: <foster@colacademy.com>
Subject: foster@colacademy.com Pfizer Inc, OFF 73%
MIME-Version: 1.0
Content-Type: text/plain
X-pstn-levels: (S: 0.00000/57.45471 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
Message-ID: <2896654616177123086509895548957@psmtp.com>

To foster@colacademy.com,

NEW! The Best and cheapest herbal pills!

http://medicints.com



Comment
Watch Question

Director, Information Systems
CERTIFIED EXPERT
Commented:
The message originated from 189.69.99.233.  It went to 74.125.244.14, then 10.68.74.4.

If you're 189.69.99.233 the message came from you.  If not, your return address was spoofed.

Author

Commented:
spoofed it was then. Thanks Paul!!!!
Paul MacDonaldDirector, Information Systems
CERTIFIED EXPERT

Commented:
Happy to help.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.