Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Virus / Spam sent from my machine??

Options
  • 16-05-2003 10:04pm
    #1
    Ste.phen
    Registered Users Posts: 2,808 ✭✭✭


    Hey all, got a rather strange bounce message to my eircom account,
    it looks a bit suss to be honest, just wondering if anyone's seen this before:
    Reporting-MTA: dns; relay01.netian.com
    Arrival-Date: Fri, 16 May 2003 17:54:37 +0900

    Final-Recipient: rfc822; newsmol@netian.com
    Action: Failed
    Status: 5.2.2 (mailbox full)
    Remote-MTA: dns; mail11.netian.com
    Diagnostic-Code: smtp; 552 RCPT TO:<newsmol@netian.com> Mailbox disk quota exceeded


    Note that i have no idea who this is.
    The message headers for the message i apparently sent (body wasnt returned) were:
    Return-Path: <igy@eircom.net>
    X-Internal-ID: 3EC415440003C4C2
    Received: from mail1.mail.iol.ie (194.125.2.192) by relay01.netian.com (5.1.034K)
    id 3EC415440003C4C2 for newsmol@netian.com; Fri, 16 May 2003 17:54:36 +0900
    Received: from aa-airlock176.esatclear.ie ([213.202.167.176] helo=stephen)
    by mail1.mail.iol.ie with esmtp (Exim 3.35 #1)
    id 19GZFN-0006hb-00
    for newsmol@netian.com; Fri, 16 May 2003 08:03:17 +0100
    Reply-To: <igy@eircom.net>
    From: "Igy" <igy@eircom.net>
    To: "=?Windows-1252?B?J8bEv/bAzrjGJw==?=" <newsmol@netian.com>
    Subject: =?Windows-1252?B?Tm90IHJlYWQ6ICixpLDtKcbEv/bAzrjGvcW1v8O2wNS0z7TZLr+stvTD?=
    =?Windows-1252?B?s8Cvwfa4piDI8bjBx9W0z7TZLkA=?=
    Date: Fri, 16 May 2003 09:03:52 +0100
    Organization: Thanks(Hey)
    Message-ID: <000001c31b81$b14dc160$0200a8c0@mshome.net>
    MIME-Version: 1.0
    Content-Type: application/ms-tnef;
    name="winmail.dat"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="winmail.dat"
    X-Mailer: Microsoft Outlook, Build 10.0.2616
    X-MS-TNEF-Correlator: 0000000087FBED93E8CCC01189E752AFB74FBEF7849B2D00
    X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600

    The organisation there is what's set up in my Outlook settings, and the HELO line was definitely my machine name.

    There's nothing in the registry under run, runonce, runservices loading, nothing in win.ini or system.ini that seems odd, and nothing in my startup group.

    I'm running Win 98 SE and Outlook XP.

    Thanks :P


Comments

  • Options
    #2
    jwt
    Registered Users Posts: 849 ✭✭✭jwt


    I got a few of these as well and for a while was worried.

    When I checked the firewall logs no mail was sent at those times.

    All I can assume is that spammers have stooped to a new low by using legitimate email addys to try and by pass spam-blocking software.

    The scary part is that if enough of these go out you email addy will be added to the blacklist. Inconvenient for private users serious for a business email address. So much so that I am in thinking about pursuing these.

    JWT


  • Options
    #3
    Ste.phen
    Registered Users Posts: 2,808 ✭✭✭Ste.phen


    what bothers me is that is has my machine name in there, and lists my IP as being in the range I usually get assigned by IOL...

    Like you said, nothing else i can see points to that message actually coming from me,
    My machine wasnt even on at the time it was sent...


Advertisement