Based on the addresses, it appears to be malware. I'm not familiar with
how any such things operate, so I'm not going to be of much help on this.
The message got into your QMT queue somehow though, otherwise your QMT
wouldn't have bounced it.
Could this be a hint?:
X-MimeOLE: Produced By Micr
On 04/17/2012 07:08 PM, Michael J. Colvin wrote:
With the first client that reported this issue, I suspected malware also,
and there's still that possibility. The similarity of the "pool" of
addresses that are being sent to would tend to support this. But the second
client is an office with at
I think it's safe to say that this is malware, based on the alphabetical
nature of the addresses.
Question is, how are the messages getting into the queue?
I suppose that your QMT could be compromised, but I have never heard of
such a thing. Not outside of the realm of possibility, but given t
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, April 17, 2012 6:59 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Weird Boucne Backs
Based on the addresses, it appears to be malware. I'm not familiar with how
any such things operate, so I
>
> Have you identified the host which is connected to your QMT? Is it a
> client directly connecting, or are they coming in via an Exchange
> server?
>
They are both... One is directly connecting to one of my Qmail servers, and
the other client is coming from their Exchange server (They use u
ch gears to try to confirm it's not
before digging around in qmail anymore...
I'll let you know.
Thanks!
Mike
> -Original Message-
> From: Eric Shubert [mailto:e...@shubes.net]
> Sent: Tuesday, April 17, 2012 8:15 PM
> To: qmailtoaster-list@qmailtoaster.com
>
, April 17, 2012 8:15 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Weird Boucne Backs
I think it's safe to say that this is malware, based on the
alphabetical nature of the addresses.
Question is, how are the messages getting into the queue?
I suppose that your QMT could be comp
orld.
Even ssh has to be done from within the "core" network.
Mike
> -Original Message-
> From: Michael J. Colvin [mailto:mcol...@norcalisp.com]
> Sent: Tuesday, April 17, 2012 8:30 PM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: RE: [qmailtoaster] Re: W
Hi,
On Sat, Apr 21, 2012 at 10:26 AM, Michael J. Colvin
wrote:
> I turned on logging on the Exchange server so that I could see all "To",
> "CC" and "BCC" addresses on all outbound mail through the Exchange server.
> My thought here was, if something (Malware) was adding the addresses when
> the
On Sat, Apr 21, 2012 at 1:49 PM, Peter Peltonen
wrote:
> If that does not help, I would probably start sniffing the smtp
> traffic matching the accounts you have problems with to see at what
> point the extra addresses are being added? This way at least you can
> be sure if
>
> a) the bad email co
10 matches
Mail list logo