I've just had a strange email which I've pasted with full headers below. It seems to be legit. If I assume it's legit, I think I must be bouncing certain messages from the mailing list. This in itself isn't good. I guess I have mailscanner mis-configured because I never knowingly bounce any mail (for the Joe Job reasons discussed in a recent thread).
I'm just off to check my mailscanner config (ISP -> FETCHMAIL -> POSTFIX -> MAILSCANNER -> PROCMAIL -> SPAMASSASSIN -> USER) but in the meantime if anyone can enlighten me on the following mail I'd be grateful. Dougie ========= Return-Path: <[EMAIL PROTECTED]> X-Original-To: dougie Delivered-To: [EMAIL PROTECTED] Received: by nick (Postfix, from userid 1001) ��������id E738046BFF; Tue, 10 Aug 2004 12:30:39 +0100 (BST) X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (homelan [127.0.0.1]) ��������by nick (Postfix) with ESMTP id 7B21646BFD ��������for <[EMAIL PROTECTED]>; Tue, 10 Aug 2004 12:30:19 +0100 (BST) Delivered-To: [EMAIL PROTECTED] Received: from mail.plus.net [212.159.10.1] ��������by localhost with POP3 (fetchmail-6.2.5) ��������for [EMAIL PROTECTED] (single-drop); Tue, 10 Aug 2004 12:30:19 +0100 (BST) Received: (qmail 36622 invoked from network); 10 Aug 2004 11:27:05 -0000 Received: from unknown (HELO ptb-mxcore01.plus.net) (212.159.14.215) � by ptb-mailstore04.plus.net with SMTP; 10 Aug 2004 11:27:05 -0000 Received: from hermes.apache.org ([209.237.227.199] helo=mail.apache.org) ��������by ptb-mxcore01.plus.net with smtp (Exim 4.30; FreeBSD) ��������id 1BuUmX-000EMJ-Al ��������for [EMAIL PROTECTED]; Tue, 10 Aug 2004 11:27:05 +0000 Received: (qmail 52985 invoked by uid 500); 10 Aug 2004 11:27:04 -0000 Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Date: 10 Aug 2004 11:27:04 -0000 Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-type: text/plain; � charset=us-ascii Subject: ezmlm warning X-Holme-Dene-MailScanner: Found to be clean, Found to be clean X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on nick.homelan X-Spam-Level: X-Spam-Status: No, hits=0.2 required=5.0 tests=BAYES_44,NO_REAL_NAME,TW_ZM ��������autolearn=no version=2.63 X-MailScanner-From: [EMAIL PROTECTED] Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Hi! This is the ezmlm program. I'm managing the [EMAIL PROTECTED] mailing list. Messages to you from the spamassassin-users mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the spamassassin-users mailing list, without further notice. I've kept a list of which messages from the spamassassin-users mailing list have bounced from your address. Copies of these messages may be in the archive. To retrieve a set of messages 123-145 (a maximum of 100 per request), send an empty message to: � �<[EMAIL PROTECTED]> To receive a subject and author list for the last 100 or so messages, send an empty message to: � �<[EMAIL PROTECTED]> Here are the message numbers: � �13387 � �13383 � �13392 � �13389 � �13395 � �13429 --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: (qmail 84897 invoked for bounce); 29 Jul 2004 17:12:48 -0000 Date: 29 Jul 2004 17:12:48 -0000 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at apache.org. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: 212.159.11.36 failed after I sent the message. Remote host said: 550 This message looks like MyDoom-O
