[wplug] Fw: Returned mail: User unknown

Greg Simkins gregsim at telerama.com
Mon May 16 08:30:59 EDT 2005 

Hi Bill, 

You were just talking about Botnets.  I am very suspicious that I already belong to several.  I got these bouncebacks from AOL, suggesting to me that somebody is running mail through my server (which is behind a PIX firewall).  

Is there any way that I can determine whether my computers are owned by others?  



Here are the headers:
 

Received: (qmail 54094 invoked by uid 0); 15 May 2005 22:51:07 -0000

Received: from unknown (HELO pghmail.org) (66.207.136.163)

  by speedbuggy.telerama.com with SMTP; 15 May 2005 22:51:07 -0000

Received: from [64.12.136.12] by pghmail.org [192.168.1.75] with SmartMax

MailMax for lj1nv at southhillshosting.com; Sun, 15 May 2005 18:51:10 -0400

Return-Path: <>

X-SmartMax-AuthUser:

Received: from  rly-xi05.mx.aol.com (rly-xi05.mail.aol.com [172.20.116.59])

by omr-m14.mx.aol.com (v98.19) with ESMTP id RELAYIN3-44287d24639; Sun, 15

May 2005 18:50:46 -0400

Received: from localhost (localhost)

   by rly-xi05.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)

   with internal id SAB01891;

   Sun, 15 May 2005 18:50:46 -0400 (EDT)

Date: Sun, 15 May 2005 18:50:46 -0400 (EDT)

From: Mail Delivery Subsystem <MAILER-DAEMON at aol.com>

Message-Id: <200505152250.SAB01891 at rly-xi05.mx.aol.com>

To: <LJ1NV at southhillshosting.com>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

 boundary="SAB01891.1116197446/rly-xi05.mx.aol.com"

Subject: Returned mail: User unknown

Auto-Submitted: auto-generated (failure)

X-AOL-IP: 172.20.116.59

X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on

 spamcentral2.telerama.com

X-Spam-Status: No, score=0.0 required=7.0 tests=AWL autolearn=disabled

 version=3.0.3

X-Spam-Level:

 

 

 

 

----- Original Message ----- 

From: "Mail Delivery Subsystem" <MAILER-DAEMON at aol.com>

To: <LJ1NV at southhillshosting.com>

Sent: Sunday, May 15, 2005 6:50 PM

Subject: Returned mail: User unknown

 

 

> The original message was received at Sun, 15 May 2005 18:50:37 -0400 (EDT)

> from imf19aec.mail.bellsouth.net [205.152.59.67]

> 

> 

> *** ATTENTION ***

> 

> Your e-mail is being returned to you because there was a problem with its

> delivery.  The address which was undeliverable is listed in the section

> labeled: "----- The following addresses had permanent fatal errors -----".

> 

> The reason your mail is being returned to you is listed in the section

> labeled: "----- Transcript of Session Follows -----".

> 

> The line beginning with "<<<" describes the specific reason your e-mail

could

> not be delivered.  The next line contains a second error message which is

a

> general translation for other e-mail servers.

> 

> Please direct further questions regarding this message to your e-mail

> administrator.

> 

> --AOL Postmaster

> 

> 

> 

>    ----- The following addresses had permanent fatal errors -----

> <mwran1 at aol.com>

> <mrshulk222 at aol.com>

> <mstg681 at aol.com>

> <mzthang78 at aol.com>

> <myhard11 at aol.com>

> <myhard12 at aol.com>

> 

>    ----- Transcript of session follows -----

> ... while talking to air-xi03.mail.aol.com.:

> >>> RCPT To:<myhard12 at aol.com>

> <<< 550 MAILBOX NOT FOUND

> 550 <myhard12 at aol.com>... User unknown

> >>> RCPT To:<myhard11 at aol.com>

> <<< 550 MAILBOX NOT FOUND

> 550 <myhard11 at aol.com>... User unknown

> >>> RCPT To:<mzthang78 at aol.com>

> <<< 550 MAILBOX NOT FOUND

> 550 <mzthang78 at aol.com>... User unknown

> >>> RCPT To:<mstg681 at aol.com>

> <<< 550 mstg681 IS NOT ACCEPTING MAIL FROM THIS SENDER

> 550 <mstg681 at aol.com>... User unknown

> >>> RCPT To:<mrshulk222 at aol.com>

> <<< 550 MAILBOX NOT FOUND

> 550 <mrshulk222 at aol.com>... User unknown

> >>> RCPT To:<mwran1 at aol.com>

> <<< 550 MAILBOX NOT FOUND

> 550 <mwran1 at aol.com>... User unknown

> 

 

 

----------------------------------------------------------------------------

----

 

 

> Received: from  imf19aec.mail.bellsouth.net (imf19aec.mail.bellsouth.net

[205.152.59.67]) by rly-xi05.mx.aol.com (vx) with ESMTP id

MAILRELAYINXI55-4e74287d23c281; Sun, 15 May 2005 18:50:37 -0400

> Received: from ibm60aec.bellsouth.net ([65.2.150.25])

>           by imf19aec.mail.bellsouth.net

>           (InterMail vM.5.01.06.11 201-253-122-130-111-20040605) with

ESMTP

>           id

<20050515225036.BXCO2061.imf19aec.mail.bellsouth.net at ibm60aec.bellsouth.net>

;

>           Sun, 15 May 2005 18:50:36 -0400

> Received: from [65.2.150.25] by ibm60aec.bellsouth.net

>           (InterMail vG.1.02.00.01 201-2136-104-101-20040929) with SMTP

>           id

<20050515225031.LWSZ11146.ibm60aec.bellsouth.net@[65.2.150.25]>;

>           Sun, 15 May 2005 18:50:31 -0400

> From: "Buddy Hillock" <BudHillock at southhillshosting.com>

> Subject: FNPL_PennySt0cks Are About Timing jeer

> Date: Sun, 15 May 2005 15:55:22 -0700

> X-Mailer: QUALCOMM Windows Eudora Version 5.0.2

> X-Priority: 3

> MIME-Version: 1.0

> Content-Type: multipart/alternative;

> boundary="----=_JMG_FCVCIZWR1XhBmJnb"

> Message-Id:

<20050515225031.LWSZ11146.ibm60aec.bellsouth.net@[65.2.150.25]>

> X-AOL-IP: 205.152.59.67

> X-AOL-SCOLL-SCORE: 0:2:255842595:9395241

> X-AOL-SCOLL-URL_COUNT: 0

> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20050516/44642519/attachment.html

More information about the wplug mailing list