Lunarpages Web Hosting Forum

Author Topic: Mail delivery failed: returning message to sender (NOT)  (Read 2972 times)

Offline kwdavids

  • Galactic Royalty
  • *****
  • Posts: 324
    • Netsmart Technologies
Mail delivery failed: returning message to sender (NOT)
« on: January 26, 2004, 06:29:55 PM »
I got three of these today from Lunarpages (full text below).

Lunarpages is telling me that websteward@st-matthias.org (me) sent an email to office@st-matthias.org that contained a dangerous attachment, but rather than deliver it, it was returned (dangerous attachment and all) to the sender (me).

The problem is that I didn't send it. The From address was forged.

This line appeared in the original email:

Received: from [63.83.249.12] (helo=st-matthias.org)

Note that the helo says st-matthias.org (a Lunarpages hosted account of mine), but the IP address isn't Lunarpages. That is, the helo was forged along with the From address. Both the sender and recipient were actually harvested from the same web page.

It's great that Lunarpages recognizes and bounces DANGEROUS ATTACHMENTS, but it's not great when instead of the intended victim, they send it to the secondary victim, me. And since Lunarpages is in my whitelist, they get delivered, regardless of the virus filters I have in place.

It's inconvenient and time-consuming when Lunarpages sends me this stuff that I have to track down and analyze--mainly to make sure that my account hasn't been hacked and I really am not sending nasty viruses.  When Lunarpages sends an email, it has (IMHO) the responsibility to make sure the address isn't forged.

Kevin

From - Mon Jan 26 18:22:56 2004
...
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  office@st-matthias.org
    This message has been rejected because it has
    a potentially executable attachment "text.pif"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <websteward@st-matthias.org>
Received: from [63.83.249.12] (helo=st-matthias.org)
   by mercury.lunarpages.com with esmtp (Exim 4.24)
   id 1AlE5x-0003a7-Bj
   for office@st-matthias.org; Mon, 26 Jan 2004 13:16:33 -0800
From: websteward@st-matthias.org
To: office@st-matthias.org
Subject: Hello
Date: Mon, 26 Jan 2004 13:15:29 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_NextPart_000_0006_A3F9B63B.F1A3E799"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <E1AlE5x-0003a7-Bj@mercury.lunarpages.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0006_A3F9B63B.F1A3E799
Content-Type: text/plain;
   charset="Windows-1252"
Content-Transfer-Encoding: 7bit
...

(Text of the Novarg.A mm virus deleted by me)
Kevin