[clue-admin] CLUE mail security breach?

Robert Harper harperrw77 at hotmail.com
Sat Oct 15 10:41:06 MDT 2005 

Jed, Dave

Here is one of the two messages (so far) with all of the header information 
included:

----------------------------begin insert-----------------------------------


>From : 	Mail Delivery System <MAILER-DAEMON at cluedenver.org>
Sent : 	Thursday, October 13, 2005 10:31 PM
To : 	MAILER-DAEMON at clue.denver.co.us
Subject : 	Undelivered Mail Returned to Sender


Go to previous message	|	Go to next message	|	Delete	|	Inbox
Attachment :  	document.zip (0.03 MB)
MIME-Version: 1.0
Received: from clue.denver.co.us ([71.39.22.65]) by mc3-f39.hotmail.com with 
Microsoft SMTPSVC(6.0.3790.211); Thu, 13 Oct 2005 21:32:12 -0700
Received: by clue.denver.co.us (Postfix)id 9269C465A8; Thu, 13 Oct 2005 
22:31:13 -0600 (MDT)
Received: by clue.denver.co.us (Postfix)id 85440465A6; Thu, 13 Oct 2005 
22:31:13 -0600 (MDT)
X-Message-Info: JGTYoYF78jFoCAZ9UgixzOJFaaRMWX3M/bWG7k6Ee9M=
Delivered-To: rwharper at cluedenver.org
Return-Path: <>
X-OriginalArrivalTime: 14 Oct 2005 04:32:12.0342 (UTC) 
FILETIME=[3F1C9D60:01C5D078]
View E-mail Message Source

Content-Type: multipart/report; 
report-type=delivery-status;boundary="254684659F.1129264273/clue.denver.co.us"

Content-Type: text/plain
Content-Description: Notification

This is the Postfix program at host clue.denver.co.us.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

			The Postfix program

<jccann at gmail.com> (expanded from <president at clue.denver.co.us>): host
    gmail-smtp-in.l.google.com[64.233.163.114] said: 552 5.7.0 Illegal
    Attachment 36si4919713nza (in reply to end of DATA command)

Content-Type: message/delivery-status
Content-Description: Delivery report

Content-Type: message/rfc822
Content-Description: Undelivered Message

From: Automatic Email Delivery Software <MAILER-DAEMON at clue.denver.co.us>
To: president at clue.denver.co.us
Subject: Returned mail: see transcript for details
Sent: Thursday, October 13, 2005 10:35 PM
MIME-Version: 1.0
Received: by clue.denver.co.us (Postfix)id 254684659F; Thu, 13 Oct 2005 
22:31:09 -0600 (MDT)
Received: from clue.denver.co.us (216-184-37-42.apex2000.net 
[216.184.37.42])by clue.denver.co.us (Postfix) with ESMTP id B8DD04640Ffor 
<president at clue.denver.co.us>; Thu, 13 Oct 2005 22:31:07 -0600 (MDT)
Delivered-To: jccann at cluedenver.org
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Content-Type: multipart/mixed; 
boundary="----=_NextPart_000_0013_7A73B085.3FC6524B"

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Dear user president at clue.denver.co.us, administration of clue.denver.co.us 
would
like to let you know the following,

Your e-mail account has been used to send a huge amount of unsolicited email
during this week.
Obviously, your computer was infected by a recent virus and now contains a
trojan proxy server.

We recommend that you follow our instruction in the attachment in order to 
keep
your computer safe.

Best regards,
clue.denver.co.us support team.


Content-Type: application/octet-stream; name="document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;filename="document.zip"

Attachment :  	  document.zip (0.03 MB)

----------------------------------------end 
insert-------------------------------------

Bob Harper
phone: (303) 368-7127
cell: (303) 596-3087
e-mail: harperrw77 at hotmail.com




>From: "Jed S. Baer" <thag at frii.com>
>Reply-To: CLUE admin <clue-admin at cluedenver.org>
>To: CLUE admin <clue-admin at cluedenver.org>
>Subject: Re: [clue-admin] CLUE mail security breach?
>Date: Fri, 14 Oct 2005 21:51:38 -0600
...

>On Fri, 14 Oct 2005 21:07:35 -0600
>Robert Harper wrote:
>
> > I have received the follooiwng replys the last 2 days (Oct 12 and 13th)
> > on  "returned mail".  Thought everyone should see it and advise on on
> > remedial  action if any we can take.  I will be working to see what I
> > can figure out.
>
>Can you post the full headers from one of those messages?
>
>--
>http://s88369986.onlinehome.us/freedomsight/
>Key fingerprint = B027 FEFB 4281 CC72 67D1  4237 F2D0 D356 077A A30E
>... it is poor civic hygiene to install technologies that could someday
>facilitate a police state. -- Bruce Schneier
>_______________________________________________
>CLUE-admin mailing list
>CLUE-admin at cluedenver.org
>http://cluedenver.org/mailman/listinfo/clue-admin


_______________________________________________
CLUE-admin mailing list
CLUE-admin at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-admin

More information about the clue-admin mailing list