[clue-admin] CLUE mail security breach?
Robert Harper
harperrw77 at hotmail.com
Sat Oct 15 10:41:06 MDT 2005
Jed, Dave
Here is one of the two messages (so far) with all of the header information
included:
----------------------------begin insert-----------------------------------
>From : Mail Delivery System <MAILER-DAEMON at cluedenver.org>
Sent : Thursday, October 13, 2005 10:31 PM
To : MAILER-DAEMON at clue.denver.co.us
Subject : Undelivered Mail Returned to Sender
Go to previous message | Go to next message | Delete | Inbox
Attachment : document.zip (0.03 MB)
MIME-Version: 1.0
Received: from clue.denver.co.us ([71.39.22.65]) by mc3-f39.hotmail.com with
Microsoft SMTPSVC(6.0.3790.211); Thu, 13 Oct 2005 21:32:12 -0700
Received: by clue.denver.co.us (Postfix)id 9269C465A8; Thu, 13 Oct 2005
22:31:13 -0600 (MDT)
Received: by clue.denver.co.us (Postfix)id 85440465A6; Thu, 13 Oct 2005
22:31:13 -0600 (MDT)
X-Message-Info: JGTYoYF78jFoCAZ9UgixzOJFaaRMWX3M/bWG7k6Ee9M=
Delivered-To: rwharper at cluedenver.org
Return-Path: <>
X-OriginalArrivalTime: 14 Oct 2005 04:32:12.0342 (UTC)
FILETIME=[3F1C9D60:01C5D078]
View E-mail Message Source
Content-Type: multipart/report;
report-type=delivery-status;boundary="254684659F.1129264273/clue.denver.co.us"
Content-Type: text/plain
Content-Description: Notification
This is the Postfix program at host clue.denver.co.us.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<jccann at gmail.com> (expanded from <president at clue.denver.co.us>): host
gmail-smtp-in.l.google.com[64.233.163.114] said: 552 5.7.0 Illegal
Attachment 36si4919713nza (in reply to end of DATA command)
Content-Type: message/delivery-status
Content-Description: Delivery report
Content-Type: message/rfc822
Content-Description: Undelivered Message
From: Automatic Email Delivery Software <MAILER-DAEMON at clue.denver.co.us>
To: president at clue.denver.co.us
Subject: Returned mail: see transcript for details
Sent: Thursday, October 13, 2005 10:35 PM
MIME-Version: 1.0
Received: by clue.denver.co.us (Postfix)id 254684659F; Thu, 13 Oct 2005
22:31:09 -0600 (MDT)
Received: from clue.denver.co.us (216-184-37-42.apex2000.net
[216.184.37.42])by clue.denver.co.us (Postfix) with ESMTP id B8DD04640Ffor
<president at clue.denver.co.us>; Thu, 13 Oct 2005 22:31:07 -0600 (MDT)
Delivered-To: jccann at cluedenver.org
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0013_7A73B085.3FC6524B"
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear user president at clue.denver.co.us, administration of clue.denver.co.us
would
like to let you know the following,
Your e-mail account has been used to send a huge amount of unsolicited email
during this week.
Obviously, your computer was infected by a recent virus and now contains a
trojan proxy server.
We recommend that you follow our instruction in the attachment in order to
keep
your computer safe.
Best regards,
clue.denver.co.us support team.
Content-Type: application/octet-stream; name="document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;filename="document.zip"
Attachment : document.zip (0.03 MB)
----------------------------------------end
insert-------------------------------------
Bob Harper
phone: (303) 368-7127
cell: (303) 596-3087
e-mail: harperrw77 at hotmail.com
>From: "Jed S. Baer" <thag at frii.com>
>Reply-To: CLUE admin <clue-admin at cluedenver.org>
>To: CLUE admin <clue-admin at cluedenver.org>
>Subject: Re: [clue-admin] CLUE mail security breach?
>Date: Fri, 14 Oct 2005 21:51:38 -0600
...
>On Fri, 14 Oct 2005 21:07:35 -0600
>Robert Harper wrote:
>
> > I have received the follooiwng replys the last 2 days (Oct 12 and 13th)
> > on "returned mail". Thought everyone should see it and advise on on
> > remedial action if any we can take. I will be working to see what I
> > can figure out.
>
>Can you post the full headers from one of those messages?
>
>--
>http://s88369986.onlinehome.us/freedomsight/
>Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
>... it is poor civic hygiene to install technologies that could someday
>facilitate a police state. -- Bruce Schneier
>_______________________________________________
>CLUE-admin mailing list
>CLUE-admin at cluedenver.org
>http://cluedenver.org/mailman/listinfo/clue-admin
_______________________________________________
CLUE-admin mailing list
CLUE-admin at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-admin
More information about the clue-admin
mailing list