posted on September 24, 2001 04:07:30 AM new
I got up this morning to find that mailer-daemon visited my outlook express. Problem is I didn't send any email to [email protected]. Have I been infected with some virus or hacked or what?? I can't connect with McAfee, but everything else seems to be okay. I would appreciate any advice or info from the computer pros out there.
TIA
cariad
posted on September 24, 2001 04:36:57 AM new
I don't understand what you mean. Are you getting error messages? What do you mean "mailer-daemon visited your OE?"
posted on September 24, 2001 05:11:19 AM new
Hi Meya,
mailer-daemon is the nice guy who notifies me when something I sent is not deliverable. Usually the user is unknown, meaning an invalid email address, or your isp is being blocked. This one told me that my message to that address was not delivered because the mailbox was full/overloaded.
As I said, my concern is that I didn't send any email to that address, nor does anything show in my sent items box.....but a message was sent to that address using my email.
cariad
posted on September 24, 2001 06:14:15 AM new
To be sure, update your McAfee dat files and run a full system scan.
Is there any weirdness going on with your system?
posted on September 24, 2001 09:24:46 AM new
How come you cannot connect to your McAfee??
Is that the only place you cannot visit? Did you run a scan of your entire system?
posted on September 24, 2001 09:40:22 AM new
...and after you figure out what happened, switch to Eudora or Pegasus or any other email client that isn't all hole and no security...
(Does anybody know of any email-propogated virus which didn't _require_ Outlook in order to replicate itself?)
posted on September 24, 2001 02:34:58 PM newRoofguy here are the headers...I have no clue what they mean
Received: from mh1-tx.mail.home.com ([65.10.73.137])
by femail38.sdc1.sfba.home.com
(InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
id <20010924084128.CRUC15363.femail38.sdc1.sfba.home.com@mh1-tx.mail.home.com>
for ,cariademailaddy.xxxx1.pa.home.com>;
Mon, 24 Sep 2001 01:41:28 -0700
Received: from mx1-tx.mail.home.com (mx1-tx.mail.home.com [65.10.73.133])
by mh1-tx.mail.home.com (8.9.3/8.9.0) with ESMTP id BAA01252
for <cariademailaddy>; Mon, 24 Sep 2001 01:41:27 -0700 (PDT)
Received: from www.arabia.com (algeriamail.com [216.251.232.56])
by mx1-tx.mail.home.com (8.11.1/8.11.1) with ESMTP id f8O8fRw11693
for <cariademailaddy>; Mon, 24 Sep 2001 01:41:27 -0700 (PDT)
Subject: Undeliverable mail: 500 Unknown or unimplemented command
From: [email protected]
To: <cariademailaddy>
Date: Mon, 24 Sep 2001 08:41:31 +0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Shosh this morning I could't cpnnect to the McAffee update...it was a dead link when I clicked on the button. This afternoon it worked. The scan shows no infected files, so I'm optimistic that it was a spam as Roofguy suggested. But what's up, are they spammin bin laden??
Gaffan I am your lowest common denominator as far as computer skills go....think kindergarten level..I know enough to not open attachments, keep virus software updated and use high security. Outlook express has been good to me so far and using another email client would complicate my ebud program beyond my skill and confidence level.
thanks for the help all.
cariad
posted on September 24, 2001 02:52:19 PM new
Make sure and shut off the Preview Pane in Outlook Express if you use it. While in OE, select View, Layout, and deselect Show Preview Pane. One of the current worm/viruses going around can be activated by simply viewing the email.
posted on September 24, 2001 04:50:49 PM new
A guess. arabia.com is partially misconfigured as an open mail relay. It actually has relaying denied, but it bounces to the From: field supplied by a hacker. The hacker/spammer exploits this misconfiguration by iterating through a long list of people, who get the bounce.
There is nothing in those headers which indicates that you ever sent anything. Observe that it is not a local mailer-daemon, but rather the mailer-daemon at arabia.com.
posted on September 24, 2001 05:34:01 PM new
Thanks Roofguy, you are making me feel more secure. The headers above were from property details, If I look at message source it gives this additional info, after the above
