Article 15777 at 09/07/03 03:23:49 From: jdory (at mark) nomealaska.org Subject: [coba-e:15777] Re: spam problem w/ email

Index: [Article Count Order] [Thread]
Date:  Thu, 02 Jul 2009 10:25:05 -0800
From:  Jim Dory <jdory (at mark) nomealaska.org>
Subject:  [coba-e:15777] Re: spam problem w/ email - hope not serious
To:  coba-e (at mark) bluequartz.org
Message-Id:  <4A4CFB81.3060409 (at mark) nomealaska.org>
In-Reply-To:  <904EFB3C55F44A8C8339993213121DAD@HP9925NR>
References:  <876189.91068.qm (at mark) web65607.mail.ac4.yahoo.com> <4A4BADBB.2060300 (at mark) nomealaska.org> <4A4CF38A.3080200 (at mark) nomealaska.org> <904EFB3C55F44A8C8339993213121DAD (at mark) HP9925NR>
X-Mail-Count: 15777

Darrell D. Mobley wrote:
>> -----Original Message-----
>> From: Jim Dory [mailto:jdory (at mark) nomealaska.org]
>> Sent: Thursday, July 02, 2009 1:51 PM
>> To: coba-e (at mark) bluequartz.org
>> Subject: [coba-e:15775] Re: spam problem w/ email - hope not serious
>>
>>     
>>> \
>>> Jul  1 10:27:12 srv1 sendmail[11406]: n61IQgih011392: to="|
>>> /home/nuonce/openwebmail/cgi-bin/openwebmail/owvacation.pl -t60s -a
>>> jessie.led (at mark) nomealaska.org -a jessie_led (at mark) nomealaska.org -a
>>> jessie (at mark) nomealaska.org  jessie", ctladdr=<jessie (at mark) nomealaska.org>
>>> (523/100), delay=00:00:19, xdelay=00:00:11, mailer=prog, pri=121642,
>>> dsn=2.0.0, stat=Sent
>>> \
>>>
>>> Jul  1 10:27:47 srv1 sendmail[11605]: n61IRkLQ011605:
>>> Authentication-Warning: srv1.nomecity.org: jessie set sender to
>>> jessie (at mark) nomealaska.org using -f
>>>
>>>
>>>       
>> Could it be the problem isn't so much dependent on the user as the email
>> address, since the problem persisted after deleting the user and adding
>> another? Maybe something to do with openwebmail? A completely new user
>> but with same email address has the same problem. Thanks - Jim
>>     
>
> Could it be the problem is a spammer, hedgerowsrvrk83 (at mark) lexoria.com, is
> sending Jessie and email, and that is OWM trying to send a vacation message
> back to the spammer?
>
> The /home/nuonce/openwebmail/cgi-bin/openwebmail/owvacation.pl seems to
> indicate the activity is coming from OWM's vacation script.
>
>
>
>   
thanks Darrell!

Yes - I had considered that and maybe there is no problem now. This user 
is on vacation, has the vacation reply set, and had email being 
forwarded to a personal account.

 I also was wondering if the apparent spam messages were from previous 
user and just bouncing back as deferred, and would die off after a bit 
since I deleted that user. The previous user (jenns) in the maillog 
showed the "Authentication-Warning jenns set sender" to other email 
account users as well but now it is just using "set sender" to its own 
email address. 

-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.