One of my client sites just got this "failure notice' email bounced to them. Probelm is that no one on this box sent the original mail. Do I have a security/relay issue on the box that I need to address? I am no good at all with email headers etc. (Webmaster@1ad.com is the default address for the domain and also is the only established email account on the site.)


------
X-Persona:
Return-path: <>
Envelope-to: 5yjq1@1ad.com
Delivery-date: Sun, 01 Jun 2003 04:48:39 +0000
Received: from [211.154.211.209] (helo=a1005.chinadns.com)
by stimpy.pczero.net with smtp (Exim 3.36 #1)
id 19MKlq-0006OL-00
for 5yjq1@1ad.com; Sun, 01 Jun 2003 04:48:38 +0000
Received: (qmail 73013 invoked for bounce); 1 Jun 2003 04:41:31 -0000
Date: 1 Jun 2003 04:41:31 -0000
From: MAILER-DAEMON@a1005.chinadns.com
To: 5yjq1@1ad.com
Subject: failure notice
Message-Id:


Hi. This is the qmail-send program at a1005.chinadns.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
vdeliver: Invalid or unknown virtual user 'qgnu'

--- Below this line is a copy of the message.

Return-Path: <5yjq1@1ad.com>
Received: (qmail 73007 invoked from network); 1 Jun 2003 04:41:31 -0000
Received: from unknown (HELO guangzhou.net) (unknown)
by unknown with SMTP; 1 Jun 2003 04:41:31 -0000
from:<5yjq1@1ad.com>
subject:ÏëÔÚÒ»Ò¹Ö®¼äÈÃǧÍòÈËÖªµÀÄãÂð?
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====000_Jmail878221577528_====="

This is a multi-part message in MIME format.

--=====000_Jmail878221577528_=====
Content-Type: multipart/related; boundary="=====001_Jmail878221577528_====="; type="multipart/alternative"

--=====001_Jmail878221577528_=====
Content-Type: multipart/alternative; boundary="=====002_Jmail878221577528_====="

Don't be alarmed. I'm surprised you don't see this every day. Spammers successfully forge phony return addresses, and sometimes they are real working email addresses of legitimate domains. The spammee gets the spam, bounces it back to the listed return address, and the innocent domain receives a message that 'his' spam could not be delivered.

[rant]
This stuff is happening more and more and is clogging up the email system as much as the original spam. I'm against bouncing; I think bad mail should just evaporate. That's why I'm against using :fail: in the cpanel default email address option. I think :blackhole: is a much better choice.
[/rant]

Greg

So basically 'all' that is happening is that someone chose to use my domain name in their forgery and they did not actually pass this spam through my server? The bottom line being that there is nothing I can do about it but hit delete in my mail client?