Is this personal?

Hi,

About 5-10 times a day I receive an email (main headers copied below). The “to” and “from” address varies but always (anyname)@landmarks.co.uk. I am assuming that this is avirus but it could be spam. I always delete it without downloading (via Mailwasher) so don’t know for sure. This has been going on for about 4 weeks >:(, my Avast is not reporting anything on my computer and I’ve scanned with Trend Housecall so I assume my computer is clean.

Does anyone know what this is and where it is coming from

Many thanks
Roger

<<>>

Received: from cmailg4.svr.pol.co.uk ([195.92.195.174])
by mail.lynxinternet.com (Lynx Internet Solutions Ltd. Visit us at: www.lynx.net.uk) with ESMTP id ABH74491
for service@landmarks.co.uk; Sun, 17 Jul 2005 08:22:16 +0100
Received: from exim by cmailg4.svr.pol.co.uk with local (Exim 4.41)
id 1Du3Tc-0004ck-6M
for service@landmarks.co.uk; Sun, 17 Jul 2005 08:22:16 +0100
X-Failed-Recipients: roger@landmarks.co.uk
Auto-Submitted: auto-generated
From: Mail Delivery System Mailer-Daemon@mailcore.pol.net.uk
To: service@landmarks.co.uk
Subject: Mail delivery failed: returning message to sender
Message-Id: E1Du3Tc-0004ck-6M.2005-07-17-08-22-16@cmailg4.svr.pol.co.uk
Date: Sun, 17 Jul 2005 08:22:16 +0100
X-Antivirus: avast! (VPS 0528-6, 16/07/2005), Inbound message
X-Antivirus-Status: Clean

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

roger@landmarks.co.uk
SMTP error from remote mailer after end of data:
host mail.lynxinternet.com [82.197.**.*]: 554 5.7.1 Message cannot be accepted, virus found

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 43915 characters long; only the first
------ 24576 or so are included here.

<<>>

Whilst it looks genuine, it could be a spoofed failed delivery message, it is a common trick that many fall for as it usually comes with an attachment purporting to contain the contents of the failed email, but contains, yes you guessed it a virus.

But it could also be an indication that there is a virus/trojan that uses its own SMTP to send spam/viruses without your knowledge. However avast should still scan these outbound emails if they use port 25 (smtp) and your firewall (you do have a firewall) should also ask permission for a program requesting an outbound connection. So if you are adequately protected this is less than likely.

However, the fact that you receive 5 - 10 a day for or from someone at landmarks.co.uk looks more like someone you have had contact with has your name and email address in their email addressbook and is infected and is either being used as a spambot or trying to spread virus infection. These commonly forge the header information of outbound emails to make it look like it came from your email address and you are likely to receive many genuine bounced emails.

The best action is to ignore and delete them as you have been doing.

Thanks this reply, they cannot be genuine because although my receive is “catchall”, my send is restricted to roger@landmarks.co.uk. I’m firewalled through ZoneAlarm Pro and also through my Belkin wireless router. Whilst not impossible, I don’t think they’re coming from me.

As you suggest, I’ll just carry on deleting them and hope they go away :-\

BTW I once had my email address hijacked by a spammer I know this because I started receiving around 200 bounced emails a day, that I hadn’t sent. That faded out after about 6 days

Thanks again

hi RogerA,

It could also be that the spawner of the e-mails is infested with mail sending malware (or owner of a zombie machine). Do a test:
http://www.dnsstuff.com/tools/ip4r.ch?ip=195.92.195.174
or try this with your own IP number to see you are not the spreader: http://www.dnsstuff.com/tools/ip4r.ch?ip=XXX.XXX.XXX.XXX, where x etc = your current IP number. Better safe than sorry!

greets,

polonus

P.S. In normal circumstances you are always on one blacklist, two or more and you have to worry.

p

As a user of mailwasher there are a couple of points that may help you,.

  1. exclude mailwasher from being scanned by ashMaiSv MailServer edit your avast4.ini file and add the following line entry if it doesn’t exist in the [MailScanner] section, IgnoreProcess=MailWasher.exe, if it does but a comma after the last item and add MailWasher.exe.
  2. in the Origins of Spam add a new entry call it SpamHaus (or anything you want) and the Domain to validate with of ‘sbl-xbl.spamhaus.org’ without the quotes. This new source catches most of my spam, I un-ticked the ORDB one as it rarely caught anything.

This will prevent iPush updates to work… this was my problem adding this line.
I should change the info into avast4.ini thread but I won’t be able to do now, only when I return from a work travel, next week :-[