Undelivered Mail Returned to Sender -goldfish (fwd)
Hal Duston
hald at sound.net
Mon Dec 23 19:40:36 CST 2002
Yes, it is more complicated than that.
I get these types of things about once a week or so. They are usually
either viruses or spams that are attempted to be sent by putting the
intended recipients email address in the `From:' location, and then
deliberately causing a bounce in the hopes that the recipient will read
the `bounced' email to determine what the problem is.
If you look at the headers of the original email, you will note that the
furthest upstream `Received:' line is forged to be kclug at kclug.org.
RJ206017.user.veloxzone.com.br [200.165.206.17] is what it really was sent
from. I am unaware of any subscribers in Brazil.
Also note that down in the `bounced' email, it has a received line of
from mx2.kclug.org. That is not a valid host. Certainly the IP address
of 1.0.255.53 is not valid for any kclug machines as all of 1.0.0.0/8 is
currenty reserved by IANA.
My read on this is that an unknown person/virus sent an email with an
invalid `To:' address to a server in Brazil. It was undeliverable, so the
email was bounced to the (forged) `Return-path: <kclug at kclug.org>'
address.
On Mon, 23 Dec 2002, Carl Sappenfield wrote:
> It's more complicated than that. What does our mail administrator have to
> say?
>
> On Mon, 23 Dec 2002, Hanasaki JiJi wrote:
>
> > Looks like you the kc.rr.com mail server is running a virus scanner and
> > your outgoing email tested + for the goldfish virus.
> >
> > Lowell Premer wrote:
> > > This came back to me today; wonder what it means...?
> > > > ---------- Forwarded message ----------
> > > > Date: Mon,23 Dec 2002 10:36:14 PM
> > > > From: Mail Delivery System
> > > > To: kclug at kclug.org
> > > > Subject: Undelivered Mail Returned to Sender -goldfish ALERT!!!
--snip--
More information about the Kclug
mailing list