Qmail-Scanner Envelope Details Begin

netweblogic · Unread post by **netweblogic** » Fri Feb 13, 2009 7:20 am

Hello,

I've got the archiving running and archiving every email. I then move the emails to an account that I can pop into. I keep getting tons of messages that are from an unknown sender and subject. the contents are below:

*** Qmail-Scanner Envelope Details Begin ***
X-Qmail-Scanner-Mail-From: "" via domainname.com
X-Qmail-Scanner-Rcpt-To: ""
X-Qmail-Scanner: 2.02st (clamdscan: 0.94.2/8899. spamassassin: 3.2.5. perlscan: 2.02st. Clear:RC:0(79.108.26.226):. Processed in 0.029352 secs)
*** Qmail-Scanner Envelope Details End ***

Does anyone know where these are coming from and how/if they can be stopped?

Unread post by **scott** » Fri Feb 13, 2009 9:02 am

they're coming from 79.108.26.226, so that would imply via either poplocking or a compromised smtp_auth account

netweblogic · Unread post by **netweblogic** » Fri Feb 13, 2009 9:12 am

Thanks, I didn't think of that bit. However, the IP changes constantly, so it's not an email from my system...

What's happening there exactly?

I've added a regex of ".+" since the mails don't seem to have a from and to header, but I'm still getting some (albeit less than before). However, I'm not sure whether I sloved it or not because I'm still downloading 7000 emails so I'll wait for that to finish and report back...

Unread post by **scott** » Fri Feb 13, 2009 10:30 am

could be a botnet too, thats a pretty standard practice to sell spamming or whatever services through one.

Atomicorp

Qmail-Scanner Envelope Details Begin

Qmail-Scanner Envelope Details Begin

Re: Qmail-Scanner Envelope Details Begin

Re: Qmail-Scanner Envelope Details Begin

Re: Qmail-Scanner Envelope Details Begin