hundreds of 'delivery has been delayed' but not in sent folder (porn related)
johnpet
Newbie

below is a a sample of what i started getting a few days ago. the recipient is abuse@ (various domains)and is always porn related with a link to youtube.

i changed my password yesterday but more arrived last night. is this an smtp trojan on my compute or what?

Message-id:
<CHILKAT-MID-00000024-0054-0045-0041-004d00002400@Utility.bostonretail.com>
Date: Thu, 08 Dec 2011 21:00:48 -0500
From: {edited for privacy}@verizon.net
To: "Sir or Madam" <abuse@gardenventures.com>
Subject:
=?iso-8859-5?Q?=B0=DA=DA=D0=E3=DD=E2_Paypal_=D7=D0=D1=DB=DE=DA=D8=E0=DE=D2=D0=DD?=

Your message has been enqueued and undeliverable for 2 days
to the following recipients:

Recipient address: abuse@gardenventures.com
Reason: unable to deliver this message after 2 days


Delivery attempt history for your mail:

Sat, 10 Dec 2011 21:10:11 -0600 (CST)
Failed MX lookup; try again later

Sat, 10 Dec 2011 13:09:37 -0600 (CST)
Failed MX lookup; try again later

Sat, 10 Dec 2011 05:09:07 -0600 (CST)
Failed MX lookup; try again later

Fri, 09 Dec 2011 21:08:37 -0600 (CST)
Failed MX lookup; try again later

Fri, 09 Dec 2011 13:08:07 -0600 (CST)
Failed MX lookup; try again later

Fri, 09 Dec 2011 09:07:37 -0600 (CST)
Failed MX lookup; try again later

Fri, 09 Dec 2011 05:06:35 -0600 (CST)
Failed MX lookup; try again later

Fri, 09 Dec 2011 01:05:37 -0600 (CST)
Failed MX lookup; try again later

Thu, 08 Dec 2011 23:05:02 -0600 (CST)
Failed MX lookup; try again later

Thu, 08 Dec 2011 21:04:15 -0600 (CST)
Failed MX lookup; try again later

Thu, 08 Dec 2011 20:03:45 -0600 (CST)
Failed MX lookup; try again later

The mail system will continue to try to deliver your message
for an additional 2 days.




Reporting-MTA: dns;vms173001.mailsrvcs.net (tcp-daemon)
Arrival-date: Thu, 08 Dec 2011 20:03:11 -0600 (CST)

Original-recipient: rfc822;abuse@gardenventures.com
Final-recipient: rfc822;abuse@gardenventures.com
Action: delayed
Status: 4.4.7 (unable to deliver this message after 2 days)



Return-path: <johnpet@verizon.net>
Received: from tcp-daemon.vms173001.mailsrvcs.net by vms173001.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
id <0LW100GN31CKNUJ0@vms173001.mailsrvcs.net>; Sun,
11 Dec 2011 00:43:32 -0600 (CST)
Received: from Utility.bostonretail.com ([unknown] [65.211.24.130])
by vms173001.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTPA id <0LVW00GBQZ1AY2Z0@vms173001.mailsrvcs.net> for
abuse@gardenventures.com; Thu, 08 Dec 2011 20:03:11 -0600 (CST)
Date: Thu, 08 Dec 2011 21:00:48 -0500
From: {edited for privacy}@verizon.net
Subject:
=?iso-8859-5?Q?=B0=DA=DA=D0=E3=DD=E2_Paypal_=D7=D0=D1=DB=DE=DA=D8=E0=DE=D2=D0=DD?=
To: "Sir or Madam" <abuse@gardenventures.com>
Reply-to: abuse@youtube.com
Message-id:
<CHILKAT-MID-00000024-0054-0045-0041-004d00002400@Utility.bostonretail.com>
MIME-version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Content-type: text/html; charset=iso-8859-5
Content-transfer-encoding: quoted-printable
X-Priority: 3 (Normal)

<html><head><META http-equiv=3D"Content-Type" content=3D"text/html;chars=
et=3Diso-8859-5"></head><body>Best video, erotic girls, sex girls, click=
NOW:<br>=0A<a href=3D"http://www.youtube.com/watch?v=3DLbeQn3TI3rI&feat=0
ure=3Drelated">http://www.youtube.com/watch?v=3DLbeQn3TI3rI&feature=3Dre=
lated</a> </body></html>

0 Likes
Reply
1 Solution
tns
Master - Level 2

If someone used your email address to send out Such spam,  and the recipients tried to send it to abuse@... then this is typically what you would see.  They never need to get near your account to do so since the eMail smtp protocol does not require any authentication of the real sender's address.

View solution in original post

0 Likes
Reply
4 Replies
somegirl
Champion - Level 3

Your account has most likely been compromised. Reset your password and secret question to something new and complex and run a virus scan.

0 Likes
Reply
johnpet
Newbie

i ran a scan (Kasperky) with nothing detected. got some more last night. just changed password again as well as secret. i'll see what happens. tnx

0 Likes
Reply
tns
Master - Level 2

If someone used your email address to send out Such spam,  and the recipients tried to send it to abuse@... then this is typically what you would see.  They never need to get near your account to do so since the eMail smtp protocol does not require any authentication of the real sender's address.

0 Likes
Reply
johnpet
Newbie

understood. it's a pain in the neck and other then abandoing the account, no way to stop it. it's been going on for days.

0 Likes
Reply