- Registriert
- 04.06.09
- Beiträge
- 84
Moin Moin.
Ich habe folgendes Problem:
Seit kurzem erhalte ich regelmässig, also alle paar Tage Mails, die gemäß des Inhalts nicht zugestellt werden konnten, weil die email-Adresse nicht bekannt sein soll.
Ich kann absolut ausschließen, dass ich bewusst Mails an diese Adressen gesendet habe.
Zuerst vermutete ich, dass es sich um reguläre Spam-Mails handelt, nun habe ich mit ClamXAv einen Scan durchgeführt, folgendes kam dabei raus:
3 Mal kam folgende Meldung:
/users/MEIN NAME/Library/POP-MEINACCOUNT/Deleted Messages.mbox/Messages/3457.emlx:
Phishing.Heuristics.Email.SpoofedDomain FOUND
Insgesamt 3 Mal, aufeinander folgende Nummern.
Folgende Fragen:
Wie soll ich mit diesen Funden weiter verfahren?
Was bedeutet diese Meldung?
Ich hänge mal den Text einer dieser Mails unten an.
Wahrscheinlich ist der Text total uninteressant, aber der Header steht davor.
Vielen Dank schonmal für Eure Hilfe!
Thomas
----------------------------------
Hi. This is the qmail-send program at mail-ext.schubert-gruppe.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
192.168.2.4 does not like recipient.
Remote host said: 550 [email protected]... No such user
Giving up on 192.168.2.4.
--- Below this line is a copy of the message.
Return-Path: <MEINE MAIL ADRESSE
Received: (qmail 25162 invoked by uid 1002); 14 Jul 2009 07:24:00 +0200
Received: from 124.121.116.17 by mail-ext (envelope-from <MEINE MAILADRESSE>, uid 64011) with qmail-scanner-2.01
(iscan: v3.1/v8.310-1002/503/195823. spamassassin: 3.1.7-deb.
Clear:RC:0(124.121.116.17):SA:1(7.3/5.0):.
Processed in 13.46024 secs); 14 Jul 2009 05:24:00 -0000
X-Spam-Status: Yes, score=7.3 required=5.0
X-Spam-Level: +++++++
X-Qmail-Scanner-Mail-From: MEINE MAIL ADRESSE via mail-ext
X-Qmail-Scanner: 2.01 (Clear:RC:0(124.121.116.17):SA:1(7.3/5.0):. Processed in 13.46024 secs)
Received: from unknown (HELO ppp-124-121-116-17.revip2.asianet.co.th) (124.121.116.17)
by mail-ext.schubert-gruppe.de with SMTP; 14 Jul 2009 07:23:46 +0200
Message-ID: <057d01ca0477$85bcc240$1174797c@home-f5e177f313>
From: "MEIN NAME <MEINE MAIL ADRESSE>
To: "thomas.heiermannnn" <[email protected]>
Reply-To: MEINE MAIL ADRESSE
Subject: [:SPAM:] 14.7.2009 ID97807 75% 0FF on PFIZER !
Date: Tue, 14 Jul 2009 04:37:52 -0420
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_057B_01CA0477.85BCC240"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
This is a multi-part message in MIME format.
------=_NextPart_000_057B_01CA0477.85BCC240
Content-Type: text/html;
charset="windows-1251"
Content-Transfer-Encoding: 8bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-1251">
<META content=3D"MSHTML 6.00.2900.3138" name=3DGENERATOR>
<TITLE>News</TITLE>
<STYLE></STYLE>
</HEAD>
<BODY bgcolor="#ffffff" text="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="width: 896px">
<tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;"><a href="http://www.pbebiwoh.cn" style="text-decoration: none; color: #0099ff;">Click here</a> to view as a web page. </td></tr>
<tr><td align="center">
<br />
<a href="http://www.pbebiwoh.cn">
<img alt="View image in browser now" width="618" height="326" src="http://www.pbebiwoh.cn/1.gif" style="border-width: 0px" /></a></td></tr>
<tr><td valign="top" style="border-right: 1px solid #e5e4e4; padding-right: 10px">
<table border="0" cellpadding="0" cellspacing="0" style="width: 884px">
<tr><td align="center" style="font: normal 9px Verdana, sans-serif; color: #999; padding-top: 20px">
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Unsubscribe</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Change e-mail address</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Privacy Policy</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">About Us</a><br /><br />
Copyright � 2009 Feeys Inc. All rights reserved.<br />
</td></tr>
</table>
</td>
</tr>
</table>
</BODY>
</HTML>
------=_NextPart_000_057B_01CA0477.85BCC240
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: 8bit
Click here http://www.pbebiwoh.cn to view as a web page.
View image in browser now http://www.pbebiwoh.cn/f.gif
Unsubscribe at http://www.pbebiwoh.cn
Change e-mail address at http://www.pbebiwoh.cn
Privacy Policy at http://www.pbebiwoh.cn
About Us at http://www.pbebiwoh.cn
Copyright � 2009 Fetve Inc. All rights reserved.
------=_NextPart_000_057B_01CA0477.85BCC240--
Ich habe folgendes Problem:
Seit kurzem erhalte ich regelmässig, also alle paar Tage Mails, die gemäß des Inhalts nicht zugestellt werden konnten, weil die email-Adresse nicht bekannt sein soll.
Ich kann absolut ausschließen, dass ich bewusst Mails an diese Adressen gesendet habe.
Zuerst vermutete ich, dass es sich um reguläre Spam-Mails handelt, nun habe ich mit ClamXAv einen Scan durchgeführt, folgendes kam dabei raus:
3 Mal kam folgende Meldung:
/users/MEIN NAME/Library/POP-MEINACCOUNT/Deleted Messages.mbox/Messages/3457.emlx:
Phishing.Heuristics.Email.SpoofedDomain FOUND
Insgesamt 3 Mal, aufeinander folgende Nummern.
Folgende Fragen:
Wie soll ich mit diesen Funden weiter verfahren?
Was bedeutet diese Meldung?
Ich hänge mal den Text einer dieser Mails unten an.
Wahrscheinlich ist der Text total uninteressant, aber der Header steht davor.
Vielen Dank schonmal für Eure Hilfe!
Thomas
----------------------------------
Hi. This is the qmail-send program at mail-ext.schubert-gruppe.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
192.168.2.4 does not like recipient.
Remote host said: 550 [email protected]... No such user
Giving up on 192.168.2.4.
--- Below this line is a copy of the message.
Return-Path: <MEINE MAIL ADRESSE
Received: (qmail 25162 invoked by uid 1002); 14 Jul 2009 07:24:00 +0200
Received: from 124.121.116.17 by mail-ext (envelope-from <MEINE MAILADRESSE>, uid 64011) with qmail-scanner-2.01
(iscan: v3.1/v8.310-1002/503/195823. spamassassin: 3.1.7-deb.
Clear:RC:0(124.121.116.17):SA:1(7.3/5.0):.
Processed in 13.46024 secs); 14 Jul 2009 05:24:00 -0000
X-Spam-Status: Yes, score=7.3 required=5.0
X-Spam-Level: +++++++
X-Qmail-Scanner-Mail-From: MEINE MAIL ADRESSE via mail-ext
X-Qmail-Scanner: 2.01 (Clear:RC:0(124.121.116.17):SA:1(7.3/5.0):. Processed in 13.46024 secs)
Received: from unknown (HELO ppp-124-121-116-17.revip2.asianet.co.th) (124.121.116.17)
by mail-ext.schubert-gruppe.de with SMTP; 14 Jul 2009 07:23:46 +0200
Message-ID: <057d01ca0477$85bcc240$1174797c@home-f5e177f313>
From: "MEIN NAME <MEINE MAIL ADRESSE>
To: "thomas.heiermannnn" <[email protected]>
Reply-To: MEINE MAIL ADRESSE
Subject: [:SPAM:] 14.7.2009 ID97807 75% 0FF on PFIZER !
Date: Tue, 14 Jul 2009 04:37:52 -0420
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_057B_01CA0477.85BCC240"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
This is a multi-part message in MIME format.
------=_NextPart_000_057B_01CA0477.85BCC240
Content-Type: text/html;
charset="windows-1251"
Content-Transfer-Encoding: 8bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-1251">
<META content=3D"MSHTML 6.00.2900.3138" name=3DGENERATOR>
<TITLE>News</TITLE>
<STYLE></STYLE>
</HEAD>
<BODY bgcolor="#ffffff" text="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="width: 896px">
<tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;"><a href="http://www.pbebiwoh.cn" style="text-decoration: none; color: #0099ff;">Click here</a> to view as a web page. </td></tr>
<tr><td align="center">
<br />
<a href="http://www.pbebiwoh.cn">
<img alt="View image in browser now" width="618" height="326" src="http://www.pbebiwoh.cn/1.gif" style="border-width: 0px" /></a></td></tr>
<tr><td valign="top" style="border-right: 1px solid #e5e4e4; padding-right: 10px">
<table border="0" cellpadding="0" cellspacing="0" style="width: 884px">
<tr><td align="center" style="font: normal 9px Verdana, sans-serif; color: #999; padding-top: 20px">
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Unsubscribe</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Change e-mail address</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">Privacy Policy</a> |
<a href="http://www.pbebiwoh.cn" style="font: 9px Verdana, sans-serif; text-decoration: none; color: #0099ff">About Us</a><br /><br />
Copyright � 2009 Feeys Inc. All rights reserved.<br />
</td></tr>
</table>
</td>
</tr>
</table>
</BODY>
</HTML>
------=_NextPart_000_057B_01CA0477.85BCC240
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: 8bit
Click here http://www.pbebiwoh.cn to view as a web page.
View image in browser now http://www.pbebiwoh.cn/f.gif
Unsubscribe at http://www.pbebiwoh.cn
Change e-mail address at http://www.pbebiwoh.cn
Privacy Policy at http://www.pbebiwoh.cn
About Us at http://www.pbebiwoh.cn
Copyright � 2009 Fetve Inc. All rights reserved.
------=_NextPart_000_057B_01CA0477.85BCC240--