Results 1 to 15 of 15
  1. #1
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    318
    Thanks
    25
    Thanked 3 Times in 3 Posts

    Questionable error messages

    A few weeks ago I received questionable "undeliverable" messages to my e-mail account. They stopped. However, I just received another from the mailer-daemon @ peterhost.ru. Should I be be concerned about hijacking?

    The message begins as follows, followed by what appears to be a dump of areas of memory.
    ---
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    heklya_20@mx6.z8.ru
    SMTP error from remote mail server after RCPT TO:<heklya_20@mx6.z8.ru>:
    host 192.168.0.250 [192.168.0.250]: 552 5.2.2 Over quota SESSIONID=<doom.z8.ru-22588-1363164184-1>

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <[my e-mail address
    Received: from strelka.phst ([192.168.8.5] helo=mx2.z8.ru)
    by rly6.z8.ru with esmtp (Exim 4.71 (FreeBSD))
    (envelope-from <[my e-mail address]>)
    id 1UFhA5-0002BB-7j
    for heklya_20@mx6.z8.ru; Wed, 13 Mar 2013 12:35:49 +0400
    Received: from out03.smtpout.orange.fr ([193.252.22.212] helo=out.smtpout.orange.fr)
    by mx2.z8.ru with esmtp (Exim 4.76 (FreeBSD))
    (envelope-from <[my e-mail address]>)
    id 1UFh9k-0001SF-50
    for levchenko@heklya.ru; Wed, 13 Mar 2013 12:35:28 +0400
    Received: from Unknown ([2.179.89.71])
    by mwinf5d40 with ME
    id Awb01l00R1YMwuS03wb5xA; Wed, 13 Mar 2013 09:35:25 +0100
    Message-ID: <E830D4FB227E4470B901C8112B9CA66F@ipgxd>
    Reply-To: =?windows-1251?B?/vDo8eru7fHz6/zy?= <claudius1991decou@ngs.ru>
    From: =?windows-1251?B?/vDo8eru7fHz6/zy?= ...
    To: =?windows-1251?B?3+fi6O3g?= ...
    Subject: =?windows-1251?B?x+Xs5ev87fvpIOru5OXq8Q==?=
    Date: Wed, 13 Mar 2013 14:33:18 +0600
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_2631_01CE1FF7.B4522AB0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.5931
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109
    X-Spam-Score: 3.4
    X-Spam-Report: pts rule name description
    ---- ----------------------
    1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
    0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
    [score: 0.5655]
    1.5 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

    Checked By sito6.z8.ru
    X-Z8-Spam-Level: 0

    This is a multi-part message in MIME format.

    ------=_NextPart_000_2631_01CE1FF7.B4522AB0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_2632_01CE1FF7.B4522AB0"


    ------=_NextPart_001_2632_01CE1FF7.B4522AB0
    Content-Type: text/plain;
    charset="windows-1251"
    Content-Transfer-Encoding: quoted-printable
    Last edited by globalist; 2013-03-13 at 06:30. Reason: remove some personal identifiers

  2. #2
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    If you check the address the email was sent to, it will fix your problem.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  3. The Following User Says Thank You to Roderunner For This Useful Post:

    Look (2013-03-14)

  4. #3
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    318
    Thanks
    25
    Thanked 3 Times in 3 Posts

    please explain

    What do you mean by "check"?

    And which address...my e-mail address? ...the shown address (heklya_20@mx6.z8.ru)? ...something at peterhost.ru?

    Thanks.

  5. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Most likely (almost for sure), there is no hijacking. Somehow they got your email address (it could have been harvested from the web, or obtained through a contact that got malware, etc) and are using it as the sender's address to send spam. This happens very frequently. You are getting the error message because the messages purportedly from you were not successfully delivered. That also happens rather frequently.

  6. The Following User Says Thank You to ruirib For This Useful Post:

    globalist (2013-03-13)

  7. #5
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    Globalist:

    FYI, there are a lot of email addresses and web sites in your posting which end in ".ru". I.E, they're from Russia. I would be suspicious of all of them, that is, unless your ISP is in Russia, or unless you were emailing someone in Russia.

    Having said that, it doesn't mean you have been hacked, but it may mean that someone was trying to hack you.

    Jim

  8. The Following User Says Thank You to mrjimphelps For This Useful Post:

    globalist (2013-03-13)

  9. #6
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    318
    Thanks
    25
    Thanked 3 Times in 3 Posts
    That is my fear -- all those addresses in Russia, coupled with the very long memory dump of the original non-deliverable message allegedly sent by me. I have NOT been communicating with anyone in Russia or even close to it.

    I a very uneasy about this.

  10. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by mrjimphelps View Post
    Globalist:

    FYI, there are a lot of email addresses and web sites in your posting which end in ".ru". I.E, they're from Russia. I would be suspicious of all of them, that is, unless your ISP is in Russia, or unless you were emailing someone in Russia.

    Having said that, it doesn't mean you have been hacked, but it may mean that someone was trying to hack you.

    Jim
    This was not a normal email message. This was a notification that the original email purportedly sent by globalist could not be delivered. I find it very unlikely that it was an hack attempt. In this case the message was returned because the original destination email account was over quota. If it wasn't for that, there would even be any notifications sent.

    To be an hack, in a very remote scenario, the original email would have to have a malware payload, the sender would have to use an existing account known to be over quota, to have the email returned to the purported sender, so that he would get curious and would open the attachment to the original message (I'm not even sure if any original attachments are included in a non delivery notification, just can't remember).

    So stating this was a hacking attempt looks clearly excessive to me. I wouldn't say it. That said, the recommendation that no attachments should ever be opened from unexpected messages, that obviously still applies.

  11. The Following User Says Thank You to ruirib For This Useful Post:

    globalist (2013-03-13)

  12. #8
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    Perhaps this was not a hacking attempt. I'd still be leery of it.

    I'd make sure that you have good malware protection in place. Norton and Webroot are the highest rated by most if not all of the reviewers.

    Another thing you might consider getting -- American Family Online internet filter (www.afo.net). The primary purpose of this filter is to block objectionable content, and sites which host objectionable content. But a side benefit of the AFO filter is that many of the sites that they block also happen to be the phishing and/or hacking sites.

    While I wouldn't depend on the AFO filter for protection from these sites, it does give you some indirect protection from them.

  13. #9
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    318
    Thanks
    25
    Thanked 3 Times in 3 Posts
    Thanks for your counsel.

    I will NOT use Norton. Once in the middle of the last decade and again a year ago I lost 1 1/2 months removing the disaster Norton made interacting with Dragon (shared DLLs, I think). [The first was under Win XP and the second under Win 7, where I encountered something new: black screens of death which, when eventually overcome, left blue screens of death, which I finally eliminated by removing as many traces of Norton as possible (LOTS of registry editing, which still did not remove all registry entries related to Norton). I now use Microsoft Security Essentials and Malware Bytes as my primary protection.

  14. #10
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    Sounds like you're doing a good job on security.

    As long as you are careful (and it sounds like you are), I don't think you have much, if anything, to worry about. If you haven't seen any negative effects on your computing experience, I'd say you are good to go.

    Norton does seem to slow things down. That's the problem I have had with it.

  15. #11
    Star Lounger Look's Avatar
    Join Date
    Aug 2011
    Location
    Ireland
    Posts
    71
    Thanks
    4
    Thanked 2 Times in 1 Post
    Hello Folks,

    I got this message this morning:-
    -
    Delivery to the following recipient failed permanently:

    pnokio8998@gmail.com

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the server for the recipient domain gmail.com by gmail-smtp-in.l.google.com. [2607:f8b0:4002:c02::1b].

    The error that the other server returned was:
    550-5.1.1 The email account that you tried to reach does not exist. Please try
    550-5.1.1 double-checking the recipient's email address for typos or
    550-5.1.1 unnecessary spaces. Learn more at
    550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 k65si2239931yhj.110 - gsmtp

    ----- Original message -----

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=20120113;
    h=x-received:message-id:from:to:subject:date:mime-version
    :content-type:x-priority:x-msmail-priority:importance:x-mailer
    :disposition-notification-to:x-mimeole:x-antivirus
    :x-antivirus-status;
    bh=lrDJFLib9ysOhSEMPHUjChnTnNo6eVrcTOlv4qmUHu4=;
    b=nvNieJCf/Bb67X6Zb85j3OpAONaoIsmEq9NE22yiKcrCebOMAjG03lNHOcy YFfZHJ6
    xiJ9BT3MPHC10wt6YM5apdNvPMsOheOxxov6lvq9b1Uddc8O/857kUtGHIsR4hiJ6+Bbw
    NnqMGD8CFYJLsMPT/BQGTJ+U/fwuxGTXvk/I6i0KDAzFY7aoBr94Pl8dKoydMnf0aUXX
    hPVwISRDLaWawhgpXZGsGSZeujw9V5T7KFG1kgaUuCrigdvRtT hkPWUgjLcgZK6nrI63
    vz1BpLfEJBzwoNhX/OQtJYKLSfTYiKNXuhIxe4WCpxs2sR8rhG7Kd2QkfdLPNDOryhJ g
    w6sQ==
    X-Received: by 10.194.82.34 with SMTP id f2mr3756810wjy.25.1363264596109;
    Thu, 14 Mar 2013 05:36:36 -0700 (PDT)
    Return-Path: <censored>
    Received: from Laptop (censored)
    by mx.google.com with ESMTPS id k5sm3766730wiy.5.2013.03.14.05.36.33
    (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
    Thu, 14 Mar 2013 05:36:34 -0700 (PDT)
    Message-ID: <49C9BBF9BCB54AA58A762720737C02C0@Laptop>
    From: >censored>
    To: <pnokio8898@gmail.com>
    Subject: Our Meeting>
    Date: Thu, 13 Mar 2013 12:36:29 -0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0009_01CE20B0.8D61E8A0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    Importance: Normal
    X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
    Disposition-Notification-To: "Censored>
    X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
    X-Antivirus: avast! (VPS 130314-1, 14/03/2013), Outbound message
    X-Antivirus-Status: Clean

    Test.
    -
    My problem was solved by post #2 from Roadrunner by checking the address used.
    Jim.
    May you live as long as you want, and want to as long as you live.

  16. #12
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Look View Post
    My problem was solved by post #2 from Roadrunner by checking the address used.
    But that was for an email which you had sent (unlike post #1)

    Bruce

  17. #13
    Star Lounger Look's Avatar
    Join Date
    Aug 2011
    Location
    Ireland
    Posts
    71
    Thanks
    4
    Thanked 2 Times in 1 Post
    Hello Bruce,

    post #1 A message that you sent could not be delivered to one or more of its recipients. This is a permanent error.
    This shows multiple recipients.


    post #12 Delivery to the following recipient failed permanently: post #12
    This shows only one.
    Jim.
    May you live as long as you want, and want to as long as you live.

  18. #14
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Look View Post
    This shows multiple recipients.
    One or more doesn't mean more than one.


    Quote Originally Posted by Look View Post
    This shows only one.
    What's your point, and why are you mad?


    Bruce

  19. #15
    Star Lounger Look's Avatar
    Join Date
    Aug 2011
    Location
    Ireland
    Posts
    71
    Thanks
    4
    Thanked 2 Times in 1 Post
    Quote Originally Posted by BruceR View Post
    One or more doesn't mean more than one.

    What's your point, and why are you mad?

    Bruce
    I thought they were nearly the same. No intending 'Mad' just the red face.
    Jim.
    May you live as long as you want, and want to as long as you live.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •