Security Leading To Mail Bouncing Around Forever

[llama_thumper]

was wondering if anyone can offer any solutions to this. i recently logged into my main domain account and found a whole mass of emails which i never knew where there. all of them were originally with attachments classed as dangerous and were kept bouncing around. how can i avoid this, ie how can i make sure that the fail message actually arrives to the original sender, without it bouncing around forever and landing in an account i never check? from what i can see the problem is that the original recipient replied with a fail message, _with_ the original attachment attached.

 

ie:

 

This message was created automatically by mail delivery software.

 

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 

  rednet@server20.totalchoicehosting.com

    This message has been rejected because it has

    a potentially executable attachment "kraj_a_9.url"

    This form of attachment has been used by

    recent viruses or other malware.

    If you meant to send this file then please

    package it up as a zip file and resend it.

 

------ This is a copy of the message, including all the headers. ------

 

Return-path: <rednet@server20.totalchoicehosting.com>

Received: from redonet by server20.totalchoicehosting.com with local-bsmtp (Exim 4.34)

id 1CAxuf-0001RV-2L

for rednet@server20.totalchoicehosting.com; Fri, 24 Sep 2004 17:47:33 -0400

Received: from mailnull by server20.totalchoicehosting.com with local (Exim 4.34)

id 1CAxue-0004nx-Sj

for rednet@server20.totalchoicehosting.com; Fri, 24 Sep 2004 17:47:32 -0400

X-Failed-Recipients: rednet@server20.totalchoicehosting.com

Auto-Submitted: auto-generated

From: Mail Delivery System <Mailer-Daemon@server20.totalchoicehosting.com>

To: rednet@server20.totalchoicehosting.com

Subject: Mail delivery failed: returning message to sender

Message-Id: <E1CAxue-0004nx-Sj@server20.totalchoicehosting.com>

Date: Fri, 24 Sep 2004 17:47:32 -0400

X-Spam-Exim: HI2syAppkpHsHRLOmFb4BZhE

X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on

server20.totalchoicehosting.com

X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.64

X-Spam-Level:

 

This message was created automatically by mail delivery software.

 

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 

  rednet@server20.totalchoicehosting.com

    This message has been rejected because it has

    a potentially executable attachment "kraj_a_9.url"

    This form of attachment has been used by

    recent viruses or other malware.

    If you meant to send this file then please

    package it up as a zip file and resend it.

 

------ This is a copy of the message, including all the headers. ------

 

Return-path: <rednet@server20.totalchoicehosting.com>

Received: from redonet by server20.totalchoicehosting.com with local-bsmtp (Exim 4.34)

id 1CAxue-0001A6-MC

for rednet@server20.totalchoicehosting.com; Fri, 24 Sep 2004 17:47:32 -0400

Received: from mailnull by server20.totalchoicehosting.com with local (Exim 4.34)

id 1CAxue-0000Xz-FM

for rednet@server20.totalchoicehosting.com; Fri, 24 Sep 2004 17:47:32 -0400

X-Failed-Recipients: sla@redo.net

Auto-Submitted: auto-generated

From: Mail Delivery System <Mailer-Daemon@server20.totalchoicehosting.com>

To: rednet@server20.totalchoicehosting.com

Subject: Mail delivery failed: returning message to sender

Message-Id: <E1CAxue-0000Xz-FM@server20.totalchoicehosting.com>

Date: Fri, 24 Sep 2004 17:47:32 -0400

X-Spam-Exim: HI2syAppkpHsHRLOmFb4BZhE

X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on

server20.totalchoicehosting.com

X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.64

X-Spam-Level:

 

This message was created automatically by mail delivery software.

 

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 

  sla@redo.net

    This message has been rejected because it has

    a potentially executable attachment "kraj_a_9.url"

    This form of attachment has been used by

    recent viruses or other malware.

    If you meant to send this file then please

    package it up as a zip file and resend it.

 

------ This is a copy of the message, including all the headers. ------

 

Return-path: <rednet@server20.totalchoicehosting.com>

Received: from redonet by server20.totalchoicehosting.com with local-bsmtp (Exim 4.34)

id 1CAxue-0005yb-BU

for sla@redo.net; Fri, 24 Sep 2004 17:47:32 -0400

Received: from mailnull by server20.totalchoicehosting.com with local (Exim 4.34)

id 1CAxue-0005EA-3E

for sla@redo.net; Fri, 24 Sep 2004 17:47:32 -0400

X-Failed-Recipients: gd@unido.org

Auto-Submitted: auto-generated

From: Mail Delivery System <Mailer-Daemon@server20.totalchoicehosting.com>

To: sla@redo.net

Subject: Mail delivery failed: returning message to sender

Message-Id: <E1CAxue-0005EA-3E@server20.totalchoicehosting.com>

Date: Fri, 24 Sep 2004 17:47:32 -0400

X-Spam-Exim: HI2syAppkpHsHRLOmFb4BZhE

X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on

server20.totalchoicehosting.com

X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.64

X-Spam-Level:

 

This message was created automatically by mail delivery software.

 

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 

  gd@unido.org

    This message has been rejected because it has

    a potentially executable attachment "kraj_a_9.url"

    This form of attachment has been used by

    recent viruses or other malware.

    If you meant to send this file then please

    package it up as a zip file and resend it.

 

------ This is a copy of the message, including all the headers. ------

 

Return-path: <sla@redo.net>

Received: from m1638p029.adsl.highway.telekom.at ([80.121.76.189]helo=duron850)

by server20.totalchoicehosting.com with asmtp (Exim 4.34)

id 1CAxud-0004Sw-LS

for gd@unido.org; Fri, 24 Sep 2004 17:47:32 -0400

From: "Slawomir Redo" <sla@redo.net>

To: <gd@unido.org>

Subject: Karp

Date: Fri, 24 Sep 2004 23:51:16 +0200

Organization: redo.net

Message-ID: <000301c4a280$a3fb3740$0100a8c0@duron850>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0004_01C4A291.67840740"

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook, Build 10.0.4024

Importance: Normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

 

This is a multi-part message in MIME format.

 

------=_NextPart_000_0004_01C4A291.67840740

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

 

 

Your files are attached and ready to send with this message.

 

 

ORIGINAL EMAIL MESSAGE HERE

 

------=_NextPart_000_0004_01C4A291.67840740

Content-Type: application/octet-stream;

name="kraj_a_9.url"

Content-Transfer-Encoding: 7bit

Content-Disposition: attachment;

filename="kraj_a_9.url"

 

[internetShortcut]

URL=http://www.rzeczpospolita.pl/gazeta/wydanie_040924/kraj/kraj_a_9.html

Modified=F001AB6080A2C401E3

 

------=_NextPart_000_0004_01C4A291.67840740--

Edited August 6, 2005 by llama_thumper

[Deverill]

"Yumm, addresses!" - Spammer's email harvesting program.

 

I'm sure if you submit a helpdesk ticket the tech guys can help you figure out what happenend and why.

 

In the meantime you may want to edit your post and remove your email addresses so that the spammers can't see it -- Google's all over this forum so there's no reason to believe the spammers aren't either.

[llama_thumper]

thx, did