Mail Delivery Warning For Email I Didn't Send?

[soundweaver]

I got this mail delivery warning on one of my domain email accounts for something I didn't send. I'm not using formmail... Is someone trying to exploit formmail or spoofing sending address? What does it mean...do I need to be concerned?

 

Subject: Warning: message 19my5m-00060y-Tq delayed 24 hours  All headers 

This message was created automatically by mail delivery software.

A message that you sent has not yet been delivered to one or more of its

recipients after more than 24 hours on the queue on server30.totalchoicehosting.com.

 

The message identifier is:    19my5m-00060y-Tq

The subject of the message is: http://www.soundweaver.org/cgi-sys/formmail.pl (63.174.116.9:80) bcc: bagnallb@aol.comjeafoj5 NO 4y3zR SO S5 yUZL4yQnv DqSQ9zsM01YkDy7 sUAHK4WLSQqSFCPKoB B HVyrC5APnzu6ZfHhGj8Ig6yRZÿFFFFCCabcdefghijkl.

The date of the message is:    Wed, 13 Aug 2003 11:03:18 -0500

 

The address to which the message has not yet been delivered is:

 

p@www.soundweaver.org

  Delay reason: lowest numbered MX record points to local host

 

No action is required on your part. Delivery attempts will continue for

some time, and this warning may be repeated at intervals if the message

remains undelivered. Eventually the mail delivery software will give up,

and when that happens, the message will be returned to you

[Head Guru]

You should submit a help desk ticket.

 

We would need to take a closer look at your account before figuring out what was going on.

 

https://ssl.totalchoicehosting.com/supportdesk

[soundweaver]

Thanks - I just followed your advice and opened a ticket.

[soundweaver]

My thanks to Jim and Rick in tech support for looking into this, answering my questions clearly and taking prompt action to protect us from exploit attempts. Seems like every day I'm more impressed with the level of customer service here at TCH. Keep up the good work!

 

Thumbs Up

[Wilexa]

I got the same kind of emails and have submitted a help desk ticket too.

 

Just so you know that you are not the only one, soundweaver!

 

...Dave

[TCH-Rick]

Thanks for your ticket. I suspect since we've received a couple of tickets on this that it would be good to repeat some of the info for all to see.

 

Basically some folks have been trying to exploit the formmail scripts again. It's akin to a thief "rattling the doorknobs" to see if they can get in. When they fail there is a bounce message sent to the account. The mail queue will attempt to deliver the message several times before giving up.

 

We had reenabled formmail on some servers at user request but are disabling it again.

 

FormMail is the most widely known script so it is the most attacked. There are many more options and we encourage anyone using formmail to look into those including the php script still being discussed on our forums.

[Wilexa]

Thanks for the info, Rick.

 

Total time between ticket open and the response to close it: 7 minutes!!!!!

 

Rock Sign Rock Sign Rock Sign

 

I love this place!

 

...Dave