First I'd like to say how useful I find the rollernet backup mx service, and how grateful I am.
Next: my problem. I've been receiving a few (this is the third) spam 'phishing' emails lately, asking for bank details etc. These mails all 'appear' to come from someone@mail.rollernet.us (at least in the "To" field).
Could someone help me interpret the email headers (shown below) and explain to me how this works? I read the FAQ, and have searched the forums, but this doesn't seem to be addressed anywhere (apart from a big "we are not an open relay" in the faq! )
Here are the headers: (i have replaced my email address with me@myserver.net and my server with myserver.net for privacy)
Lastly, my server runs kerio mailserver, and uses NOD32 antivirus as a plugin, which has probably added quite a few lines to the headers. (NOD32 detected this as a bankfraud.gen trojan).
Code: Select all
Return-Path: <support_id_0421939@wamu.com>
X-Envelope-To: me@myserver.net
X-Virus-Found: HTML/Bankfraud.gen trojan
X-Spam-Status: Yes, hits=10.0 required=8.0
tests=BAYES_80: 2.442,FROM_ENDS_IN_NUMS: 0.677,FROM_HAS_ULINE_NUMS: 0.628,
HTML_60_70: 0.516,HTML_FONTCOLOR_UNSAFE: 0.1,HTML_IMAGE_ONLY_02: 1.472,
HTML_MESSAGE: 0.1,MIME_HTML_ONLY: 0.248,NORMAL_HTTP_TO_IP: 0.617,
SARE_HTML_COLOR_NWHT: 1.666,SARE_HTML_FONT_INVIS1: 0.924,SARE_HTML_IMG_ONLY: 2.222,
SARE_HTML_NO_BODY2: 0.1,SARE_HTML_NO_BODY3: 0.1,SARE_HTML_URI_IP: 0.644,
SARE_SUB_PLEASE_OB1: 1.666
X-Spam-Flag: YES
X-Spam-Level: **********
Received: from mail.rollernet.us ([67.118.43.92])
by myserver.net (Kerio MailServer 6.0.6)
for me@myserver.net;
Fri, 11 Feb 2005 09:41:52 +0000
Received: from bog44-1-82-231-130-140.fbx.proxad.net (bog44-1-82-231-130-140.fbx.proxad.net [82.231.130.140])
by mail.rollernet.us (Postfix) with SMTP id 9EC1253FD1
for <me@myserver.net>; Fri, 11 Feb 2005 00:38:43 -0800 (PST)
FCC: mailbox://support_id_0421939@wamu.com/Sent
X-Identity-Key: id1
Date: Fri, 11 Feb 2005 03:38:36 -0500
From: Washington@mail.rollernet.us, Mutual@mail.rollernet.us,
Inc. <support_id_0421939@wamu.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: me@myserver.net
Subject: Washington Mutual: PIease Confirm Your Data
Content-Type: multipart/related;
boundary="------------010102090903030109010006"
X-Antivirus: avast! (VPS 0506-0, 08/02/2005), Outbound message
X-Antivirus-Status: Clean
Message-Id: <20050211083843.9EC1253FD1@mail.rollernet.us>