I'll paste below the contents of the files John sent. To me, it
appears to be a Viagra ad coming from a host in Spain, with a link to
a website in Russia. What we're trying to determine is whether (1)
Tux has been compromised by crackers and is being exploited as a spam
relay, (2) we are receiving this message in error because Tux' mail
server has been configured to relay Board messages, and the error was
intended for the spammer, or (3) something went awry with Google's
Gmail servers. Note, 204.225.221.10 is Tux' IP.
Thanks,
Lisa
-----------------------------------------------------------------------
Reporting-MTA: dns; tux.oclug.on.ca
X-Postfix-Queue-ID: 612BE102889
X-Postfix-Sender: rfc822; board-members [ at ] oclug [ dot ] on [ dot ] ca
Arrival-Date: Fri, 30 Jul 2010 00:31:20 -0400 (EDT)
Final-Recipient: rfc822; eric [ dot ] brackenbury [ at ] gmail [ dot ] com
Original-Recipient: rfc822; board-members [ at ] oclug [ dot ] on [ dot ] ca
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an
unusual rate of 550-5.7.1 unsolicited mail originating from your IP
address. To protect our 550-5.7.1 users from spam, mail sent from your IP
address has been blocked. 550-5.7.1 Please visit
http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk
Email Senders Guidelines. a3si4446114bky.80
Final-Recipient: rfc822; exexpat2 [ at ] gmail [ dot ] com
Original-Recipient: rfc822; board-members [ at ] oclug [ dot ] on [ dot ] ca
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an
unusual rate of 550-5.7.1 unsolicited mail originating from your IP
address. To protect our 550-5.7.1 users from spam, mail sent from your IP
address has been blocked. 550-5.7.1 Please visit
http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk
Email Senders Guidelines. a3si4446114bky.80
Final-Recipient: rfc822; johnsebastientaylor [ at ] gmail [ dot ] com
Original-Recipient: rfc822; board-members [ at ] oclug [ dot ] on [ dot ] ca
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an
unusual rate of 550-5.7.1 unsolicited mail originating from your IP
address. To protect our 550-5.7.1 users from spam, mail sent from your IP
address has been blocked. 550-5.7.1 Please visit
http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk
Email Senders Guidelines. a3si4446114bky.80
-----------------------------------------------------------------------
Received: by tux.oclug.on.ca (Postfix)
id 612BE102889; Fri, 30 Jul 2010 00:31:20 -0400 (EDT)
Delivered-To: board-members [ at ] oclug [ dot ] on [ dot ] ca
Received: by tux.oclug.on.ca (Postfix, from userid 2006)
id 4F30510288A; Fri, 30 Jul 2010 00:31:20 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb3 (2006-10-05) on tux
X-Greylist: delayed 301 seconds by postgrey-1.27 at tux; Fri, 30 Jul
2010 00:31:15 EDT
Received: from 123.pool85-57-137.dynamic.orange.es
(123.pool85-57-137.dynamic.orange.es [85.57.137.123])
by tux.oclug.on.ca (Postfix) with ESMTP id BCD3C102889
for <board-members [ at ] oclug [ dot ] on [ dot ] ca>; Fri, 30 Jul 2010 00:31:15 -0400 (EDT)
From: 094 VIAGRA о Official Site <board-members [ at ] oclug [ dot ] on [ dot ] ca>
To: board-members [ at ] oclug [ dot ] on [ dot ] ca
Subject: board-members [ at ] oclug [ dot ] on [ dot ] ca VIAGRA о Official Site 75% 0FF
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20100730043115 [ dot ] BCD3C102889 [ at ] tux [ dot ] oclug [ dot ] on [ dot ] ca>
Date: Fri, 30 Jul 2010 00:31:15 -0400 (EDT)
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml;
charset=UTF-8"/>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0" style="width: 896px">
<tr><td align="center" style="font: normal 11px Verdana, sans-serif;
color: #333;"><a href="http://sfj.chickregion.ru?jxww";
style="text-decoration: none; color: #0099ff;">Please Click
here!</td></tr>
<tr><td align="center">
<br/>
<a href="http://xom.chickregion.ru?yujs";><img alt="For board-members!"
src="http://ala.chickregion.ru/t.gif"; style="border-width:
0px"/></a></td></tr>
</table>
</body>
</html>
-----------------------------------------------------
On 30 July 2010 17:38, Dave O'Neill <dmo+oclug [ at ] dmo [ dot ] ca> wrote:
> On Fri, Jul 30, 2010 at 05:20:18PM -0400, Prof. John C Nash wrote:
>>
>> After some board discussion, we've decided to ask OCLUG mail gurus what is
>> possibly going on. Seems TUX may be relaying some spam. Hopefully not
>> compromised.
>
> The first thing to do is to have someone take a look at the mail logs on
> Tux. It's entirely possible that there's no spamming going on -- Google
> has been known to block legitimate low-volume mailing lists if a recipient
> accidentally marks a message as spam once too many times.
>
> Cheers,
> Dave
>
![http://ala.chickregion.ru/t.gif"](http://ala.chickregion.ru/t.gif"){kind=link}