Spam Assasin Msg

[SMHarman]

I just recieved this mail

Quote:

From: SpamAssassin [mailto:expostmaster@devon.gov.uk]
Sent: 18 December 2004 10:22
To: XXX@theXXXXXXXXXXXX.com
Subject: **Message was blocked by our SPAM filter**


A message addressed to: gtXXXXX@devon.gov.uk
has triggered our SpamAssassin SPAM filters and has been rejected. This message apparently originated from your e-mail address, although it is possible that another Internet user has been deliberately deceiving the Internet email systems by inappropriately assuming your email address.

The email that was sent with the following subject has NOT BEEN DELIVERED:

Subject: Re: Details

The authority uses a set of email filters to help block the delivery of unsolicited commercial email, otherwise known as SPAM. For more information on SPAM, please visit http://spam.abuse.net.

If you believe that you have received this message in error, please accept our sincere apologies.

The report below may help you determine why this message was identified as SPAM.

Thank you very much,

Postmaster


SpamAssassin report:
Spam detection software, running on the system "mr1.devon.gov.uk", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see expostmaster@devon.gov.uk for details.

Content preview: Your file is attached. [skipped
application/octet-stream attachment] [...]

Content analysis details: (14.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.2 NO_REAL_NAME From: does not include a real name
1.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
[cf: 100]
4.3 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program
2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
3.0 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.2 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer

with these attachments

Quote:

Originally Posted by undiliverered-message headers,txt

Received: from devon.gov.uk (client-82-11-125-72.glfd.adsl.ntlworld.com [82.11.125.72])
by mr1.devon.gov.uk (Postfix) with ESMTP id 4534DFAD2B
for <gtXXXXX@devon.gov.uk>; Sat, 18 Dec 2004 10:22:15 +0000 (GMT)
From: XXX@theXXXXXXXXXXXX.com
To: gtXXXXXX@devon.gov.uk
Subject: Re: Details
Date: Sat, 18 Dec 2004 10:22:14 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0002_00007D88.00001558"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20041218102215.4534DFAD2B@mr1.devon.gov.uk>

Quote:

Originally Posted by datails.txt

Reporting-MTA: dns; mr1
Received-From-MTA: smtp; mr1.devon.gov.uk ([127.0.0.1])
Arrival-Date: Sat, 18 Dec 2004 10:22:17 +0000 (GMT)

Final-Recipient: rfc822; gtXXXXX@devon.gov.uk
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=28315-08
Last-Attempt-Date: Sat, 18 Dec 2004 10:22:18 +0000 (GMT)

Whats all this about?
First, the message was not sent by me, it is not in my sent items.
Second, the client (client-82-11-125-72.glfd.adsl.ntlworld.com [82.11.125.72]) is adsl, not my ware-luton one.

Is someone spamming using my email address as the from / reply to address?

If so what can I do about it?

EDIT - and I'm using Trend Micro Internet Security so I'm pretty confident my PC is secure virus and spyware free.

Quote:

Originally Posted by SMHarman

Is someone spamming using my email address as the from / reply to address?

Yes, most of the current e-mail worms do this, the send themselves from the infected pc with forged sender addresses - so you get the bounce and rejection messages.

Quote:

Originally Posted by SMHarman

If so what can I do about it?

Virtually nothing, you can report the originating IP to their ISP, that's about it.

[Stuartbe]

Yep... This happens thousands of times a hour all over the world... If you have your own mail server you can ask it to perform a reverse dns lookup on the ip...

[SMHarman]

Quote:

Originally Posted by Stuartbe

Yep... This happens thousands of times a hour all over the world... If you have your own mail server you can ask it to perform a reverse dns lookup on the ip...

I'm using the iweb one, I see the spam assasin msgs regularly on the inbound. Is it usually setup to issue such rejections back to the "originator" seems like a waste of bandwidth to me.

[Stuartbe]

Quote:

Originally Posted by SMHarman

I'm using the iweb one, I see the spam assasin msgs regularly on the inbound. Is it usually setup to issue such rejections back to the "originator" seems like a waste of bandwidth to me.

Arrrg.... Dont bounce the message or reject it..... Just tell your mail system to silently drop the message. If you bounce the mail you will let the spammer know he has a " live one "

Just drop the mail m8

[SMHarman]

Quote:

Originally Posted by Stuartbe

Arrrg.... Dont bounce the message or reject it..... Just tell your mail system to silently drop the message. If you bounce the mail you will let the spammer know he has a " live one "

Just drop the mail m8

I have, all my {spam} gets moved to it's own folder, visually scanned and deleted, so far I have had one false positive from iwebs default settings. Nothing is sent back.

I guess that is not the case for devon.gov.uk though. They bounce it back, hence this thread.