oakcreek.k12.wi.us - sending bogus virus notifications back to the forged by viruses "Sender" headers, and no way to contact admins - bounced! oakcreek.k12.wi.us, [24.106.50.146]: Access denied! === Bogus virus warning === Received: from do-e2k.ocsd.edu (www.oakcreek.k12.wi.us [24.106.50.146]) by mail.dolphinwave.org (8.12.8/8.12.8) with ESMTP id i4HCgV0u016947 for ; Mon, 17 May 2004 15:42:36 +0300 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C43C0B.C9D5A3FD" Subject: Virus Found in message "my bill" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Mon, 17 May 2004 07:38:00 -0500 Message-ID: <3AF1B9F253BF1446872D20A788D44810512350@do-e2k.ocsd.edu> X-MS-Has-Attach: X-MS-TNEF-Correlator: <3AF1B9F253BF1446872D20A788D44810512350@do-e2k.ocsd.edu> Thread-Topic: Virus Found in message "my bill" Thread-Index: AcQ8C8nVOjsMugYFR7qB3Iw4f3WpTQ== From: "KAUTENBURG GARY P" To: X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 6.25.0.3; VDF 6.25.0.65 X-Loop: dev.null@dolphinwave.org Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: This is a multi-part message in MIME format. ------_=_NextPart_001_01C43C0B.C9D5A3FD Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Norton AntiVirus found a virus in an attachment you = (dolphin@dolphinwave.org) sent to KAUTENBURG GARY P. To ensure the recipient(s) are able to use the files you sent, perform a = virus scan on your computer, clean any infected files, then resend this = attachment. Attachment: bill.zip Virus name: W32.Netsky.P@mm Action taken: Clean failed : Quarantine succeeded :=20 File status: Infected ------_=_NextPart_001_01C43C0B.C9D5A3FD Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+IgEMAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAIQAAAFZpcnVzIEZvdW5kIGluIG1l c3NhZ2UgIm15IGJpbGwiAD4LAQWAAwAOAAAA1AcFABEABwAmAAAAAQAfAQEggAMADgAAANQHBQAR AAcAJgAAAAEAHwEBCYABACEAAABDRjU5RTMxRTIwN0Y2QjREOEREMDdFRTlEQjA2NEQ4MABqBwED kAYAIAYAACIAAAADADYAAAAAAEAAOQD9o9XJCzzEAR4APQABAAAAAQAAAAAAAAACAUcAAQAAADgA AABjPXVzO2E9IDtwPU9DU0QgRXhjaGFuZ2UgMks7bD1ETy1FMkstMDQwNTE3MTIzODAwWi04MjY3 AB4AcAABAAAAIQAAAFZpcnVzIEZvdW5kIGluIG1lc3NhZ2UgIm15IGJpbGwiAAAAAAIBcQABAAAA FgAAAAHEPAvJ1To7DLoGBUe6gdyMOH91qU0AAB4AGgwBAAAAEgAAAEtBVVRFTkJVUkcgR0FSWSBQ AAAAHgAdDgEAAAAhAAAAVmlydXMgRm91bmQgaW4gbWVzc2FnZSAibXkgYmlsbCIAAAAAAgEJEAEA AADkAQAA4AEAAMICAABMWkZ13FUgBQMACgByY3BnMTI14jIDQ3RleAVBAQMB9/8KgAKkA+QHEwKA D/MAUARWPwhVB7IRJQ5RAwECAGNo4QrAc2V0MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7GB8OMDUR IgxgYwBQ8wsJAWQzNhZQC6YHsBfBBwIgEMACMGlWaXJ1AwQgAhB1bmQgYSB+dh2zC4AeUB7xAkAA 0GgTB4ACMCB5CGAgKGQpBvBwaAuAQCBFd2GIdmUuBbBnKSAUEAMfwR0gIEtBVVRFAE5CVVJHIEdB 4FJZIFAuCqIKhAqAVlQiMAnwcwhwZSIQaDsksBggYwUgCJACMChz7yGwCsAksAGgbCSxIjAd0D0k tGYDEAeRH/Ih0iwg5nAEkAIQcm0eVwTwA5GPHTEf8QXABaBtcHUOsJpyKABjJkAfEm55HtH+ZgWQ DrAeQCcjKAAk0QOg/xggIdEeQCTQBAAfOSNrI3RCQR9XOiAgYgMQbJwuegUgI3QdpG5hB4AhL7BX MzIuB8B0c4BreS5QQG1tLrVtK3BpHTEBkGsJ8C+xQz0qo2YLcCZAHkAvsFF1NwrAAHAdgG4ksCSA Y2PvCeABADRyI3RGJzEhwAGQNnQd0C+xSStFLf8KfQE5EB4ANRABAAAAOQAAADwzQUYxQjlGMjUz QkYxNDQ2ODcyRDIwQTc4OEQ0NDgxMDUxMjM1MEBkby1lMmsub2NzZC5lZHU+AAAAAB8A8xABAAAA UgAAAFYAaQByAHUAcwAgAEYAbwB1AG4AZAAgAGkAbgAgAG0AZQBzAHMAYQBnAGUAIAAlADIAMgBt AHkAIABiAGkAbABsACUAMgAyAC4ARQBNAEwAAAAAAAsA9hAAAAAAQAAHME/f0MkLPMQBQAAIMFQG 2MkLPMQBAwDxPwkEAAAeAPg/AQAAABIAAABLQVVURU5CVVJHIEdBUlkgUAAAAAIB+T8BAAAAeAAA AAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1PQ1NEIEVYQ0hBTkdFIDJLIE9SR0FOSVpB VElPTi9PVT1GSVJTVCBBRE1JTklTVFJBVElWRSBHUk9VUC9DTj1SRUNJUElFTlRTL0NOPUdLQVVU RU5CVVJHAB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB+z8BAAAAHgAAAAAA AADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMAGkAAAAAAHgAw QAEAAAAMAAAAR0tBVVRFTkJVUkcAHgAxQAEAAAAMAAAAR0tBVVRFTkJVUkcAHgA4QAEAAAAMAAAA R0tBVVRFTkJVUkcAHgA5QAEAAAACAAAALgAAAAsAKQAAAAAACwAjAAAAAAADAAYQB+LX6AMABxBB AQAAAwAQEAAAAAADABEQAAAAAB4ACBABAAAAZQAAAE5PUlRPTkFOVElWSVJVU0ZPVU5EQVZJUlVT SU5BTkFUVEFDSE1FTlRZT1UoRE9MUEhJTkBET0xQSElOV0FWRU9SRylTRU5UVE9LQVVURU5CVVJH R0FSWVBUT0VOU1VSRVRIRVIAAAAAAgF/AAEAAAA5AAAAPDNBRjFCOUYyNTNCRjE0NDY4NzJEMjBB Nzg4RDQ0ODEwNTEyMzUwQGRvLWUyay5vY3NkLmVkdT4AAAAAim4= ------_=_NextPart_001_01C43C0B.C9D5A3FD-- === My reply === From: Admin Reply-To: admin@dolphinwave.org Organization: Private person X-KMail-Identity: 816296 Subject: Fwd: Virus Found in message "my bill" Date: Mon, 17 May 2004 15:53:02 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1734460 X-KMail-Link-Type: forward To: postmaster@oakcreek.k12.wi.us, postmaster@ocsd.edu, admin@dolphinwave.org X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_uWLqAAQYMB9IEp/" Message-Id: <200405171553.02173@2004.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: --Boundary-00=_uWLqAAQYMB9IEp/ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Please, STOP bouncing your bogus "virus notifications" back to the "Sender" header of e-mails! It is known for more than a year that the last viruses forge the Sender's e-mail address, and you just flood the innocent third parties with your bogus warnings. Mind, I do not even run Windows and can not be infected by that! And no, dolphin@dolphinwave.org did NOT send anything of that to your luser. ---------- Forwarded Message ---------- === Bounce 1 === Received: from localhost (localhost) by mail.dolphinwave.org (8.12.8/8.12.8) id i4HCrj0u017474; Mon, 17 May 2004 15:53:45 +0300 Date: Mon, 17 May 2004 15:53:45 +0300 From: Mail Delivery Subsystem Message-Id: <200405171253.i4HCrj0u017474@mail.dolphinwave.org> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="i4HCrj0u017474.1084798425/mail.dolphinwave.org" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) X-Loop: dev.null@dolphinwave.org Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: This is a MIME-encapsulated message --i4HCrj0u017474.1084798425/mail.dolphinwave.org The original message was received at Mon, 17 May 2004 15:53:05 +0300 from [217.22.116.175] ----- The following addresses had permanent fatal errors ----- (reason: 550 Host unknown) ----- Transcript of session follows ----- 550 5.1.2 ... Host unknown (Name server: ocsd.edu: host not found) --i4HCrj0u017474.1084798425/mail.dolphinwave.org Content-Type: message/delivery-status Reporting-MTA: dns; mail.dolphinwave.org Received-From-MTA: DNS; [217.22.116.175] Arrival-Date: Mon, 17 May 2004 15:53:05 +0300 Final-Recipient: RFC822; postmaster@ocsd.edu Action: failed Status: 5.1.2 Remote-MTA: DNS; ocsd.edu Diagnostic-Code: SMTP; 550 Host unknown Last-Attempt-Date: Mon, 17 May 2004 15:53:45 +0300 --i4HCrj0u017474.1084798425/mail.dolphinwave.org Content-Type: message/rfc822 === Bounce 2 === Received: from do-e2k.ocsd.edu (oakcreek.k12.wi.us [24.106.50.146]) by mail.dolphinwave.org (8.12.8/8.12.8) with ESMTP id i4HCrp0u017535 for ; Mon, 17 May 2004 15:53:54 +0300 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="----_=_NextPart_001_01C43C0D.616D2200" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546 content-class: urn:content-classes:dsn Subject: Delivery Status Notification (Failure) Date: Mon, 17 May 2004 07:49:24 -0500 Message-ID: X-MS-Has-Attach: yes X-MS-TNEF-Correlator: From: To: "Admin" X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 6.25.0.3; VDF 6.25.0.65 X-Loop: dev.null@dolphinwave.org Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: This is a multi-part message in MIME format. ------_=_NextPart_001_01C43C0D.616D2200 Content-Type: text/plain; charset="utf-7" Content-Transfer-Encoding: 7bit Your message To: postmaster+AEA-oakcreek.k12.wi.us+ADs- postmaster+AEA-ocsd.edu+ADs- admin+AEA-dolphinwave.org Subject: Fwd: Virus Found in message +ACI-my bill+ACI- Sent: Mon, 17 May 2004 07:53:02 -0500 did not reach the following recipient(s): postmaster+AEA-oakcreek.k12.wi.us on Mon, 17 May 2004 07:49:24 -0500 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. +ADw-do-e2k.ocsd.edu +ACM-5.1.1+AD4- ------_=_NextPart_001_01C43C0D.616D2200 Content-Type: message/delivery-status Content-Transfer-Encoding: 7bit Reporting-MTA: dns; do-e2k.ocsd.edu Final-Recipient: RFC822; postmaster@oakcreek.k12.wi.us Action: failed Status: 5.1.1 X-Supplementary-Info: X-Display-Name: postmaster@oakcreek.k12.wi.us ------_=_NextPart_001_01C43C0D.616D2200 Content-Type: message/rfc822 === My another attempt to contact admins === From: Admin Reply-To: admin@dolphinwave.org Organization: Private person X-KMail-Identity: 816296 Subject: BOGUS VIRUS WARNINGS! [Fwd: Virus Found in message "my bill"] Date: Mon, 17 May 2004 15:56:00 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1734460 X-KMail-Link-Type: forward To: postmaster@k12.wi.us, postmaster@do-e2k.ocsd.edu, admin@dolphinwave.org X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Message-Id: <200405171553.02173@2004.dolphinwave.org> Status: RO X-Status: S Content-Type: Multipart/Mixed; boundary="Boundary-00=_gZLqAQxjR5WNC4D" X-KMail-EncryptionState: N X-KMail-SignatureState: N --Boundary-00=_gZLqAQxjR5WNC4D Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Please, STOP bouncing your bogus "virus notifications" back to the "Sender" header of e-mails! It is known for more than a year that the last viruses forge the Sender's e-mail address, and you just flood the innocent third parties with your bogus warnings. Mind, I do not even run Windows and can not be infected by that! And no, dolphin@dolphinwave.org did NOT send anything of that to your luser. ---------- Forwarded Message ---------- === Bounce === Received: from localhost (localhost) by mail.dolphinwave.org (8.12.8/8.12.8) id i4HCuo0u017643; Mon, 17 May 2004 15:56:50 +0300 Date: Mon, 17 May 2004 15:56:50 +0300 From: Mail Delivery Subsystem Message-Id: <200405171256.i4HCuo0u017643@mail.dolphinwave.org> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="i4HCuo0u017643.1084798610/mail.dolphinwave.org" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) X-Loop: dev.null@dolphinwave.org Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: This is a MIME-encapsulated message --i4HCuo0u017643.1084798610/mail.dolphinwave.org The original message was received at Mon, 17 May 2004 15:56:09 +0300 from [217.22.116.175] ----- The following addresses had permanent fatal errors ----- (reason: 550 Host unknown) ----- Transcript of session follows ----- 550 5.1.2 ... Host unknown (Name server: do-e2k.ocsd.edu: host not found) 550 5.1.2 ... Host unknown (Name server: k12.wi.us: no data known) --i4HCuo0u017643.1084798610/mail.dolphinwave.org Content-Type: message/delivery-status Reporting-MTA: dns; mail.dolphinwave.org Received-From-MTA: DNS; [217.22.116.175] Arrival-Date: Mon, 17 May 2004 15:56:09 +0300 Final-Recipient: RFC822; postmaster@do-e2k.ocsd.edu Action: failed Status: 5.1.2 Remote-MTA: DNS; do-e2k.ocsd.edu Diagnostic-Code: SMTP; 550 Host unknown Last-Attempt-Date: Mon, 17 May 2004 15:56:50 +0300 Final-Recipient: RFC822; postmaster@k12.wi.us Action: failed Status: 5.1.2 Remote-MTA: DNS; k12.wi.us Last-Attempt-Date: Mon, 17 May 2004 15:56:50 +0300 --i4HCuo0u017643.1084798610/mail.dolphinwave.org Content-Type: message/rfc822