Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Hacked or Scam?

I've gotten two of these emails so far saying my email is hacked.? I get 
these kinds of emails all the time about a password that got exposed in 
a company breach, but I haven't used that password in a long time, so 
I'm not worried about that.? Just making sure I should not be worried 
about this either.? My mail server is a Linode node running postfix, 
amavix, spamassassin, and dovecot.

Looking at the headers, it looks to me like they just sent an email to 
my server through their server like normal, not that it originated on my 
server.? Using "last" I don't see any logins that were probably not me.

Return-Path: <david at>
Delivered-To: david at
Received: from
	by with LMTP id cIJcBpCJP1znZgAAFPy8Cg
	for <david at>; Wed, 16 Jan 2019 14:44:16 -0500
Received: from localhost (localhost [])
	by (Postfix) with ESMTP id 1360A3E861
	for <david at>; Wed, 16 Jan 2019 14:44:16 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 3.033
X-Spam-Level: ***
X-Spam-Status: No, score=3.033 tagged_above=-999 required=6
	tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	autolearn=no autolearn_force=no
Received: from ([])
	by localhost ( []) (amavisd-new, port 10024)
	with ESMTP id l5Wdu0TKdSPB for <david at>;
	Wed, 16 Jan 2019 14:44:15 -0500 (EST)
Received: from ( [])
	by (Postfix) with ESMTPS id 492533E844
	for <david at>; Wed, 16 Jan 2019 14:44:15 -0500 (EST)
MIME-Version: 1.0
From: "david at" <david at>
To: david at
Date: 16 Jan 2019 11:32:08 -0800
Subject: Your email was hacked!
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <20190116194416.1360A3E861 at>
Hi There,<br><br>As you can tell from the subject of this mail yo=
ur software has been jeopardized. Check out this COMPLETE mail to=
  learn how it occurred and exactly what action to take.<br>

Do you agree this is just a scam mail sent to me?  The "Received: from ( [])" seems pretty conclusive to me.

Is there anything else I can check?

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /