[Discuss] Hacked or Scam?

David Kramer david at thekramers.net
Wed Jan 16 15:20:29 EST 2019 

I've gotten two of these emails so far saying my email is hacked.  I get 
these kinds of emails all the time about a password that got exposed in 
a company breach, but I haven't used that password in a long time, so 
I'm not worried about that.  Just making sure I should not be worried 
about this either.  My mail server is a Linode node running postfix, 
amavix, spamassassin, and dovecot.

Looking at the headers, it looks to me like they just sent an email to 
my server through their server like normal, not that it originated on my 
server.  Using "last" I don't see any logins that were probably not me.

Return-Path: <david at thekramers.net>
Delivered-To: david at thekramers.net
Received: from zenyatta.bostongeeks.net
	by zenyatta.bostongeeks.net with LMTP id cIJcBpCJP1znZgAAFPy8Cg
	for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500
Received: from localhost (localhost [127.0.0.1])
	by zenyatta.bostongeeks.net (Postfix) with ESMTP id 1360A3E861
	for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at bostongeeks.net
X-Spam-Flag: NO
X-Spam-Score: 3.033
X-Spam-Level: ***
X-Spam-Status: No, score=3.033 tagged_above=-999 required=6
	tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	MIME_HTML_ONLY=0.723, MISSING_MID=0.497, RCVD_IN_SBL_CSS=3.335]
	autolearn=no autolearn_force=no
Received: from zenyatta.bostongeeks.net ([127.0.0.1])
	by localhost (mail.bostongeeks.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id l5Wdu0TKdSPB for <david at thekramers.net>;
	Wed, 16 Jan 2019 14:44:15 -0500 (EST)
Received: from serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23])
	by zenyatta.bostongeeks.net (Postfix) with ESMTPS id 492533E844
	for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:15 -0500 (EST)
MIME-Version: 1.0
From: "david at thekramers.net" <david at thekramers.net>
To: david at thekramers.net
Date: 16 Jan 2019 11:32:08 -0800
Subject: Your email was hacked!
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <20190116194416.1360A3E861 at zenyatta.bostongeeks.net>
Hi There,<br><br>As you can tell from the subject of this mail yo=
ur software has been jeopardized. Check out this COMPLETE mail to=
  learn how it occurred and exactly what action to take.<br>
...


Do you agree this is just a scam mail sent to me?  The "Received: from serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23])" seems pretty conclusive to me.

Is there anything else I can check?
Thanks.

More information about the Discuss mailing list