BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Hacked or Scam?
- Subject: [Discuss] Hacked or Scam?
- From: david at thekramers.net (David Kramer)
- Date: Wed, 16 Jan 2019 15:20:29 -0500
I've gotten two of these emails so far saying my email is hacked.? I get these kinds of emails all the time about a password that got exposed in a company breach, but I haven't used that password in a long time, so I'm not worried about that.? Just making sure I should not be worried about this either.? My mail server is a Linode node running postfix, amavix, spamassassin, and dovecot. Looking at the headers, it looks to me like they just sent an email to my server through their server like normal, not that it originated on my server.? Using "last" I don't see any logins that were probably not me. Return-Path: <david at thekramers.net> Delivered-To: david at thekramers.net Received: from zenyatta.bostongeeks.net by zenyatta.bostongeeks.net with LMTP id cIJcBpCJP1znZgAAFPy8Cg for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500 Received: from localhost (localhost [127.0.0.1]) by zenyatta.bostongeeks.net (Postfix) with ESMTP id 1360A3E861 for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:16 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at bostongeeks.net X-Spam-Flag: NO X-Spam-Score: 3.033 X-Spam-Level: *** X-Spam-Status: No, score=3.033 tagged_above=-999 required=6 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723, MISSING_MID=0.497, RCVD_IN_SBL_CSS=3.335] autolearn=no autolearn_force=no Received: from zenyatta.bostongeeks.net ([127.0.0.1]) by localhost (mail.bostongeeks.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5Wdu0TKdSPB for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:15 -0500 (EST) Received: from serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23]) by zenyatta.bostongeeks.net (Postfix) with ESMTPS id 492533E844 for <david at thekramers.net>; Wed, 16 Jan 2019 14:44:15 -0500 (EST) MIME-Version: 1.0 From: "david at thekramers.net" <david at thekramers.net> To: david at thekramers.net Date: 16 Jan 2019 11:32:08 -0800 Subject: Your email was hacked! Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <20190116194416.1360A3E861 at zenyatta.bostongeeks.net> Hi There,<br><br>As you can tell from the subject of this mail yo= ur software has been jeopardized. Check out this COMPLETE mail to= learn how it occurred and exactly what action to take.<br> ... Do you agree this is just a scam mail sent to me? The "Received: from serv3.h4ackservice.ml (serv3.h4ackservice.ml [162.244.82.23])" seems pretty conclusive to me. Is there anything else I can check? Thanks.
- Follow-Ups:
- [Discuss] Hacked or Scam?
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] Hacked or Scam?
- Prev by Date: [Discuss] Boston Linux Meeting reminder, tomorrow Wednesday, January 16, 2019 corrected room
- Next by Date: [Discuss] Hacked or Scam?
- Previous by thread: [Discuss] Boston Linux Meeting reminder, tomorrow Wednesday, January 16, 2019 corrected room
- Next by thread: [Discuss] Hacked or Scam?
- Index(es):