A message from <apache@mydomain.org>
to: support@mydomain.org

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 29902-10/WFh9jabPpGXB

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases some balance between
losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on either side.


Return-Path: <apache@mydomain.org>
From: fajuua@ctzuhc.com
Message-ID: <20100115171629.45DAA10449@mail.mydomain.org>
Subject: [mydomain] VJIAaXukaP

Delivery of the email was stopped!


dsn_status

Reporting-MTA: dns; mail.mydomain.org
Received-From-MTA: smtp; mail.mydomain.org ([127.0.0.1])
Arrival-Date: Fri, 15 Jan 2010 18:16:30 +0100 (CET)

Original-Recipient: rfc822;support@mydomain.org
Final-Recipient: rfc822;support@mydomain.org
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=29902-10 - SPAM
Last-Attempt-Date: Fri, 15 Jan 2010 18:16:30 +0100 (CET)
Final-Log-ID: 29902-10/WFh9jabPpGXB


header

Return-Path: <apache@mydomain.org>
Received: by mail.mydomain.org (Postfix, from userid 48)
   id 45DAA10449; Fri, 15 Jan 2010 18:16:29 +0100 (CET)
To: support@mydomain.org
Subject: [mydomain] VJIAaXukaP
From: fajuua@ctzuhc.com
MIME-Version: 1.0
Content-Type: text/html;
Message-Id: <20100115171629.45DAA10449@mail.mydomain.org>
Date: Fri, 15 Jan 2010 18:16:29 +0100 (CET)

I often receive email like this, my VPS isn't an open relay and my email forms are quite secure.
May I need to worry about this? What does it means?
Have you ever received mail like this?

With your obfuscation, I'm having trouble determining what that email means. Does it show your VPS's IP address in the sender's header? I receive spoofed spam bounces from time to time, but they usually don't have my server's IP.

No obfuscation in my post,
I only changed the domain name in mydomain.org ...

Is it possible that the email is not spam at all, and just caused by the fact that ctzuhc.com does not resolve?

I don't know, I'm asking here to understand why of this email...
thanks for your patience

It is absolutely trivial to send email "from" anyone at all. If you've double and triple checked your setup and your logs, this would be the reason.

I receive mail like this once a week and I don't want that my email address will be inserted in some spam list...
what do you think about that?

my mail logs is huge, is there a way to filter it to see only the email sent from my server? in that way I can see if someone non authorized is using my vps to send email...
thanks.

cat /var/log/maillog | grep 'from=<my@email.com>'

... or similar. It would likely depend on your mailserver.

it seems that there is nothing of strange in my log, can't understand why I receive this email...
am I the only one who receive this kind of email?

It's a big bad internet out there and spammers could care less what you think about them using your email address as their spoofed from/reply to address.

Nor is there anything you can do to stop them.

You would hope that people would be smart enough to have filters on THEIR email server to drop mail that doesn't have matching sender IP vs sender domain - but don't count on it.

I've got a few over the years. People send email "from" my address and I get the backscatter. SPF can prevent a lot of this, but very few people set it up, never mind correctly.

I setup SPF then bitch at admins who bounce email, I didn't send, to me.

SPF isn't required to get after admins for this. They should be rejecting mail at SMTP time, not generating new bounce mails and firing them wherever the spam told them to. Admins doing that are almost as bad as the spammers.

Right, but if the admin checks SPF, then at least he can be sure that he bounces it back to the right person. That is assuming that the sending domain has SPF configured.

My point is that it is a misconfigured server which generates new bounce messages.

A properly configured server rejects mail at SMTP time, and that's all it has to do. If you're generating bounce emails you've already lost.