Completely understood. You can't be too paranoid about security

But I'm still suspecting that it was just another bug with the already bug-riddled member database code, rather than the result of malicious activity. Bugs like this can stay hidden for years, suddenly show up when there's a rare coincidence of user IDs, thread IDs, and the current phase of the moon, and then disappear again until the next time. Even as we speak, somebody somewhere might be wondering why he's not getting notification e-mails for threads he subscribed to. But that's a lot less noticeable than getting spammed, hence it doesn't get reported.

Since you posted the full headers including Message IDs, Linode staff may be able to track them down -- or at least change their settings so that any future incidence of this bug goes on the record. While they're doing so, just change your passwords and relax. If you get any more e-mails, please post those Message IDs, too.

Take it easy, life's too short to get all stressed up.

I'm not discounting a potential bug, nor am I discounting a potential security flaw in an old unmaintained forum software. It could be either one. I'll let Linode check that out. In the mean time, I'll save all the emails to my hard disk, in case Linode asks for them. After looking at the headers, though, I don't think they were forged; I think they were actually sent by the forum, and that it's a matter of if there's a bug in the forum that needs fixed.

And yes, all my passwords are changed. I also changed the email address I have on my forum profile.

_________________
Kris the Piki Geeker