Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Random emails sent from me then back to me?

  • Please log in to reply
2 replies to this topic

#1 Robdiqulous


  • Members
  • 8 posts
  • Local time:02:50 AM

Posted 05 April 2016 - 07:59 AM

Hello everyone,


I am not sure if this is a virus or something of the type or what it is. I have been getting random emails with a bunch of gibberish and it looks like they are from me? or trying to send to somewhere but then getting returned? I am not too sure. I couldn't follow the route. I will be replacing my email address in the posting with MY EMAIL. Also will be blocking out IP addresses. I am not sure which ones are part of my company and not. Let me know if the IP addresses are needed. I don't recall ever dealing with or sending anything to Macy's. These also come with 2 attachments I believe usually. I should say I am using "me" as in I am doing work for this employee at my work where I am doing some IT support and whatever else they need. This issue is something new though. Nothing came up on Malwarebytes or anti virus.


These are the emails:



-----Original Message-----
From: mailer-daemon@fibertel.com.ar [mailer-daemon@fibertel.com.ar]
On Behalf Of The Post Office
Sent: Wednesday, March 30, 2016 6:03 PM
Subject: [SPAM?] Returned mail: see the transcript [DELAYED(1)]

This is a collection of reports about email delivery process concerning a
message you originated.

Some explanations/translations for these reports can be found at:

If you are our customer, further help is available at email address:
Reporting-MTA: dns; avas24.fibertel.com.ar
Return-Path: < MY EMAIL >
Arrival-Date: Sun, 27 Mar 2016 20:00:49 -0300
Local-Spool-ID: S1605559AbcC0XAt

DELAYED (still in queue):
Arrived Recipient:
Original Recipient:
Final Recipient:
X-LOCAL;try again
4.4.3 (Temporary routing lookup failure)
Last Attempt Date:
Wed, 30 Mar 2016 19:03:27 -0300
Diagnostic Code:
x-local; 466 (Temporary routing lookup failure)
Control data:
hold NS:oyivg.jamhm.top/any Macys-Holiday-Reward@oyivg.jamhm.top 99
Diagnostic texts:
expired after 3 days, problem was:
try again

Following is a copy of MESSAGE/DELIVERY-STATUS format section below.
It is copied here in case your email client is unable to show it to you.
The information here below is in Internet Standard format designed to
assist automatic, and accurate presentation and usage of said information.
In case you need human assistance from the Postmaster(s) of the system which
sent you this report, please include this information in your question!

Virtually Yours,
Automatic Email Delivery Software

Reporting-MTA: dns; avas24.fibertel.com.ar
Arrival-Date: Sun, 27 Mar 2016 20:00:49 -0300
Local-Spool-ID: S1605559AbcC0XAt

Original-Recipient: rfc822;Macys-Holiday-Reward@oyivg.jamhm.top
Final-Recipient: X-LOCAL;try again
Action: delayed
Status: 4.4.3 (Temporary routing lookup failure)
Last-Attempt-Date: Wed, 30 Mar 2016 19:03:27 -0300
Diagnostic-Code: x-local; 466 (Temporary routing lookup failure)

Following is copy of the message headers. Original message content may be in
subsequent parts of this MESSAGE/DELIVERY-STATUS structure.

Received: from IP ADDRESS.speedy.com.ar ([SAME IP ADDRESS]:62182 "EHLO
fusa.org" smtp-auth: "davidsalischiker@fibertel.com.ar"
rhost-flags-OK-FAIL-OK-FAIL) by avas-mr24.fibertel.com.ar with
id S1605559AbcC0XAt; Sun, 27 Mar 2016 20:00:49 -0300
From: < MY EMAIL >
To: Macys Holiday Gift,
Macys Holiday Reward,
Macys Pre-Holiday Reward,
Macys Pre-Holiday Reward,
"Macys Pre-Holiday Voucher"
Subject: Fw: new important message
Date: Mon, 28 Mar 2016 02:00:39 +0300
Message-ID: <00002aea4063$ca9895bb$b605cb6b$@freemanmfg.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdF/WsZUA8RUlSBIrkMpHd58aejtSA==
Content-Language: en-us
X-Fib-Al-Info: Al
X-Fib-Al-MRId: 64d7907ea7dc0cf23088606b2372b9af
X-Fib-Al: noav
X-Fib-Al-SA: analyzed
X-Fib-Al-From: MY EMAIL




That was the first email. Here is the other one I get.




-----Original Message-----

From: Mail Delivery System [MAILER-DAEMON@ubuntu-mail.aim-medical.hu]

Sent: Friday, April 01, 2016 8:09 PM
Subject: Undelivered Mail Returned to Sender

This is the mail system at host ubuntu-mail.aim-medical.hu.

I'm sorry to have to inform you that your message could not be delivered to
one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own
text from the attached returned message.

The mail system

<info@lightsonromance.com>: connect to
lightsonromance.com[SOME IP ADDRESS]:25:
Connection timed out




Thanks for the help let me know if you have any questions.



BC AdBot (Login to Remove)


#2 Will5200


  • Members
  • 141 posts
  • Gender:Male
  • Location:United States
  • Local time:02:50 AM

Posted 05 April 2016 - 08:16 AM

Per ICANN: https://whois.icann.org/en/lookup?name=lightsonromance.com. Enom is the registrar, domain was created last November, the admin contact is a well known fake to those who deal with spam (me). The IP address per HPHosts, http://hosts-file.net/default.asp?s=lightsonromance.com (, I have seen this host before. This is nothing more than spam and IMHO I would take steps to Blacklist the domain and IP address range. Cheers.

#3 Robdiqulous

  • Topic Starter

  • Members
  • 8 posts
  • Local time:02:50 AM

Posted 05 April 2016 - 08:24 AM

So there is nothing coming from my email? They just make it look like that? Because in the first one it looks like it says I am emailing things to Macy's. Also I should block that IP you linked but should I block the other random IP that is in the email? It is different than that one. The one next to speedy.com.ar.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users