[Vermutlich Viren/Trojaner] US Postal Service

[ute]

Moin,

zuerst mal den Header - ist ziemlich lang und mir völlig unverständlich

header:

01: Return-Path: <outlastingw6 [at] booking.com>
02: Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46])
03: 	 by slots5b2p4 (Cyrus git2.5+0-git-fastmail-7788) with LMTPA;
04: 	 Tue, 20 Mar 2012 xx:xx:xx -0400
05: X-Sieve: CMU Sieve 2.4
06: X-Spam-score: 0.0
07: X-Spam-hits: BAYES_00 -1.9, DCC_CHECK 1.5, HTML_MESSAGE 0.001,
08:   RCVD_IN_DNSWL_NONE -0.0001, TVD_RCVD_SPACE_BRACKET 0.001,
09:   UNPARSEABLE_RELAY 0.001, BAYES_USED global, SA_VERSION 3.3.1
10: X-Spam-source: IP='81.169.146.148', Host='mi-ob.rzone.de', Country='DE',
11: 	FromHeader='com',
12:   MailFrom='com'
13: X-Spam-charsets: plain='iso-8859-2', html='iso-8859-2'
14: X-Attached: USPS-ShipmentInfo-ID-0574-5436-7425-7519-9806-84.zip
15: X-Resolved-to: ute [at] ute.ute
16: X-Delivered-to: ute [at] ute.ute
17: X-Mail-from: outlastingw6 [at] booking.com
18: Received: from mx3.nyi.mail.srv.osa ([10.202.2.202])
19:   by compute6.internal (LMTPProxy); Tue, 20 Mar 2012 xx:xx:xx -0400
20: Received: from mi-ob.rzone.de (mi-ob.rzone.de [81.169.146.148])
21: 	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
22: 	(No client certificate requested)
23: 	by mx3.nyi.mail.srv.osa (Postfix) with ESMTPS ID: [ID filtered]
24: 	for <poor [at] spamvictim.tld>; Tue, 20 Mar 2012 xx:xx:xx -0400 (EDT)
25: X-RZG-FWD-BY: ute [at] ute.ute
26: Received: from mailin.rzone.de (voltan mi63) ([unix socket])
27: 	by mailin.rzone.de (voltan mi63) (RZmta 28.2) with LMTPA;
28: 	Tue, 20 Mar 2012 xx:xx:xx +0100 (MET)
29: X-Authentication-Results: mailin.rzone.de (voltan mi63) (RZmta 28.2)
30: 	header.From=customer.usps.com;
31: 	dkim=bad signature;
32: 	diagnostics=Signature was available but failed to verify against
33: 	domain specified key
34: DomainKey-Status: bad
35: 	From=customer.usps.com;
36: 	verified by mailin.rzone.de (voltan mi63);
37: 	diagnostics=Signature was available but failed to verify against
38: 	domain specified key
39: X-RZG-CLASS-ID: [ID filtered]
40: Received: from port-212-202-134-146.static.qsc.de ([212.202.134.146])
41: 	by mailin.rzone.de (voltan mi63) (RZmta 28.2 OK)
42: 	with SMTP ID: [ID filtered]
43: 	Tue, 20 Mar 2012 xx:xx:xx +0100 (MET)
44: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=spop; d=customer.usps.com;
45: 	h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe;
46: 	i=email [at] customer.usps.com; bh=65myiKwdPjaBUeMBvhiYRSwZL6c=;
47: 	b=KG7TapgjObChztxXxXmOVipwn4hV6EsmCtZXe6o+IlAKiN7FCHt07Vs+ji6dg2GAjTXyMIRSPsVy
48: 	w2G7Z+YMvw==
49: DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=spop; d=customer.usps.com; 
50: 	b=uRnyv7k81KhRahf1O9okMj1qyV4BSbQukNCXSS1sLrEWAd9daoHWHN/olNsXLA5yzzjXvrUYXpin
51: 	WZWEgxkrjA==;
52: Received: by mail3913.usps.mkt2991.com (PowerMTA(TM) v3.5r16) ID: [ID filtered]
53: From: "U.S. Postal Service" <email [at] customer.usps.com>
54: To: <poor [at] spamvictim.tld>
55: Subject: USPS Shipment Info for  8934 4680 8912 4161 4061 7732
56: Date: Tue, 20 Mar 2012 xx:xx:xx +0100
57: MIME-Version: 1.0
58: X-Priority: 3
59: Message-ID: [ID filtered]
60: Content-Type: multipart/mixed;
61:   boundary="----=x__sovk_17_86_31"
62: X-Truedomain-Domain: customer.usps.com
63: X-Truedomain-SPF: Neutral (mx3: 81.169.146.148 is neither permitted nor denied by
64: 	domain of booking.com)
65: X-Truedomain-DKIM: Fail (Bad signature; failed to verify against domain specified key)
66: X-Truedomain-ID: [ID filtered]
67: X-Truedomain: Neutral

Das hat mir der "US Postal Service" gemailt:

This is a post-only message. Please do not respond.

Someone has requested that you receive a Track & Confirm update, as shown below.

Track & Confirm e-mail update information provided by the U.S. Postal Service.

Label Number: 6609 3274 0598 9748 3860 9924

Service Type: Priority Mail Delivery Confirmation

Shipment Activity - Please refer to attached report for full detailes
Electronic Shipping 03/20/2012
Info Received


Reminder: Track & Confirm by email

Date of email request: 03/10/2012

Future activity will continue to be emailed for up to 2 weeks from the Date of Request shown above. If you need to initiate the Track & Confirm by email process again at the end of the 2 weeks, please do so at the USPS Track & Confirm web site at http://www.usps.com/shipping/trackandconfirm.htm



USPS has not verified the validity of any email addresses submitted via its online Track & Confirm tool.


For more information, or if you have additional questions on Track & Confirm services and features, please visit the Frequently Asked Questions (FAQs) section of our Track & Confirm site at http://www.usps.com/shipping/trackandconfirmfaqs.htm


1 Express Mail service commitments are based on drop-off times. See Retail Associate or USPS.com Ž for details.
2 Some restrictions apply.
3 Go to usps.com/pickup for details.

Š2012 United States Postal ServiceŽ. All Rights Reserved.
The Eagle Logo and the trade dress of USPSŽ Packaging are among the many trademarks of the U.S. Postal ServiceŽ.

Privacy Notice : For more information regarding our privacy policies, visit usps.com/privacypolicy

Das Attachment ist ein ZIP-File, den ich natürlich nicht geöffnet habe.

Perfide dabei ist, daß ich hin und wieder tatsächlich Ware aus USA bekomme. Die Mail ging auch an meine Geschäfts-E-Mail-Adresse, unter der ich mit meinen US-Partnern Kontakt halte.

[schara56]

Soweit ich das sehe hat da jemand unter der IP ^whois:212.202.134.146 einen Small Business Server direkt an die QSC-Leitung gehängt.
SMTP (TCP 25) ist aber schon dicht.