<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Hello,</div><div><br></div><div>You can until Clinton, or one of the other admins has a chance to take a look at it. Or, you can look at my suggestions while you wait - for what they're worth.</div><div><br></div>I'm not an admin nor do I have any knowledge of PHP or wordpress for that matter. With these shortcomings revealed, I'd suggest you drill down into your wordprss PHP scripts. It might be the source of the PHP injection attack that turns your wordpress instance into a spam machine. Is 10924 your user id?<div><br><blockquote type="cite">X-PHP-Originating-Script: 10924:akismet.php(32) : runtime-created function(9) : eval()'d code(1) : eval()'d code</blockquote><div><br></div><div><br></div><div>The X-Originating-IP field could be spoofed, but ask yourself: does the address 89.28.14.25 seem reasonable? It's a dynamic IP address belonging to the Starnet ISP in Moldova.</div><div><br></div><div><blockquote type="cite">X-Originating-IP: 89.28.14.35</blockquote></div><div><br></div>I'm sure there's a log somewhere of outbound email, but you might need some admin permissions to view it. You could search it by the 'To:' and 'Message-Id:' fields you're seeing in this bounce summaries. This would tell you if indeed your site is originating the spam.</div><div><br></div><div>Have you searched to see of any PHP injection attacks against this version of wordpress? Ones with a locus of line 32 in akismet.php. Here's one I just stumbled across with a simple google search…</div><div><br></div><div> <a href="http://wordpress.org/support/topic/site-hacked-through-akismet">http://wordpress.org/support/topic/site-hacked-through-akismet</a></div><div><br></div><div>This forum post above might have some provocative insights for you, short of shutting down your site.</div><div><br></div><div>Good luck and have fun!</div><div><br></div><div>-- Jesse Shumway <layline AT <a href="http://hcoop.net">hcoop.net</a>><br><br><div><div>On May 17, 2013, at 3:02 PM, Yagnesh Raghava Yakkala <<a href="mailto:yagnesh@hcoop.net">yagnesh@hcoop.net</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br>Hello all,<br><br>My inbox is getting filled with mail delivery failure notices today (similar<br>to the attached mail). It looks like it has something to do with akismet spam<br>filter on my wordpress site (<a href="http://sapporoindians.com">sapporoindians.com</a>). I don't understand the<br>problem.<br><br>Any insights would great on:<br>- how to know which program is initiating mail delivery<br>- how to stop receiving failure notices to my inbox<br><br>FYI, I haven't touched anything on my site for a long while now.<br><br>Thanks.<br><br><br><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">Mail Delivery System <<a href="mailto:Mailer-Daemon@deleuze.hcoop.net">Mailer-Daemon@deleuze.hcoop.net</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Mail delivery failed: returning message to sender</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">May 17, 2013 2:40:50 PM EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><a href="mailto:yagnesh@hcoop.net">yagnesh@hcoop.net</a><br></span></div><br><br>This message was created automatically by mail delivery software.<br><br>A message that you sent could not be delivered to one or more of its<br>recipients. This is a permanent error. The following address(es) failed:<br><br> <a href="mailto:peb756@aol.com">peb756@aol.com</a><br> SMTP error from remote mail server after RCPT TO:<<a href="mailto:peb756@aol.com">peb756@aol.com</a>>:<br> host <a href="http://mailin-03.mx.aol.com">mailin-03.mx.aol.com</a> [205.188.156.193]: 550 5.1.1 <<a href="mailto:peb756@aol.com">peb756@aol.com</a>>:<br> Recipient address rejected: <a href="http://aol.com">aol.com</a><br><br>------ This is a copy of the message, including all the headers. ------<br><br>Return-path: <<a href="mailto:yagnesh@hcoop.net">yagnesh@hcoop.net</a>><br>Received: from <a href="http://navajos.hcoop.net">navajos.hcoop.net</a> ([69.90.123.70] ident=yagnesh)<br><span class="Apple-tab-span" style="white-space:pre"> </span>by <a href="http://deleuze.hcoop.net">deleuze.hcoop.net</a> with smtp (Exim 4.63)<br><span class="Apple-tab-span" style="white-space:pre"> </span>(envelope-from <<a href="mailto:yagnesh@hcoop.net">yagnesh@hcoop.net</a>>)<br><span class="Apple-tab-span" style="white-space:pre"> </span>id 1UdPa8-0007IJ-Ot<br><span class="Apple-tab-span" style="white-space:pre"> </span>for <a href="mailto:peb756@aol.com">peb756@aol.com</a>; Fri, 17 May 2013 14:40:45 -0400<br>Received: by <a href="http://navajos.hcoop.net">navajos.hcoop.net</a> (sSMTP sendmail emulation); Fri, 17 May 2013 14:40:44 -0400<br>From: "yagnesh" <<a href="mailto:yagnesh@hcoop.net">yagnesh@hcoop.net</a>><br>X-Originating-IP: 89.28.14.35<br>Date: Fri, 17 May 2013 14:40:44 -0400<br>To: <a href="mailto:peb756@aol.com">peb756@aol.com</a><br>Subject: Celebrate the May with 10% off for All Brands and Generics in our Store<br>X-PHP-Originating-Script: 10924:akismet.php(32) : runtime-created function(9) : eval()'d code(1) : eval()'d code<br>Message-Id: <1307461067.1496@<a href="http://sapporoindians.com">sapporoindians.com</a>><br>MIME-Version: 1.0<br>Content-Type: text/html<br>Content-Transfer-Encoding: 8bit<br><br><br><br>Dear Peter,<br /><br><br /><br>Celebrate the May with 10% off for all Brands and Generics in our Store - use <b>Your 10% discount code: 7728315</b> at checkout for big savings.<br /><br><a href='<a href="http://fenstercamp.com/counter.php?936fb43bcac53278bf834a76f'">http://fenstercamp.com/counter.php?936fb43bcac53278bf834a76f'</a>>By reordering with us</a> you always getting best price for genuine quality and great customer service.<br /><br>All goods are delivered in 7-10 business days or sooner, with live package tracking. Nothing gets lost or we will reship at no additional cost to you.<br /><br><br /><br>Best regards,<br /><br>RxDiler<br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br><br /><br>DISCLAIMER:<br /><br>……</blockquote><br></div><br></div></body></html>