RE: READ RECIEPTS automatically generated

[Gene LeDuc <Gene.LeDuc () tns-md com>]

I think the original poster noted that he had _turned off_ READ RECEIPTS but
that they were being sent anyway.  That's why he was asking for help.

-----Original Message-----
From: Muhammad Naseer [mailto:naseer () digitallinx com]
Sent: Tuesday, January 27, 2004 2:03 PM
To: 'Jeff Lewis'; security-basics () securityfocus com
Subject: RE: READ RECIEPTS automatically generated


Don't read HTML mails. Turn off reading HTML mails from your outlook
settings. Always read mails in PLAIN TEXT. Don't send READ RECIEPTS back to
any user. I guess you will understand the rest here.

Just my two cents :-)  


 
Regards,
 
Muhammad Naseer
+92-300-8449347
 
Digital Linx - We eDrive your Business
info () digitallinx com
1 (214) 329-4291
+92-42-5166617
 
 
 

-----Original Message-----
From: Jeff Lewis [mailto:jlewis1957 () netscape net] 
Sent: Monday, January 26, 2004 9:46 PM
To: security-basics () securityfocus com
Subject: READ RECIEPTS automatically generated

I now have the unhappy duty of going through a company website email account
and a domain catchall email account to look for sales leads. I do get leads
for marketing there, today was 2 out of 290. Of course, the rest were SPAM.
This is a POP3 account associated with an industry specific, custom-built
website. And of course, the targeted email address is not obscured in any
way. (I'll get to that next.)

Much to my surprise on day 1 of doing this, I got an auto-response from my
SMTP server's postmaster account saying that a message could not be
delivered because the target mailbox was full. It was a READ RECEIPT from
me!

I use Outlook XP and have specifically turned these OFF, not "prompt me". So
how did this get through? 

So I boluxed up the SMTP server name in the account settings before I went
through those messages today (day 2). I started getting prompts right away
that Outlook wanted to send a message, but that the server couldn't be
found. Nothing in the OUT box.

I exited Outlook XP and then restarted it just to see if this could
eliminate the issue. Still nothing waiting in the OUT box, still complaints
that the SEND server was not functioning.

Finally, opened up the SEND QUEUE directory on the mail server and then
corrected the SMTP server account setting on my Outlook XP client. Two
messages immediately popped in, which I immediately pulled out. Opened them
up with a text editor and sure enough, they were from me as read reciepts,
along with the typical winmail.dat attachment.

I've had this particular account for 9 months, and have had less than a
dozen spam messages during that time. I've worked hard NOT to make the
account available to SPAMMERS (like using this account for messages to
newsgroups, dist lists, etc.) and feel like I may have blown it all now
because of what I didn't catch on Day 1.

So how do I stop this crap? I do NOT have an Exchange Server yet, but will
in three months. Right now, I've inherited a crappy little SMTP server.
(Don't ask, it's a networking nightmare here which I am cleaning up slowly.)
But I need to protect myself and the rest of the employees here now. 

I have all of the latest patches deployed on my WinXP PC per Shavlik's
HFNetChkPro 4 and Windows Update. I have all of the latest NAVCE updates,
and have completely scanned the HD twice. Nothing found. Spybot shows
nothing found as well. The individual sent messages include this:

    X-Mailer: Microsoft Outlook, Build 10.0.4510
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

So I am assuming that it truly is coming from my Outlook client and not from
some installed malware. So why doesn't the waiting message show up in the
OUT box? Why isn't Outlook following the rules about READ reciepts?

I haven't re-opened the messages that sent them, as I would have several
hundred to go through to find it. I was hoping that someone here might have
a clue as to what I am clueless about.

Jeff

__________________________________________________________________
New! Unlimited Netscape Internet Service.
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Act
now to get a personalized email address!

Netscape. Just the Net You Need.

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!  
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------