Security Basics mailing list archives
RE: Receiving spam from my own server
From: Murda Mcloud <murdamcloud () bigpond com>
Date: Wed, 06 Dec 2006 10:12:06 +1000
This is happening to lots of people all over the world(and has got worse lately?). My usual suggestion to people used to be to make sure they don't register for anything on the web using the address that you don't want getting spammed/used/abused. However, even this can't stop spam engines which are(I think?) getting lists of and randomly generating addresses and domains and just spoofing where they are coming from. I'm not hugely up on spam filters but that's what you need somewhere in the mix. Most likely, the emails aren't coming from your domain. They're similar to the mail you get that says "Your email address has been used to send out huge amounts of spam blah blah blah" It's all rubbish. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dave Moore Sent: Saturday, December 02, 2006 8:38 AM To: security-basics () securityfocus com Subject: Receiving spam from my own server Hello all- I run a webserver, let's call it foobar.net I am receiving spam e-mails from addresses such as info () foobar net, admin () foobar net, etc. I ran the open relay tests at ordb.org, and they report that my server is not an open relay. I'd appreciate any suggestions as to where I should go next. Here are some headers that i've attempted to sanitize (i.e. remove my hostname and ip) Delivered-To: dave.j.moore () gmail com Received: by 10.82.163.14 with SMTP id l14cs33696bue; Fri, 1 Dec 2006 13:26:41 -0800 (PST) Received: by 10.90.103.2 with SMTP id a2mr5744854agc.1165008401102; Fri, 01 Dec 2006 13:26:41 -0800 (PST) Return-Path: <info () avitas net> Received: from www.foobar.net (www.foobar.net [66.xx.xx.xx]) by mx.google.com with ESMTP id 12si654066wrl.2006.12.01.13.26.40; Fri, 01 Dec 2006 13:26:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of info () foobar net designates 66.xx.xx.xx as permitted sender) Received: from e180234232.adsl.alicedsl.de (e180234232.adsl.alicedsl.de [85.180.234.232]) by www.foobar.net (8.13.1/8.13.1) with SMTP id kB1LQbEt016235 for <info () foobar net>; Fri, 1 Dec 2006 15:26:39 -0600 Date: Fri, 1 Dec 2006 15:26:37 -0600 From: info () foobar net Message-Id: <200612012126.kB1LQbEt016235 () www foobar net> To: info () foobar net --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Receiving spam from my own server Dave Moore (Dec 04)
- RE: Receiving spam from my own server Murda Mcloud (Dec 06)
- Re: Receiving spam from my own server Chris Largret (Dec 06)
- <Possible follow-ups>
- Re: Receiving spam from my own server krymson (Dec 06)
- Re: Receiving spam from my own server Dave Moore (Dec 07)
- Re: Receiving spam from my own server Will Yonker (Dec 07)
- RE: Receiving spam from my own server Adam Rosen (Dec 06)
- Re: Receiving spam from my own server Dave Moore (Dec 07)