Security Basics mailing list archives

RE: Receiving spam from my own server

From: Murda Mcloud <murdamcloud () bigpond com>
Date: Wed, 06 Dec 2006 10:12:06 +1000

This is happening to lots of people all over the world(and has got worse
lately?). My usual suggestion to people used to be to make sure they don't
register for anything on the web using the address that you don't want
getting spammed/used/abused. However, even this can't stop spam engines
which are(I think?) getting lists of and randomly generating addresses and
domains and just spoofing where they are coming from. I'm not hugely up on
spam filters but that's what you need somewhere in the mix. 

Most likely, the emails aren't coming from your domain. They're similar to
the mail you get that says "Your email address has been used to send out
huge amounts of spam blah blah blah" It's all rubbish.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Dave Moore
Sent: Saturday, December 02, 2006 8:38 AM
To: security-basics () securityfocus com
Subject: Receiving spam from my own server

Hello all-

I run a webserver, let's call it foobar.net

I am receiving spam e-mails from addresses such as info () foobar net,
admin () foobar net, etc. I ran the open relay tests at ordb.org, and
they report that my server is not an open relay.

I'd appreciate any suggestions as to where I should go next.

Here are some headers that i've attempted to sanitize (i.e. remove my
hostname and ip)

Delivered-To: dave.j.moore () gmail com
Received: by 10.82.163.14 with SMTP id l14cs33696bue;
        Fri, 1 Dec 2006 13:26:41 -0800 (PST)
Received: by 10.90.103.2 with SMTP id a2mr5744854agc.1165008401102;
        Fri, 01 Dec 2006 13:26:41 -0800 (PST)
Return-Path: <info () avitas net>
Received: from www.foobar.net (www.foobar.net [66.xx.xx.xx])
        by mx.google.com with ESMTP id 12si654066wrl.2006.12.01.13.26.40;
        Fri, 01 Dec 2006 13:26:41 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
info () foobar net designates 66.xx.xx.xx as permitted sender)
Received: from e180234232.adsl.alicedsl.de
(e180234232.adsl.alicedsl.de [85.180.234.232])
        by www.foobar.net (8.13.1/8.13.1) with SMTP id kB1LQbEt016235
        for <info () foobar net>; Fri, 1 Dec 2006 15:26:39 -0600
Date: Fri, 1 Dec 2006 15:26:37 -0600
From: info () foobar net
Message-Id: <200612012126.kB1LQbEt016235 () www foobar net>
To: info () foobar net



---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Current thread:

Receiving spam from my own server Dave Moore (Dec 04)
- RE: Receiving spam from my own server Murda Mcloud (Dec 06)
- Re: Receiving spam from my own server Chris Largret (Dec 06)
- <Possible follow-ups>
- Re: Receiving spam from my own server krymson (Dec 06)
  - Re: Receiving spam from my own server Dave Moore (Dec 07)
  - Re: Receiving spam from my own server Will Yonker (Dec 07)
- RE: Receiving spam from my own server Adam Rosen (Dec 06)
  - Re: Receiving spam from my own server Dave Moore (Dec 07)