Security Basics mailing list archives
RE: Receiving spam from my own server
From: "Adam Rosen" <ajrosen () buffdata com>
Date: Wed, 6 Dec 2006 08:31:16 -0500
Dave, When you say "I am receiving spam e-mails", what inbox is getting those emails? Is it your dave.j.moore () gmail com account? Do you have any forwarding set up for any email to someone () foobar net to go to that address? If info () foobar net for example is set to forward to your gmail account, than this is common - and the sender address is the easiest thing to forge. Making it look as if someone inside your domain is the sender is an old trick. I'd say that someone sent an email to info () foobar net where it got picked up by an internal mail server which then forwarded the mail to gmail. Adam -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dave Moore Sent: Friday, December 01, 2006 5:38 PM To: security-basics () securityfocus com Subject: Receiving spam from my own server Hello all- I run a webserver, let's call it foobar.net I am receiving spam e-mails from addresses such as info () foobar net, admin () foobar net, etc. I ran the open relay tests at ordb.org, and they report that my server is not an open relay. I'd appreciate any suggestions as to where I should go next. Here are some headers that i've attempted to sanitize (i.e. remove my hostname and ip) Delivered-To: dave.j.moore () gmail com Received: by 10.82.163.14 with SMTP id l14cs33696bue; Fri, 1 Dec 2006 13:26:41 -0800 (PST) Received: by 10.90.103.2 with SMTP id a2mr5744854agc.1165008401102; Fri, 01 Dec 2006 13:26:41 -0800 (PST) Return-Path: <info () avitas net> Received: from www.foobar.net (www.foobar.net [66.xx.xx.xx]) by mx.google.com with ESMTP id 12si654066wrl.2006.12.01.13.26.40; Fri, 01 Dec 2006 13:26:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of info () foobar net designates 66.xx.xx.xx as permitted sender) Received: from e180234232.adsl.alicedsl.de (e180234232.adsl.alicedsl.de [85.180.234.232]) by www.foobar.net (8.13.1/8.13.1) with SMTP id kB1LQbEt016235 for <info () foobar net>; Fri, 1 Dec 2006 15:26:39 -0600 Date: Fri, 1 Dec 2006 15:26:37 -0600 From: info () foobar net Message-Id: <200612012126.kB1LQbEt016235 () www foobar net> To: info () foobar net --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Receiving spam from my own server Dave Moore (Dec 04)
- RE: Receiving spam from my own server Murda Mcloud (Dec 06)
- Re: Receiving spam from my own server Chris Largret (Dec 06)
- <Possible follow-ups>
- Re: Receiving spam from my own server krymson (Dec 06)
- Re: Receiving spam from my own server Dave Moore (Dec 07)
- Re: Receiving spam from my own server Will Yonker (Dec 07)
- RE: Receiving spam from my own server Adam Rosen (Dec 06)
- Re: Receiving spam from my own server Dave Moore (Dec 07)