I just received a spam. I only looked at the headers because it is a relatively new email that hasn't really been anywhere. I noticed something very disturbing, referencing another site on my server.

Details...

-----------------------------------------------------------
Return-Path: <email-address>
Received: from idefix.rossmann.com (mail.lavancelle.rossmann.com [165.46.210.30])
by [ANOTHER-DOMAIN-ON-THE-SAME-SERVER].com (9.10.6/9.10.6) with ESMTP id fBA5LUT13635
for <[EMAIL-ADDRESS-THE-SPAM-WENT-TO]>; Sun, 9 Dec 2001 19:21:31 -0600
Received: from mta.excite.com (1Cust184.tnt26.dfw9.da.uu.net [63.75.179.154]) by idefix.rossmann.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id YJSFXJ62; Mon, 10 Dec 2001 02:19:29 +0100
Message-ID: <00000a462d0f$000064f3$0000485b@mta.excite.com>
To: <Buy-Click>
From: email-address
Subject: $10.00 off CD's, DVD's CFA
-------------------------------------------------------------

WTF?

I've just suspended [ANOTHER-DOMAIN-ON-THE-SAME-SERVER].com because I fear it has been compromised. Am I right?

What else should I do?

BTW, will suspending the site even do any good while I figure this out?

no this spam is originating from a uunet dialup. They are running their own smtp server.

Thanks smartbackups, for responding.


I had noticed the uunet reference.

Now that I've looked at headers for the same email account I was referring to (that received the spam), I've noticed that several sites on my RaQ were referenced in the same place as [ANOTHER-DOMAIN-ON-THE-SAME-SERVER].com for messages going to that account.

For the sake of understanding, can anyone tell me why?

Damn, I was scared sh**less for a second there. ;)

Your email usually are received by the domain name that is the primary for the ip address that the destination email is going to.


Example.

domain1.com ip 1.1.1.1 <---first and primary domain
domain2.com ip 1.1.1.1

email sent to user@domain2.com will be received by domain1.com for user@domain2.com

That seems to be the way RAQs work with emails.