Hi Guys,

No answers where found for this problem with my
previous thread.

Hopefully this time, I may get a good solution.

Am using CPanel 4.

Here's the problem:
Eventhou I moved my website from one hosting
company to another, Someone is still sending emails
from my email account to many people without me knowing anything about this. I only found out about this, when I started
receiving emails such as "mail delivery error: user unknown",
with these emails I saw that person was sending
it from an email address that doesn't exist to a person
I don't know about. One more thing is that, these emails
are being sent from my sub-domains ,e.g,
someone@something.myaddress.com.

Here's an sample of email a header:
Received: from bjwmr (205-218-162-65.cyberstation.net [205.218.162.65]) by rly-xg02.mx.aol.com (v86_r1.15) with ESMTP id MAILRELAYINXG23-0809200629; Fri, 09 Aug 2002 20:06:29 -0400
From: Latrice Cianci <Barnetlo@some.myaddress.com>
To: <fvckkkina@aol.com>
Subject: fvckkkina subject_2_2
Date: Sat, 10 Aug 2002 04:14:57 -0400
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: base64
Message-Id: kkqmefdmivps@aol.com

Am using myaddress.com, just for example, but everything
else in the above is the actual headers from the emails
that I received.

Please guys help me stop these emails from being sent.

The people at my hosting company, I doubt are of any help
and you guys are my last hope.

Thanks,

Vinod

If they are just putting your server name/email address in the 'from field', the reply address, then there's not a whole lot you can do. It is ridiculous and sad and highly annoying.

Its also known as a Joe Job. Your host can't do anything to you (if that is what you are concerned with) since its not originating off your servers (or theirs technically). Basically, just post something to your website should people complain to you about it.

Are the (returned) messages actually spam? Or is it possible that you are seeing the results of someone's KLEZ (or variant) infected machine? We get mail purporting to be from our own support address every day from someone with our address in their address book, and it's nothing more than an annoying byproduct of that particular trojan.

Annette,

These emails are not as your mentioned, there are actually
sending emails to many people using my email addresses
that don't exist, with trojan horses or viruses as attachments.

I don't what to do, how to stop them or at least find out
how there found about my website or email account.

Vinod

Yeah, I have been on the web for a while, and one particular email address has been around with me for about 6 years now. Of course during that time it slowly gets 'known' across the web (and you sometimes give it away in the wrong places...)

I also now regularly get messages returned to me that I didn't send. Since they are usually virus related, and there are nowadays so many people with virus infected machines (and some unfortunately, it seems, with my email address in their addressbook) I just choose to delete them and ignore them.

Unfortunately these virusses nowadays (some anyway) completely randomize the from and to addresses from someone's addressbook, so there is no easy way of finding out the address of the person that has the infected machine.

For example, if person X has addresses A, B, C and D in his addressbook, then A might receive a mail 'supposedly' from B even though A and B don't know each other at all.

I guess you can play with the headers of the emails and find out which servers are involved, but I have never bothered to get in that deep - seems to cost more time than it will buy...

Sad indeed...:bawling:

Originally posted by vin16
Annette,

These emails are not as your mentioned, there are actually
sending emails to many people using my email addresses
that don't exist, with trojan horses or viruses as attachments.

I don't what to do, how to stop them or at least find out
how there found about my website or email account.

Vinod
It does sound like it could be Klez (or variant, or other). When you can't figure it out, that's a sign that it is one of these buggers. Makes no sense, thank the wonderful writers of these annoying trojans if so. Aren't they so helpful?

This link is to a story about one guys response to having to deal with this. It's pretty freakin' funny.

http://belps.freewebsites.com/index2.htm