Results 1 to 8 of 8
  1. #1

    Fake com Spoof Emails (load - the virus)

    hi there ..

    Installed Software
    - Urchin Urchin 5
    - Redhat Enterprise Linux - OS ES 3.0
    - DarkORB CPanel 6

    I have been getting a lot of virus email using spoof accounts. These emails are not from paypal or ebay. But from my own domain to my other users.

    Example: From "[email protected]", to random users of my domain. They are faking email addresses from my domain, and sending to users of the same domain. This is annoying and freaking me out. . Core objective, infect everyone in my domain with virus.

    Example of mails:
    1. *WARNING* Your Email Account Will Be Closed
    2. Notice of account limitation
    3. *DETECTED* Online User Violation
    4. Security measures

    My webserver is not an open relay. How can I fight such fake and spoof emails? ? I have ran rkhunter and set up apf and bfd.

    Please enlighthen.

    Thank you for your time.

    Jessica Koh
    Life is too short to be miserable..

  2. #2
    I'm getting the exact same crap going on with out email server too. Mine isn't open to relaying either, and we also use Postini. The emails obviously don't make it through, but they get bounced back to support@ or postmaster@ and then onto my inbox

  3. #3
    This is strange. The same thing has been happening to me as well.

  4. #4
    My datacenter just replied, all I can do are

    1. Write to the ISP of that particular spoofer (by checking their IP)
    2. Forward the email to the abuse team of my datacenter.

    Is there any proactive method I can implement on my side?

  5. #5

  6. #6
    Join Date
    Jun 2005
    Posts
    10

    Re: Fake com Spoof Emails (load - the virus)


    1. *WARNING* Your Email Account Will Be Closed
    2. Notice of account limitation
    3. *DETECTED* Online User Violation
    I am getting those same three as well. It isn't as bad as the other day, I got about 20 in one day. Now it's down to a few a day. But I don't know what to do.

  7. #7
    Join Date
    Sep 2004
    Location
    Uk
    Posts
    422
    Yeah , I noticed some blocked because of forged HELO's pretending to be my server.

  8. #8
    Join Date
    Apr 2004
    Location
    India
    Posts
    292
    Hi People,
    If you search for on this forum for the the same u will find the solution...
    Actaully to repeat again...this is a new virus..with these peculiar types of Subjects.
    What MTA u people use..? If u use scanner ...u can block the subjects ..
    If u use Qmail scanner (Provided u use Qmail) then useing regular expression u can block these types of subjects..
    Check Symantic webpage for new virus outbreak....and check other details...such as attachment types and so...and block them..
    Hope this helps..
    Thanks...
    bye...
    thelinophile
    Thinking Different !!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •