Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2006
    Location
    Sherbrooke, Canada
    Posts
    16

    * Server being used to send spam

    Hi,

    I recently bought a reseller account from an hosting company. I was like 2 months ago, so take makes me kind of with all of this.

    Yesterday, I started to receive a lot (300+) of mailing deliveries failures for mail I did not send. I started to freak out when I realize that all of these messages were looking to come from my mail server. I of course made a research in WHT forums; all messages/threads I read did not fully answered my questions. In other threads, people was telling that this can append and there is no way to stop it and messages hearder's were clearly modified by spammers.

    What I get is, I think a little bit different, here is an example:
    I changed my real domain for "mydomain.ws" and my ip for 127.0.0.1.

    Code:
    Return-Path: <[email protected]>
    Received: (qmail 24345 invoked from network); 18 Nov 2006 18:15:04 -0000
    Received: from node244.logicassistance.net (216.28.154.244)
      by 192.168.128.240 with SMTP; 18 Nov 2006 18:15:04 -0000
    Received: from ip-83-99-90-13.dyn.luxdsl.pt.lu (ip-83-99-90-13.dyn.luxdsl.pt.lu [83.99.90.13])
        by node244.logicassistance.net (Postfix) with ESMTP id AAB3E530D5F
        for <[email protected]>; Sat, 18 Nov 2006 12:09:38 -0500 (EST)
    Received: from 127.0.0.1 (HELO mail.mydomain.ws)
         by w2ihy.com with esmtp (LN/D-82( U-2</)
         id +06X*--UZ<,:F-6P
         for [email protected]; Sat, 18 Nov 2006 17:09:18 -0060
    Date:    Sat, 18 Nov 2006 17:09:18 -0060
    From:    USA Certified pharmacy  <[email protected]>
    X-Mailer: The Bat! (v3.80.06) UNREG / CD5BF9353B3B7091
    X-Priority: 3 (Normal)
    Message-ID: <[email protected]>
    To: [email protected]
    Subject: No prescription. Any drugs
    MIME-Version: 1.0
    Content-Type: text/html;
      charset=iso-8859-1
    Content-Transfer-Encoding: 7bit
    X-Spam: Not detected
    I am afraid that my mail server could be compromised because of the "Received: from 127.0.0.1 (HELO mail.mydomain.ws)".

    I hope there is no security issue.
    Thank you for your help.

  2. #2
    Join Date
    Jan 2006
    Location
    Sweden
    Posts
    9
    I changed my real domain for "mydomain.ws" and my ip for 127.0.0.1.
    I am afraid that my mail server could be compromised because of the "Received: from 127.0.0.1 (HELO mail.mydomain.ws)".
    euhm..

    /Henrik

  3. #3
    Join Date
    Nov 2006
    Location
    Sherbrooke, Canada
    Posts
    16
    Quote Originally Posted by HenkeZan
    euhm..

    /Henrik
    Lol. I'm not that stupid It was only for privacy. I'm not using the "mydomain.ws" and the 127.0.0.1.

  4. #4
    Join Date
    Dec 2005
    Location
    Internet
    Posts
    1,337
    See the next line to mydomain.ws, you can notice something

  5. #5
    Join Date
    Nov 2006
    Location
    Sherbrooke, Canada
    Posts
    16
    Quote Originally Posted by linuxcares
    See the next line to mydomain.ws, you can notice something
    Is this what your talking about ?


    by w2ihy.com with esmtp (LN/D-82( U-2</)
    id +06X*--UZ<,:F-6P
    for [email protected]; Sat, 18 Nov 2006 17:09:18 -0060


    So if I understand, this is only email forgery? None of my servers have been compromised?

    I will stop my catch-all email to stop receiving these failure spam messages.
    I settle my default address to :fail:
    SPF is settle too.

    Thanks!

  6. #6
    Join Date
    Apr 2006
    Posts
    66
    Good to see you happy now. Good Luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •