I recently bought a reseller account from an hosting company. I was like 2 months ago, so take makes me kind of with all of this.
Yesterday, I started to receive a lot (300+) of mailing deliveries failures for mail I did not send. I started to freak out when I realize that all of these messages were looking to come from my mail server. I of course made a research in WHT forums; all messages/threads I read did not fully answered my questions. In other threads, people was telling that this can append and there is no way to stop it and messages hearder's were clearly modified by spammers.
What I get is, I think a little bit different, here is an example:
I changed my real domain for "mydomain.ws" and my ip for 127.0.0.1.
Return-Path: <[email protected]>
Received: (qmail 24345 invoked from network); 18 Nov 2006 18:15:04 -0000
Received: from node244.logicassistance.net (22.214.171.124)
by 192.168.128.240 with SMTP; 18 Nov 2006 18:15:04 -0000
Received: from ip-83-99-90-13.dyn.luxdsl.pt.lu (ip-83-99-90-13.dyn.luxdsl.pt.lu [126.96.36.199])
by node244.logicassistance.net (Postfix) with ESMTP id AAB3E530D5F
for <[email protected]>; Sat, 18 Nov 2006 12:09:38 -0500 (EST)
Received: from 127.0.0.1 (HELO mail.mydomain.ws)
by w2ihy.com with esmtp (LN/D-82( U-2</)
for [email protected]; Sat, 18 Nov 2006 17:09:18 -0060
Date: Sat, 18 Nov 2006 17:09:18 -0060
From: USA Certified pharmacy <[email protected]>
X-Mailer: The Bat! (v3.80.06) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: No prescription. Any drugs
X-Spam: Not detected
I am afraid that my mail server could be compromised because of the "Received: from 127.0.0.1 (HELO mail.mydomain.ws)".
I hope there is no security issue.
Thank you for your help.