[SATLUG] mail server hijacking
Eli
eli at then7.com
Mon Apr 9 09:20:52 CDT 2007
the ip that delivered mail to your server is 58.185.24.204
somewhere in singapore.
they know your name/email.
I get this all the time. Typical spam.
A few things you can do:
1. http://www.dnsstuff.com/ (go here and use the 'dns report' to check
out various things)
2. additional relay checks howto
http://www.debian-administration.org/articles/41
3. and a multi rbl checker tool to see if you are on any lists (note
you'll always be on 1 or 2 obscure ones, but you don't want to be on any
more then that or the 'big ones' e.g. spamcop)
http://www.mob.net/~ted/tools/rbl.php3
e
twistedpickles wrote:
> Not sure what the term would be but hijacking sounds right. I have
> seen several emails from myself to myself with only the following
> content:
> ------------- cut from email --------------------------
> we email advertise your charity web site to 7,500,000 people. free.
>
> http://www.emailmarketingassociates.com
> ----------------------------------------------------------------
>
>
> The headers show:
> xxxx in place of name and ip
> --------------------------------------------------------------
> Return-Path: <ronnie at xxxxnerdwear.com>
> X-Original-To: ronnie at xxxxnerdwear.com
> Delivered-To: ronnie at xxxxnerdwear.com
> Received: from 71.41.131.xx (unknown [58.185.24.204])
> by mail.xxxxnerdwear.com (Postfix) with SMTP id 9385CE006E
> for <ronnie at xxxxnerdwear.com>; Sat, 31 Mar 2007 07:04:36 -0500 (CDT)
> To: ronnie at xxxxnerdwear.com
> Message-Id: <20070331120436.9385CE006E at mail.xxxxnerdwear.com>
> Date: Sat, 31 Mar 2007 07:04:36 -0500 (CDT)
> From: ronnie at xxxxnerdwear.com
> -------------------------------------------------------------
> I have disabled the relay option and mydomain and myorgin for the
> postfix conf are set to xxxxnerdwear.com. mynetworks_style is also
> setup to equal host.
> I am trying to figure out what is going on but I suspect a thrid party
> is acting on my behalf. I did alot of research before setting up a
> mail server but I may have missed something. I get at least 3 of these
> emails a week and the IP addresses are always different.
More information about the SATLUG
mailing list