Hey, I have a problem where somebody is spamming using my domain. They aren't relaying or anything, they have just attached my domain name as the from address in their spam. Is there anything I can do about this pre-emptivly, or do I have to just go after them after the fact? I know it is happening because our catch-all is getting the error mail from their sends, and they all contain the original from address. Please let me know if there is anything I can do to protect myself from this.

Thanks!
Mike.

Only thing you can do is track down their IP, try to find what ISP hands them out, etc and contact them for resolution. Better hope the ISP understands and tries to be of assistance. Had the same thing happen to me.. took about 5 phone calls and several hours before they actually started listening to me cause they were that dumb, trying to tell me I needed anti-virus crap, auto-responders, etc thru email.

Also, moving to General, isn't really a Linux technical question.

Regards.

You probably have some trojan installed on your computer that's doing that. If you're running linux, I can't think of any real exploit to do that. And trickykid, I miss your "classic" moving notices, I like 'em like this:
"Moved: Asking how to draw tux is not a technical linux question per se, so its more suitable in General."

Squall - that was not a helpful post. Mikeyt_333 most likely does not have a trojan, domain and email spoofing are common things and a troljan is unlikely to be the answer. And I know i don't have to tell you about quoting Trickykid's posts in other posts - it is totally off-topic and unnecessary.

Mikeyt_333 - if you do believe you have a trojan or are rooted, take the box off the network and check for strange/unknown users and check your logs. I think you could also enlist your own isp in the calls you will need to make to the offenders isp - isps listen to each other. You will want to move quickly on this or you may end up being wrongly blacklisted.

nah, anyone who maintains a spam blacklist has been around enough spam to know what a joe job is. Wish you luck but there's probably nothing you can do but wait until the spammer decides to stop forgeing your name in his headers.

Usually they just do this crap at random, but every once in a while a spammer will do this because they're pissed at someone.

I mean, yeah maybe my quote was off topic, but not to be rude: who are you to say my post wasn't helpful? It's my opinion, and he hasn't even specified what operating system he uses. I don't think it's fair for you to say my opinion is "wrong" with the little information he provided. Maybe he got this while using Windows XP and Outlook express. Granted, you probably know more about this then me, but think logically: the more suggestions we have, the better. Rule number 4 states:
" Do not post if you do not have anything constructive to say in the post." Well, I think you agree that the post will certainly not hurt, and at least has a CHANCE of being the solution. I have violated no rules and I see no reason for you to tell me that I'm not being constructive.

A trojan runs from your pc. He has already said that his pc is not at fault. He is aware that he is being spoofed - someone is passing themselves off as him.

Not my words - I don't know where you got that quote from, but please attribute it correctly.

I got it from http://www.linuxquestions.org/rules.php

Thanks for the responses guys! I appreciate them all, although a trojan is quite unlikely, nothing unusual has been happening on my system, all users are entact etc... But thanks for the suggestion.

I figured the only thing I could do was contact the ISP, there's no way to block something that doesn't happen on my system (thank god, imagine if somebody had that power). So I'll start telling the user who collects the catch all to record headers etc... And I'll track them down.

I also doubt that RBL is a problem here, since the headers will be using only the domain which won't resolve to the IP they are sending from, the people running the RBL's will notice that.

My guess is that the only reason the spammers do this, is cause they have found a domain that resolves, and as such, won't be denied by those servers denying unresolvable domains as the only spam defense.

Thanks guys! Keep the suggestions coming!