Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are they forging the sender address to appear from your domain? If yes, then this is rather difficult to avoid. If you can determine which ISP is being used to send the spam, then you might be able to work with them to get the spam-flow stopped.
right now I'm using a 3rd party e-mail service provider... I also posted this Q on their site, but have not received a response yet.
I'll probably discontinue my service with them once I know I am competent on handling e-mail on my own with my linux box... (sendmail is already working off the bat from installation! way cool... now receiving mail ... )
blueCow, which mailserver would you suggest to easily start with? and how would I stop relaying with that server?
stickman, how do I easily determine the IP address of those !@#@@#$! that are using my domain address ???
PS... I have Fedora 1. Apache running out of the box/install... not much more.
I doubt you have much to worry about as far as getting blacklisted. Those genrally are based on your IP address and not your domain name. You only need to worry about that if you have an open relay. If you have a new installaiton of an MTA then you shouldn't have to worry about having an open relay unless changed the settings to do so. Older MTA were setup as open relays by default because there wasn't really a problem with SPAM, server hijackers, etc. But times have changed. You should keep in mind that many viruses will spoof the to: and from: address. You will have to talk to the Admins of the domains that are sending the rejected messages back to you so they can look at the header information.... If they still can. Once you have the IP then you can easily find the ISP and let them know about it. Hopefully it is not an ISP in China or someplace like that where they won't care about your problem.
Also, depending on the laws in your locale, you might be able to take action against the seller of the product being advertised. Some laws (ie CAN-SPAM act) also treat the advertiser as the sender. Keep good records and file a complaint.
My guess is that the bouces you are receiving have nothing to do with anyone abusing your domain. Rather, new viruses now grab infected user's address books and spoof the sender.
For example, a friend of mine has me in their address book and get infected. The virus sends itself out to all other people in the address book as me. When one of the addresses turns out to be wrong or invalid, guess who gets the bounce?
Since there's no way to know who is infected (unless you know few people who may have your email address), there really isn't much you can do about it.