LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-14-2004, 11:05 AM   #1
Lui
LQ Newbie
 
Registered: Jun 2004
Posts: 7

Rep: Reputation: 0
illegal use of my domain address


I keep getting bounce back replies from all kinds of servers, saying I tried to e-mail somebody in their domain/network.

How do I stop hackers from using my domain address in their mass mailing efforts? I heard that my domain may get black listed on other servers because of this.
 
Old 06-14-2004, 11:10 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,174
Blog Entries: 4

Rep: Reputation: 428Reputation: 428Reputation: 428Reputation: 428Reputation: 428
Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 06-14-2004, 11:12 AM   #3
blueCow
Member
 
Registered: Feb 2004
Location: Florida
Distribution: FreeBSD, CentOS, Debian, Mint
Posts: 111

Rep: Reputation: 17
You need to disable relaying on your mail server. Which mail server do you use?
 
Old 06-14-2004, 11:25 AM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Are they forging the sender address to appear from your domain? If yes, then this is rather difficult to avoid. If you can determine which ISP is being used to send the spam, then you might be able to work with them to get the spam-flow stopped.
 
Old 06-14-2004, 11:40 AM   #5
Lui
LQ Newbie
 
Registered: Jun 2004
Posts: 7

Original Poster
Rep: Reputation: 0
thx for the quick response guys...

right now I'm using a 3rd party e-mail service provider... I also posted this Q on their site, but have not received a response yet.

I'll probably discontinue my service with them once I know I am competent on handling e-mail on my own with my linux box... (sendmail is already working off the bat from installation! way cool... now receiving mail ... )

blueCow, which mailserver would you suggest to easily start with? and how would I stop relaying with that server?

stickman, how do I easily determine the IP address of those !@#@@#$! that are using my domain address ???

PS... I have Fedora 1. Apache running out of the box/install... not much more.

Last edited by Lui; 06-14-2004 at 11:51 AM.
 
Old 06-14-2004, 05:02 PM   #6
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
I doubt you have much to worry about as far as getting blacklisted. Those genrally are based on your IP address and not your domain name. You only need to worry about that if you have an open relay. If you have a new installaiton of an MTA then you shouldn't have to worry about having an open relay unless changed the settings to do so. Older MTA were setup as open relays by default because there wasn't really a problem with SPAM, server hijackers, etc. But times have changed. You should keep in mind that many viruses will spoof the to: and from: address. You will have to talk to the Admins of the domains that are sending the rejected messages back to you so they can look at the header information.... If they still can. Once you have the IP then you can easily find the ISP and let them know about it. Hopefully it is not an ISP in China or someplace like that where they won't care about your problem.
 
Old 06-15-2004, 01:48 AM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
To avoid having to retype it, just click here and click on 'The "Joe Job"' and all shall be explained.

Here's the link so you can read it:
http://www.smtps.net/email-sec/threats/index.html
 
Old 06-15-2004, 07:31 AM   #8
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Also, depending on the laws in your locale, you might be able to take action against the seller of the product being advertised. Some laws (ie CAN-SPAM act) also treat the advertiser as the sender. Keep good records and file a complaint.
 
Old 06-15-2004, 03:56 PM   #9
Lui
LQ Newbie
 
Registered: Jun 2004
Posts: 7

Original Poster
Rep: Reputation: 0
Cool... thanks to all for your input. This helps me understand more about the issue, how to deal with it, and how to address it in the future.
 
Old 06-17-2004, 05:36 PM   #10
linuxmarc
Member
 
Registered: Jun 2004
Posts: 44

Rep: Reputation: 15
My guess is that the bouces you are receiving have nothing to do with anyone abusing your domain. Rather, new viruses now grab infected user's address books and spoof the sender.

For example, a friend of mine has me in their address book and get infected. The virus sends itself out to all other people in the address book as me. When one of the addresses turns out to be wrong or invalid, guess who gets the bounce?

Since there's no way to know who is infected (unless you know few people who may have your email address), there really isn't much you can do about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
whats an illegal address kapsikum Programming 9 05-29-2006 01:04 AM
Setting domain address FUXC Linux - Networking 5 03-15-2005 11:42 AM
IP address to domain name mapping htm Linux - Software 0 06-20-2004 07:16 PM
domain & ip address N_A_J_M Linux - Networking 2 11-27-2002 06:14 PM
Using a domain name instead of ip address for my website??? oulevon General 9 08-10-2001 04:22 PM


All times are GMT -5. The time now is 02:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration