LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-06-2007, 11:04 AM   #1
LuggerHouse
Member
 
Registered: May 2004
Location: Montreal,QC,Canada
Distribution: Fedora Core 7
Posts: 208

Rep: Reputation: 30
SPAM question - General Internet Security question


Hello Guys,

I am posting in this forum because I don't realy know where else to post my question. Read, you will understand ;-)

I own a dommain, hosted on my own Linux server trough a cable connection.

I have a problem with my mail since I receive hundreds of non delivered mails witch I never sent.

I dig the maillog of PostFix (witch security is pretty tight) and I can't find traces of intrusion or any kind of relaying.

I know it is pretty simple to mangle the email header to set the FROM adress of the mail.

Now the real question is : Since the mail does not realy come from my dommain and only the FROM and RETURN adresses have been set to my dommain, is there any way I could avoid this ??

Here is a sample of non delivered message I receive:


Quote:
This message was created automatically by mail delivery software.

A message that you have sent could not be delivered to one or more
recipients. This is a permanent error. The following address(es) failed:

<susan@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<ray@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<pinkee@charlesligeti.com>: 554 Denied [CS] (Mode: normal)
<marierose@charlesligeti.com>: 554 Denied [CS] (Mode: normal)



Included is a copy of the message header:
-----------------------------------------
Received: from unknown [82.177.36.10] (EHLO mail.gemappraisers.com)
by p02c11m022.mxlogic.net (mxl_mta-5.1.0-1)
with ESMTP id 1e4d2d64.2594122672.175488.00-189.p02c11m022.mxlogic.net (envelope-from <duggeniecieljit@genieciel.com>);
Mon, 27 Aug 2007 07:42:57 -0600 (MDT)
Return-Path: <duggeniecieljit@genieciel.com>
Received: from 204.16.252.100 (HELO mail1.no-ip.com)
by charlesligeti.com with esmtp (YA000*:;RH0 Z,+5)
id .*A2QB-S+?9G+-<;
for hector@charlesligeti.com; Mon, 27 Aug 2007 13:42:58 -0100
Date: Mon, 27 Aug 2007 13:42:58 -0100
From: "Janet Sherwood" <duggeniecieljit@genieciel.com>
X-Mailer: The Bat! (v3.71.14) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <387309795.18581765740758@thhebat.net>
To: hector@charlesligeti.com
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------09092C4016E16E16"
X-Spam: Not detected
Received: from unknown [82.177.36.10] (EHLO mail.gemappraisers.com)=> this is not my dommain ;-)

Any advise would be nice :-)

Thanks!
 
Old 09-07-2007, 08:30 AM   #2
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Everyone who manages a mail server has to deal with this crap. Some spammers use the return address as a way of getting mail through, since mail sent directly might more easily be recognized as spam.

We run sendmail with mimedefang, spamassassin, milter-greylist, procmail filters, . . . And we are constantly monitoring and tuning parameters in all of these to keep the spam out.

The level of spam is way up from last year, and way up from last spring. It just keeps escalating. You can probably blame it on all those zombies coming out of Redmond.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
General security question packetsmacker Linux - Security 3 03-13-2007 05:41 PM
General OS question, newb question ty13 General 14 04-11-2006 08:21 PM
Question about vsftpd security (or just ftp in general) scorbett Linux - Security 8 03-31-2006 04:56 PM
General wireless security question zba78 Linux - Wireless Networking 3 03-17-2006 03:33 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 06:32 PM


All times are GMT -5. The time now is 05:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration