LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-12-2014, 07:01 PM   #1
sombragris
Senior Member
 
Registered: Jul 2004
Location: Asuncion, Paraguay, South America
Distribution: Slackware
Posts: 1,000

Rep: Reputation: 482Reputation: 482Reputation: 482Reputation: 482Reputation: 482
Slightly OT: Spam being sent from my domain or just backscatter?


Hi folks,

Bear with me this OT issue. I share the issue here because I trust most of the regular people here.

THE ISSUE:
Starting this morning, I began to get thousands of bounce messages.
Apparently, spam was being sent from my domain.

I understand that most of these issues are just backscatter, but judging from the headers of the bounce messages I cannot be sure.

Thus, my question: can you tell if this is just backscatter or if my domain account was hijacked? Thanks in advance.

Below there is an anonymized bounce message.
Key: myhosting.com = my hosting provider
mydomain.org = my domain name

Code:
Return-path: <>
Envelope-to: sombrag@myhosting.com
Delivery-date: Wed, 12 Mar 2014 17:44:13 -0500
Received: from mailnull by myhosting.com with local (Exim 4.82)
	id 1WNrsj-00062X-29
	for sombrag@myhosting.com; Wed, 12 Mar 2014 17:44:13 -0500
X-Failed-Recipients: someone@att.net
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@myhosting.com>
To: sombrag@myhosting.com
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1WNrsj-00062X-29@myhosting.com>
Date: Wed, 12 Mar 2014 17:44:13 -0500

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  someone@att.net
    SMTP error from remote mail server after RCPT TO:<someone@att.net>:
    host scc-mailrelay.att.net [204.127.208.75]: 551 not our customer

------ This is a copy of the message, including all the headers. ------

Return-path: <sombrag@myhosting.com>
Received: from sombrag by myhosting.com with local (Exim 4.82)
	(envelope-from <sombrag@myhosting.com>)
	id 1WNrsY-00061L-S6
	for someone@att.net; Wed, 12 Mar 2014 17:44:02 -0500
To: someone@att.net
Subject: Voice Message Notification
From: "WhatsApp Messaging Service" <service@mydomain.org>
X-Mailer: JustMeCollection
Reply-To: "WhatsApp Messaging Service" <service@mydomain.org>
Mime-Version: 1.0
Content-Type: multipart/alternative;boundary="----------13946642425320E332D02A9"
Message-Id: <E1WNrsY-00061L-S6@myhosting.com>
Date: Wed, 12 Mar 2014 17:44:02 -0500

------------13946642425320E332D02A9
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

(some spam here)
 
Old 03-12-2014, 11:47 PM   #2
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-15.0 Multilib
Posts: 6,564
Blog Entries: 15

Rep: Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117Reputation: 2117
Try to pinpoint which IP address they are originating from first.
 
1 members found this post helpful.
Old 03-13-2014, 06:53 AM   #3
jtsn
Member
 
Registered: Sep 2011
Posts: 925

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
Quote:
Originally Posted by sombragris View Post
Below there is an anonymized bounce message.
That's not very useful.

General tips:

Set SPF records on your domain to reduce abuse by spammers as a MAIL FROM.
Use DNSBLs like backscatterer.org and reject mails with empty MAIL FROM from these servers.
 
2 members found this post helpful.
Old 03-17-2014, 03:57 PM   #4
sombragris
Senior Member
 
Registered: Jul 2004
Location: Asuncion, Paraguay, South America
Distribution: Slackware
Posts: 1,000

Original Poster
Rep: Reputation: 482Reputation: 482Reputation: 482Reputation: 482Reputation: 482
Thanks for all the answers. Spam was being set indeed from my hosting site. The issue: a very old WordPress theme. So, do not only check you WordPress install proper; check also your themes and plugins. Marking thread as solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Problem. From one domain->Inbox. From another->Spam (Yahoo!) caracalsef Linux - Server 2 09-14-2010 08:11 AM
Kill a domain because of spam? lucmove Linux - Networking 13 08-10-2009 08:36 AM
Mails from my domain going to spam bkcreddy17 Linux - Networking 9 06-26-2009 01:35 PM
SPAM spoofed from my domain jantman Linux - Networking 10 02-07-2007 02:29 PM
My domain in a spam blacklist gabsik Linux - Networking 8 01-24-2007 02:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration