Re: unexpected UNDELIVERED MAIL

From: Michael Peddemors (michael@wizard.ca)
Date: 11/30/01


Subject: Re: unexpected UNDELIVERED MAIL
From: Michael Peddemors <michael@wizard.ca>
To: Eric Santonacci <Eric.Santonacci@talc.fr>
Date: 30 Nov 2001 11:08:41 -0800
Message-Id: <1007147321.20583.27.camel@mistress>

On Fri, 2001-11-30 at 04:52, Eric Santonacci wrote:
> Hello,
>
> Since a week, I'm receiving undelivered email notification for mail I didn't
> send neither someone in my domain. I though that someone (spammer)has hacked
> my SMTP server but it seems, they are just using my domain name as mail appear
> to come from. Is there any possiblity to stop that , to know who does this or
> something else against this practice? Except filtering incoming mail.

This is annoying, and always causes problems.. But you should be able to
see in the headers where the mail originated from, and try to get it
stopped as soon as possible. But sometimes you can't.. We had a client
who someone used thier address in a bulk spam, and it was from China,
and for 3 days he had his T1 filled with bounce messages..

 
> I have postfix and only LAN subnet can (should be) use it. I have a firewall
> rule for IPSpoofing so I don't think some one hacked me but how can I be sure?

If you aren't sure if you aer hacked, best thing to do is to hire
security professionals to check.. *Ahem* .. but first thing to do is to
see if you are an open relay.. Visit anyone of the orbs blocker sites to
run the automatic tests..

eg. http://www.orbz.org

> Thanks in advance for your help.
> regards

-- 
"Catch the Magic of Linux..."
--------------------------------------------------------
Michael Peddemors - Senior Consultant
LinuxAdministration - Internet Services
NetworkServices - Programming - Security
Wizard IT Services http://www.wizard.ca
Linux Support Specialist - http://www.linuxmagic.com
--------------------------------------------------------
(604)589-0037 Beautiful British Columbia, Canada