RE: READ RECIEPTS automatically generated

From: Gene LeDuc (Gene.LeDuc_at_tns-md.com)
Date: 01/28/04

  • Next message: Joerg Over Dexia: "Re: id check returned root"
    To: security-basics@securityfocus.com
    Date: Wed, 28 Jan 2004 12:42:46 -0500
    
    

    I think the original poster noted that he had _turned off_ READ RECEIPTS but
    that they were being sent anyway. That's why he was asking for help.

    -----Original Message-----
    From: Muhammad Naseer [mailto:naseer@digitallinx.com]
    Sent: Tuesday, January 27, 2004 2:03 PM
    To: 'Jeff Lewis'; security-basics@securityfocus.com
    Subject: RE: READ RECIEPTS automatically generated

    Don't read HTML mails. Turn off reading HTML mails from your outlook
    settings. Always read mails in PLAIN TEXT. Don't send READ RECIEPTS back to
    any user. I guess you will understand the rest here.

    Just my two cents :-)

     
    Regards,
     
    Muhammad Naseer
    +92-300-8449347
     
    Digital Linx - We eDrive your Business
    info@digitallinx.com
    1 (214) 329-4291
    +92-42-5166617
     
     
     

    -----Original Message-----
    From: Jeff Lewis [mailto:jlewis1957@netscape.net]
    Sent: Monday, January 26, 2004 9:46 PM
    To: security-basics@securityfocus.com
    Subject: READ RECIEPTS automatically generated

    I now have the unhappy duty of going through a company website email account
    and a domain catchall email account to look for sales leads. I do get leads
    for marketing there, today was 2 out of 290. Of course, the rest were SPAM.
    This is a POP3 account associated with an industry specific, custom-built
    website. And of course, the targeted email address is not obscured in any
    way. (I'll get to that next.)

    Much to my surprise on day 1 of doing this, I got an auto-response from my
    SMTP server's postmaster account saying that a message could not be
    delivered because the target mailbox was full. It was a READ RECEIPT from
    me!

    I use Outlook XP and have specifically turned these OFF, not "prompt me". So
    how did this get through?

    So I boluxed up the SMTP server name in the account settings before I went
    through those messages today (day 2). I started getting prompts right away
    that Outlook wanted to send a message, but that the server couldn't be
    found. Nothing in the OUT box.

    I exited Outlook XP and then restarted it just to see if this could
    eliminate the issue. Still nothing waiting in the OUT box, still complaints
    that the SEND server was not functioning.

    Finally, opened up the SEND QUEUE directory on the mail server and then
    corrected the SMTP server account setting on my Outlook XP client. Two
    messages immediately popped in, which I immediately pulled out. Opened them
    up with a text editor and sure enough, they were from me as read reciepts,
    along with the typical winmail.dat attachment.

    I've had this particular account for 9 months, and have had less than a
    dozen spam messages during that time. I've worked hard NOT to make the
    account available to SPAMMERS (like using this account for messages to
    newsgroups, dist lists, etc.) and feel like I may have blown it all now
    because of what I didn't catch on Day 1.

    So how do I stop this crap? I do NOT have an Exchange Server yet, but will
    in three months. Right now, I've inherited a crappy little SMTP server.
    (Don't ask, it's a networking nightmare here which I am cleaning up slowly.)
    But I need to protect myself and the rest of the employees here now.

    I have all of the latest patches deployed on my WinXP PC per Shavlik's
    HFNetChkPro 4 and Windows Update. I have all of the latest NAVCE updates,
    and have completely scanned the HD twice. Nothing found. Spybot shows
    nothing found as well. The individual sent messages include this:

        X-Mailer: Microsoft Outlook, Build 10.0.4510
        X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

    So I am assuming that it truly is coming from my Outlook client and not from
    some installed malware. So why doesn't the waiting message show up in the
    OUT box? Why isn't Outlook following the rules about READ reciepts?

    I haven't re-opened the messages that sent them, as I would have several
    hundred to go through to find it. I was hoping that someone here might have
    a clue as to what I am clueless about.

    Jeff

    __________________________________________________________________
    New! Unlimited Netscape Internet Service.
    Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Act
    now to get a personalized email address!

    Netscape. Just the Net You Need.

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Joerg Over Dexia: "Re: id check returned root"