Re: READ RECIEPTS automatically generated

From: Meritt James (meritt_james_at_bah.com)
Date: 01/28/04

  • Next message: Jeff McLaughlin: "Securing Corporate Web Based Email"
    Date: Wed, 28 Jan 2004 17:02:11 -0500
    To: Gene LeDuc <Gene.LeDuc@tns-md.com>
    
    

    If it was on a system disconnected from the network, they would not be
    sent - well, go anywhere. And would one KNOW that was all going on?

    So I'm a coward. Just because you are paranoid doesn't mean that they
    are not out to get you...

    Jim

    Gene LeDuc wrote:
    >
    > I think the original poster noted that he had _turned off_ READ RECEIPTS but
    > that they were being sent anyway. That's why he was asking for help.
    >
    > -----Original Message-----
    > From: Muhammad Naseer [mailto:naseer@digitallinx.com]
    > Sent: Tuesday, January 27, 2004 2:03 PM
    > To: 'Jeff Lewis'; security-basics@securityfocus.com
    > Subject: RE: READ RECIEPTS automatically generated
    >
    > Don't read HTML mails. Turn off reading HTML mails from your outlook
    > settings. Always read mails in PLAIN TEXT. Don't send READ RECIEPTS back to
    > any user. I guess you will understand the rest here.
    >
    > Just my two cents :-)
    >
    >
    > Regards,
    >
    > Muhammad Naseer
    > +92-300-8449347
    >
    > Digital Linx - We eDrive your Business
    > info@digitallinx.com
    > 1 (214) 329-4291
    > +92-42-5166617
    >
    >
    >
    >
    > -----Original Message-----
    > From: Jeff Lewis [mailto:jlewis1957@netscape.net]
    > Sent: Monday, January 26, 2004 9:46 PM
    > To: security-basics@securityfocus.com
    > Subject: READ RECIEPTS automatically generated
    >
    > I now have the unhappy duty of going through a company website email account
    > and a domain catchall email account to look for sales leads. I do get leads
    > for marketing there, today was 2 out of 290. Of course, the rest were SPAM.
    > This is a POP3 account associated with an industry specific, custom-built
    > website. And of course, the targeted email address is not obscured in any
    > way. (I'll get to that next.)
    >
    > Much to my surprise on day 1 of doing this, I got an auto-response from my
    > SMTP server's postmaster account saying that a message could not be
    > delivered because the target mailbox was full. It was a READ RECEIPT from
    > me!
    >
    > I use Outlook XP and have specifically turned these OFF, not "prompt me". So
    > how did this get through?
    >
    > So I boluxed up the SMTP server name in the account settings before I went
    > through those messages today (day 2). I started getting prompts right away
    > that Outlook wanted to send a message, but that the server couldn't be
    > found. Nothing in the OUT box.
    >
    > I exited Outlook XP and then restarted it just to see if this could
    > eliminate the issue. Still nothing waiting in the OUT box, still complaints
    > that the SEND server was not functioning.
    >
    > Finally, opened up the SEND QUEUE directory on the mail server and then
    > corrected the SMTP server account setting on my Outlook XP client. Two
    > messages immediately popped in, which I immediately pulled out. Opened them
    > up with a text editor and sure enough, they were from me as read reciepts,
    > along with the typical winmail.dat attachment.
    >
    > I've had this particular account for 9 months, and have had less than a
    > dozen spam messages during that time. I've worked hard NOT to make the
    > account available to SPAMMERS (like using this account for messages to
    > newsgroups, dist lists, etc.) and feel like I may have blown it all now
    > because of what I didn't catch on Day 1.
    >
    > So how do I stop this crap? I do NOT have an Exchange Server yet, but will
    > in three months. Right now, I've inherited a crappy little SMTP server.
    > (Don't ask, it's a networking nightmare here which I am cleaning up slowly.)
    > But I need to protect myself and the rest of the employees here now.
    >
    > I have all of the latest patches deployed on my WinXP PC per Shavlik's
    > HFNetChkPro 4 and Windows Update. I have all of the latest NAVCE updates,
    > and have completely scanned the HD twice. Nothing found. Spybot shows
    > nothing found as well. The individual sent messages include this:
    >
    > X-Mailer: Microsoft Outlook, Build 10.0.4510
    > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    >
    > So I am assuming that it truly is coming from my Outlook client and not from
    > some installed malware. So why doesn't the waiting message show up in the
    > OUT box? Why isn't Outlook following the rules about READ reciepts?
    >
    > I haven't re-opened the messages that sent them, as I would have several
    > hundred to go through to find it. I was hoping that someone here might have
    > a clue as to what I am clueless about.
    >
    > Jeff
    >
    > __________________________________________________________________
    > New! Unlimited Netscape Internet Service.
    > Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Act
    > now to get a personalized email address!
    >
    > Netscape. Just the Net You Need.
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    > course! All of our class sizes are guaranteed to be 10 students or less.
    > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    > and many other technical hands on courses.
    > Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    > any course!
    > ----------------------------------------------------------------------------
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    > course! All of our class sizes are guaranteed to be 10 students or less.
    > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    > and many other technical hands on courses.
    > Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    > any course!
    > ----------------------------------------------------------------------------
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    > course! All of our class sizes are guaranteed to be 10 students or less.
    > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    > and many other technical hands on courses.
    > Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    > any course!
    > ----------------------------------------------------------------------------

    -- 
    James W. Meritt CISSP, CISA
    Booz | Allen | Hamilton
    phone: (410) 684-6566
    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
    course! All of our class sizes are guaranteed to be 10 students or less. 
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
    and many other technical hands on courses. 
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
    any course!  
    ----------------------------------------------------------------------------
    

  • Next message: Jeff McLaughlin: "Securing Corporate Web Based Email"