+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Spam spam spam... in Technical; ...
  1. #1
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29

    Spam spam spam...

    One of my colleagues is getting lots of mail like the following:

    From: System Administrator
    Sent: 31 March 2008 10:01
    To: <colleague>
    Subject: Undeliverable: {Spam?} Упрощенная система налогообложения в 2008 г.

    Your message did not reach some or all of the intended recipients.

    Subject: {Spam?} Упрощенная система налогообложения в 2008 г.
    Sent: 31/03/2008 08:12

    The following recipient(s) could not be reached:

    foo@pgpi.ru on 31/03/2008 10:04
    The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
    <mail-pgpi.pgpi.local #5.1.1>
    From: System Administrator
    Sent: 31 March 2008 12:01
    To: <colleague>
    Subject: Undeliverable: *****SPAM***** Hermes

    Your message did not reach some or all of the intended recipients.

    Subject: *****SPAM***** Hermes
    Sent: 01/04/2008 05:19

    The following recipient(s) could not be reached:

    gerichdd@neoperl.com on 31/03/2008 11:58
    The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
    < mail1.nrgnetworks.com #5.0.0 smtp; 550 unknown user <gerichdd@neoperl.com>>
    It obviously looks like it's being bounced back to here. Is it likely her machine is zombified, or is it just speculative spam? It's coming from all over the place.

    Bottom line, how do i stop it? She's getting about 30 per day atm.

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,599
    Thank Post
    109
    Thanked 765 Times in 596 Posts
    Rep Power
    181
    Those messages do look like bounce backs... her machine isn't being used as a relay is it?

    Get the AV and AS tools out!

  3. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,462
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    Sometimes the domain or address is used, I've had over 4000 bounced back in a single day before, and it certainly wasn't a compromised machine.

  4. #4
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29
    AV came back clean (McAfee 8.5). I'll try a SpyBot search today methinks.

    Is there a way to check Exchange to see if her account is indeed sending out those emails initially?

  5. #5

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,599
    Thank Post
    109
    Thanked 765 Times in 596 Posts
    Rep Power
    181
    @Ryan: You can use message tracking to see what mail has been sent from her account.

  6. #6
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29
    I've turned on message tracking to see if that yields anything. Thanks Ric

    @DMcCoy - how did you resolve that? Or did you?

  7. #7

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,727
    Thank Post
    909
    Thanked 1,329 Times in 809 Posts
    Blog Entries
    1
    Rep Power
    446
    Quote Originally Posted by Ryan View Post
    @DMcCoy - how did you resolve that? Or did you?
    There is nothing you can do if a spammer spoofs email to come from your domain. You just need to control the NDR messages really.

  8. #8
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29
    Quote Originally Posted by ZeroHour View Post
    You just need to control the NDR messages really.
    Go on...

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by ZeroHour View Post
    There is nothing you can do if a spammer spoofs email to come from your domain.
    You could implement SPF.

    SPF: Project Overview

  10. #10

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,727
    Thank Post
    909
    Thanked 1,329 Times in 809 Posts
    Blog Entries
    1
    Rep Power
    446
    @Geoff: SPF is still considered fairly toothless. Not many truely use it to weight against a server. I have used SPF in the past and even when I break the SPF (so it read "fail" in the header) the email still does not get filtered.

    @Ryan: there is not much you can do to block NDR's as you still need them for real NDR. Just educate the staff saying if you receive a bounce and didnt send anything, ignore it generally.

  11. #11
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    29
    Hmm. It may be time to bite the bullet and give her an alternate email address then. Cheers lads.

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by ZeroHour View Post
    @Geoff: SPF is still considered fairly toothless. Not many truely use it to weight against a server. I have used SPF in the past and even when I break the SPF (so it read "fail" in the header) the email still does not get filtered.
    I do, because I have an up to date Spam Assassin installation. It will factor in SPF information in it's 'spaminess' score. While I agree SPF isn't the perfect solution, it's one of the best ones on the table at the moment. So unless you can come up with a better idea, what's the problem with implementing it. Even if it doesn't get rid of all the spam, it'll cut down on a percentage.

  13. #13

    Join Date
    Dec 2005
    Location
    Essex
    Posts
    85
    Thank Post
    7
    Thanked 5 Times in 5 Posts
    Rep Power
    18
    Quote Originally Posted by ZeroHour View Post
    @Geoff: SPF is still considered fairly toothless. Not many truely use it to weight against a server. I have used SPF in the past and even when I break the SPF (so it read "fail" in the header) the email still does not get filtered.
    I have implemented it, and I know for a fact it is used by hotmail servers. When I have tested it and it blocks email fine. Perhaps you misconfigured your spf record?

SHARE:
+ Post New Thread

Similar Threads

  1. Spam
    By kmount in forum Comments and Suggestions
    Replies: 2
    Last Post: 30th March 2008, 05:48 PM
  2. Spam
    By tartarus in forum Wireless Networks
    Replies: 21
    Last Post: 2nd January 2008, 02:37 PM
  3. how do you like your spam ?
    By callumtuckey in forum General Chat
    Replies: 7
    Last Post: 4th October 2007, 12:35 PM
  4. Spam, spam, spam, spam, spam, beans, sausage, spam.
    By indie in forum How do you do....it?
    Replies: 14
    Last Post: 13th June 2006, 07:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •