spam coming from my server?..

DA-Rff

Verified User
Joined
Dec 4, 2006
Messages
119
I keep getting bounced emails which are supposedly sent from my email server, with server name: server.myserver.com as used in the header below.

Here are the headers, can anyone tell me if these emails originate from my server? And if so how to correct this?

tnx, here is the header

Return-path: <[email protected]>
Received: from 74-129-96-11.dhcp.insightbb.com ([74.129.96.11] helo=DB8RNHB1Kenneth)
by server.myserver.com with esmtpa (Exim 4.69)
(envelope-from <[email protected]>)
id 1QKJlq-000AUL-NA
for [email protected]; Thu, 12 May 2011 02:28:51 +0200
MIME-Version: 1.0
Date: Wed, 11 May 2011 20:25:13 -0400
X-Priority: 3 (Normal)
Subject: =?iso-8859-5?Q?=BF=DE=DC=DD=D8_=DF=E0=DE_=DE=E2=DF=E3=E1=DA?=
Content-Type: text/html;
charset="iso-8859-5"
Content-Transfer-Encoding: quoted-printable
From: [email protected]
Reply-To: [email protected]
To: [email protected]
X-Mailer: Ximian Evolution 2.3.1 (2.0.1-6)
Message-ID: <CHILKAT-MID-91c70c28-feaa-93d6-b9f8-9cd12ff6d248@DB8RNHB1Kenneth>
 
Last edited:
Seems yes, maybe a user website has been hacked or the user password was not strong.

Usually if is from a php script you should have (in the sent header email) a line like X-PHP: path (with the path of the script that is sending).

If not there are two reason:

1- you didnt secure php
cd /usr/local/directadmin/custombuild
./build secure_php

2- the password was too easy and emails are sent using smtp with user and pass authentication.

Hope this help.

Regards
 
Andrea, thanks for your reply.

I have received word form my server admin that the server is nog hacked, but that apparently the headers show it is a forged email sending, something like spoofing.

Trouble is that I have no way to distinguish between the two.

Could you explain perhaps why you think this email was sent from my server, what exactly in the header make you think that?

thanks
 
Well is not by the header but just a conclusion cause you sayd that those email are coming to you like you sent to a non-valid address.

The header is the returning email header, not the sent one (that usually should be in the body of the message).

Try to check if in the body of those email you receiving there is the original mail header (the one that is supposed to be sent from you to them).

Regards
 
If the headers you sent are from the email that was sent out, then if the IP# 74.129.96.11 isn't your server, then the email isn't from your server.

Jeff
 
If the headers you sent are from the email that was sent out, then if the IP# 74.129.96.11 isn't your server, then the email isn't from your server.

Jeff

Thanks Jeff, that IP is not my server, so it is spoofing then.

What can I do about this? I have now deleted that emailaddress, but it is an important business address.

Any ideas what to do with this?

tnx
 
Back
Top