Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Spam and SMTP Relay question

Spam and SMTP Relay question 9 years 8 months ago #20264

  • psiclonius
  • psiclonius's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
Hi Everyone,

I'm getting random e-mails from address that appear to be coming from my domain. None of the addresses are real, but I would like to know what's going on and how to prevent it. Here is the internet header for one of the messages:


Received: from host253-36.pool8291.interbusiness.it [82.91.36.253] by AmSher.com
(SMTPD-8.22) id A670169604; Thu, 15 Mar 2007 16:11:12 -0500
Return-path: <dgbwjp@amsher.com> (...Fake address)
X-Original-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: from [82.91.36.253] (port=4431 helo=host253-36.pool8291.interbusiness.it)
by mail.amsher.com with esmtp
id 278563-278563-05
for This email address is being protected from spambots. You need JavaScript enabled to view it.; Thu, 15 Mar 2007 22:11:06 +0100 (EET)
Message-ID: <063201c7674e$01c7674e$fd245b52@amsher.com>
From: "Marcelino" <dgbwjp@amsher.com> (...Fake address)
To: "Clay" This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: registrant than enumerate
Date: Thu, 15 Mar 2007 22:11:06 +0100 (EET)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0630_01C76746.72370AD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RCPT-TO:
Status: U
X-UIDL: 460676837
X-IMail-ThreadID:
The administrator has disabled public write access.

Re: Spam and SMTP Relay question 9 years 8 months ago #20268

This is generally called Email Forging/Spoofing.

Do a search on email spoofing. Here are some resources:

www.cert.org/tech_tips/email_spoofing.html

en.wikipedia.org/wiki/Email_spoofing
The administrator has disabled public write access.

Re: Spam and SMTP Relay question 9 years 8 months ago #20270

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
It is very easy to spoof the sender/from address due to difincies within the SMTP/ESMPT protocol. Some Malware will do this to make it look like its come from your own domain to try and trick people into opening the e-mail thinking that its legitimate e-mails from the company.

It is however very difficult to spoof the address of where it has come from in the first place. As you can see from your output

[code:1]Received: from host253-36.pool8291.interbusiness.it [82.91.36.253] [/code:1]

Is the address of where the e-mail originated. If you do some digging though its probably some sort of ISP so it would probably be a waste of time trying to track it through the company who owns that address space. You will see its coming from Italy.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup