On Thu, Mar 22, 2012 at 11:50 AM, Jim Flanagan wrote:

How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling?

The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past?

Thanks for any ideas?

Jim F

Jim, It's pretty trivial to set the reply / from address of a email to anything. So spammers will grab a email address out of the web somewhere and use it as a from address. They typically move on after a couple days in my experience, but you never know. The worse option is a lot of spambot viruses will infect a computer, grab the email info and start blasting emails as if they are from the computer owner. I've seen that numerous times on windows boxes. Never on a linux box, but I'm sure its just a matter of time. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

* Jim Flanagan [03-22-12 11:51]:

How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling?

The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past?

It is most likely taken from a post. It is trivial to look at the headers and/or envelope of a message and read addresses and ip's. I frequently receive spam having my own posting address with an alien ip. An address is public after *one* posting :^( -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org