How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling? The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past? Thanks for any ideas? Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Mar 22, 2012 at 11:50 AM, Jim Flanagan
How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling?
The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past?
Thanks for any ideas?
Jim F
Jim, It's pretty trivial to set the reply / from address of a email to anything. So spammers will grab a email address out of the web somewhere and use it as a from address. They typically move on after a couple days in my experience, but you never know. The worse option is a lot of spambot viruses will infect a computer, grab the email info and start blasting emails as if they are from the computer owner. I've seen that numerous times on windows boxes. Never on a linux box, but I'm sure its just a matter of time. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 3/22/12 10:58 AM, Greg Freemyer wrote:
On Thu, Mar 22, 2012 at 11:50 AM, Jim Flanagan
wrote: How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling?
The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past?
Thanks for any ideas?
Jim F
Jim,
It's pretty trivial to set the reply / from address of a email to anything.
So spammers will grab a email address out of the web somewhere and use it as a from address. They typically move on after a couple days in my experience, but you never know.
The worse option is a lot of spambot viruses will infect a computer, grab the email info and start blasting emails as if they are from the computer owner.
I've seen that numerous times on windows boxes. Never on a linux box, but I'm sure its just a matter of time.
I've seen windows boxes do his too. Glad i'm on Linux. Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Jim Flanagan
How would a spammer get a valid email address on my opensuse postifx server? I run a home postfix email server with a handfull of users. At least 2 of those users are getting spammed from what appears to be another user on this server. That one is little used and has a name with unique spelling. How would someone get that name and spelling?
The header shows its coming from some IP address other than mine, with a different return path, but has this unique spelling of this users name? Could this have been retrieved from my server in any way? Or just from an email that user sent out in the past?
It is most likely taken from a post. It is trivial to look at the headers and/or envelope of a message and read addresses and ip's. I frequently receive spam having my own posting address with an alien ip. An address is public after *one* posting :^( -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 22/03/2012 16:50, Jim Flanagan a écrit :
How would a spammer get a valid email address on my opensuse postifx server?
as other said, it may be found in any public web page used by your user. I also have all he day robots that scan first names on my server and if found sent spam to them. I no more use such first name for accounts, but old ones are regularly spammed jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 3/22/12 11:35 AM, jdd wrote:
Le 22/03/2012 16:50, Jim Flanagan a écrit :
How would a spammer get a valid email address on my opensuse postifx server?
as other said, it may be found in any public web page used by your user.
I also have all he day robots that scan first names on my server and if found sent spam to them. I no more use such first name for accounts, but old ones are regularly spammed
jdd
Thanks Patrick and jdd for the good info. Much appreciated. Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Greg Freemyer
-
jdd
-
Jim Flanagan
-
Patrick Shanahan