[opensuse] OT: - e-mail problem
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP? Can anyone offer any advice or information on where to get advice? Thanks Phil -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Phil Burness wrote:
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP?
Can anyone offer any advice or information on where to get advice?
Don't worry, your system has most probably not been compromised. The back-scatter you're seeing is annoying, but there's not much you can do about it. Someone is sending emails with forged address = your address. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Jun 10, 2008 at 12:45 AM, Phil Burness
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP?
Can anyone offer any advice or information on where to get advice?
Look up Joe Job in wikipedia. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-06-10 at 08:45 +0100, Phil Burness wrote:
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP?
Can anyone offer any advice or information on where to get advice?
Very difficult to say anything precise without seeing complete samples of those emails. Probably not important, but a real nuisance. If you think your mail system might be compromised, there are some security sites that can run a test against you, I think. Examine your logs for strange mail being sent. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFITtvOtTMYHG2NR9URAppqAJ9bmKfXlxpDV/NPs3QcSWEvVf7JGgCgj2yC 6uODDRHx2RYRTvGk276LHpk= =esc5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 10 June 2008 20:53:49 Carlos E. R. wrote:
The Tuesday 2008-06-10 at 08:45 +0100, Phil Burness wrote:
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP?
Can anyone offer any advice or information on where to get advice?
Very difficult to say anything precise without seeing complete samples of those emails.
Probably not important, but a real nuisance.
If you think your mail system might be compromised, there are some security sites that can run a test against you, I think. Examine your logs for strange mail being sent.
-- Cheers, Carlos E. R. Hi Carlos, Here is a sample of the returned mail..
This message was created automatically by mail delivery software.
A message you sent could not be delivered to the following recipients:
chrpete@splunge.demon.co.uk
RSET
250 clearing sender and recipient list, go ahead
MAIL FROM:
On Tue, Jun 10, 2008 at 2:45 PM, Phil Burness
On Tuesday 10 June 2008 20:53:49 Carlos E. R. wrote:
The Tuesday 2008-06-10 at 08:45 +0100, Phil Burness wrote:
I am getting a multitude of e-mail delivery failure notices in my inbox from lot's of people I have not e-mailed. I guess my e-mail system is compromised in some way but I do not know how or where to look. I do not know if the problem is at my Linux machine or could it be at my ISP?
Can anyone offer any advice or information on where to get advice?
Very difficult to say anything precise without seeing complete samples of those emails.
Probably not important, but a real nuisance.
If you think your mail system might be compromised, there are some security sites that can run a test against you, I think. Examine your logs for strange mail being sent.
-- Cheers, Carlos E. R. Hi Carlos, Here is a sample of the returned mail..
This message was created automatically by mail delivery software.
A message you sent could not be delivered to the following recipients: chrpete@splunge.demon.co.uk
RSET 250 clearing sender and recipient list, go ahead MAIL FROM:
250 receiving from pburness@btinternet.com RCPT TO: 550 mailbox not found unnamed Received: from punt3.mail.demon.net by mailstore for chrpete@splunge.demon.co.uk id 1K5wLK-22FGPo-08-Fyn; Tue, 10 Jun 2008 05:24:26 +0000 Received: from [194.217.242.72] (lhlo=anchor-hub.mail.demon.net) by punt3.mail.demon.net with lmtp id 1K5wLK-22FGPo-08 for chrpete@splunge.demon.co.uk; Tue, 10 Jun 2008 05:24:26 +0000 Received: from [64.124.135.99] (helo=64.124.135.99.e190.presiduim.com) by anchor-hub.mail.demon.net with esmtp id 1K5wLJ-0004O8-S5 for chrpete@splunge.demon.co.uk; Tue, 10 Jun 2008 05:24:26 +0000 Message-ID: <000a01c8caba$03c74cbc$669294ae@jyapv> From: "gill safaa"
To: Subject: Free porno DVD's to download Date: Tue, 10 Jun 2008 03:36:36 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C8CABA.03C335B5" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Phil
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
From: "gill safaa"
On Tuesday 10 June 2008 14:27, John Andersen wrote:
...
From: "gill safaa"
Classic Joe Job.
Look Phil, you were already given the answer. see http://en.wikipedia.org/wiki/Joe_job
The concept and the consequences / evidence of this tactic were not new to me, but somehow I'd never seen that term before you mentioned it earlier today.
...
Welcome to the internet.
Odd. I was certain this was the matrix. My cat does little instant replays all the time...
-- ----------JSA---------
RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-06-10 at 15:44 -0700, Randall R Schulz wrote:
Classic Joe Job.
Look Phil, you were already given the answer. see http://en.wikipedia.org/wiki/Joe_job
The concept and the consequences / evidence of this tactic were not new to me, but somehow I'd never seen that term before you mentioned it earlier today.
Same here.
...
Welcome to the internet.
Odd. I was certain this was the matrix. My cat does little instant replays all the time...
Tell matrix support to replace the instant memory module. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFITxCZtTMYHG2NR9URAh26AJ4vSLI9rD8LrEBmoEKSO55eLL8mIgCePEjq 4kDskL0VhzkkMb4PF60hRhw= =jLCQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Jun 10, 2008 at 4:38 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-06-10 at 15:44 -0700, Randall R Schulz wrote:
Classic Joe Job.
Look Phil, you were already given the answer. see http://en.wikipedia.org/wiki/Joe_job
The concept and the consequences / evidence of this tactic were not new to me, but somehow I'd never seen that term before you mentioned it earlier today.
Same here.
Odd, I learned the term Joe Job before the term backscatter was in common usage. Any email address that appears on a web page just gets hammered with this kind of stuff. Spamassassin makes it so I never see this stuff. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Look Phil, you were already given the answer. see http://en.wikipedia.org/wiki/Joe_job
Any email address that appears on a web page just gets hammered with this kind of stuff.
Spamassassin makes it so I never see this stuff.
IMO, the problem with SA filtering is that it tends to classify proper MTA error messages as spam, too. I found that Bounce Address Tag Validation (BATV) is the real solution for that problem. That tags outgoing emails so one can decide if MTA error messages were really caused by one's own email or by a fake. http://mipassoc.org/batv/ is a good pointer for introductions and links to implementations for Postfix and Sendmail. Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jun 11, 2008 at 11:15 AM, Joachim Schrod
I found that Bounce Address Tag Validation (BATV) is the real solution for that problem. That tags outgoing emails so one can decide if MTA error messages were really caused by one's own email or by a fake. http://mipassoc.org/batv/ is a good pointer for introductions and links to implementations for Postfix and Sendmail.
Thanks! I didn't know about batv. It sounds helpful. Mike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Jun 12, 2008 at 8:45 AM, Michael Mientus
On Wed, Jun 11, 2008 at 11:15 AM, Joachim Schrod
wrote: I found that Bounce Address Tag Validation (BATV) is the real solution for that problem. That tags outgoing emails so one can decide if MTA error messages were really caused by one's own email or by a fake. http://mipassoc.org/batv/ is a good pointer for introductions and links to implementations for Postfix and Sendmail.
Thanks! I didn't know about batv. It sounds helpful.
Mike
Its still not easily integrated into postfix. Besides, any properly set up Spamassasin does this just fine. It knows your network, and can tell if the bouned messages were from your network. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-06-12 at 10:21 -0700, John Andersen wrote: [batv]
Besides, any properly set up Spamassasin does this just fine. It knows your network, and can tell if the bouned messages were from your network.
Could you expand on this a bit? :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIUXMJtTMYHG2NR9URAkDkAJ4twnOWGVHx0CsqSaVvho9BXu9xXwCfcD4M 73JUZmpHZF3TLyrXb06fYE4= =Q2TB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Jun 12, 2008 at 12:03 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-06-12 at 10:21 -0700, John Andersen wrote:
[batv]
Besides, any properly set up Spamassasin does this just fine. It knows your network, and can tell if the bouned messages were from your network.
Could you expand on this a bit? :-?
http://wiki.apache.org/spamassassin/TrustPath If the bounce contains source IPs that were mine (my external IP) the trustedpath algorithm seems to accurately send those thru to me. but those that were joe-jobs I never see. My Spamassassin also has the Vbounce plugin running. http://wiki.apache.org/spamassassin/VBounceRuleset It too has a list of trusted relays that my postfix relays thru (my hosting company's smtp server). Between the two of those things, I get my own bounces but all rest end up in the spam folder (unless they trigger my maximum score and get dev/nulled. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-06-12 at 12:53 -0700, John Andersen wrote:
Could you expand on this a bit? :-?
http://wiki.apache.org/spamassassin/TrustPath
If the bounce contains source IPs that were mine (my external IP) the trustedpath algorithm seems to accurately send those thru to me. but those that were joe-jobs I never see.
Ah... I don't have a fixed IP, so that one is not good for me.
My Spamassassin also has the Vbounce plugin running. http://wiki.apache.org/spamassassin/VBounceRuleset
It too has a list of trusted relays that my postfix relays thru (my hosting company's smtp server).
I'll have to look that one up.
Between the two of those things, I get my own bounces but all rest end up in the spam folder (unless they trigger my maximum score and get dev/nulled.
Thanks, I have some more reading now :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIUYJ7tTMYHG2NR9URAhdkAJ4xnih+gw9BqSnBIUXhExwTvnbBmgCaA7E3 Ba5HH0WhZyONrGXPhdjltV8= =9v/S -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Jun 12, 2008 at 1:09 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-06-12 at 12:53 -0700, John Andersen wrote:
Could you expand on this a bit? :-?
http://wiki.apache.org/spamassassin/TrustPath
If the bounce contains source IPs that were mine (my external IP) the trustedpath algorithm seems to accurately send those thru to me. but those that were joe-jobs I never see.
Ah... I don't have a fixed IP, so that one is not good for me.
Oddly, it doesn't seem to matter much as long as your dymamic IP has a few hours of life. Bounces arrive virtually instantly, and it seems like SA adjusts to the fact that it changes. My IP here changes very rarely, but its in a dynamic allocation pool, so I forward all outbound thru my Hosting site. (I'd forward thru comcast but their mail server is so pathetically slow I just can't stand it). -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 10 June 2008 16:38, Carlos E. R. wrote:
...
Welcome to the internet.
Odd. I was certain this was the matrix. My cat does little instant replays all the time...
Tell matrix support to replace the instant memory module.
I'd prefer to keep the indicators of the unreality of what I perceive to perceive but which is actually just injected into my afferent neurons at the base of my brainstem.
-- Cheers, Carlos E. R.
RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Randall R Schulz
I'd prefer to keep the indicators of the unreality of what I perceive to perceive but which is actually just injected into my afferent neurons at the base of my brainstem.
A-Hah, the *truth* comes, yer sittin on it :^) -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-ID:
Hi Carlos, Here is a sample of the returned mail..
It seems normal bounces from spam sent using your from address. A nuisance, but not your fault. Filter it. If you get a lot of it, then it is the Joe_job thing John says. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFITvdstTMYHG2NR9URAoVtAJ9RZcOUA1chfa6I6cemoLgM4uOcUwCfcMiN x4AHd6i7pfBHYI2ulmqm39A= =fmXC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Carlos E. R.
-
Joachim Schrod
-
John Andersen
-
Michael Mientus
-
Patrick Shanahan
-
Per Jessen
-
Phil Burness
-
Randall R Schulz