spam experts explain how I got spam...

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rsfeller
Senior user
Senior user
Posts: 264
Joined: 2008-04-25 23:17
Location: Delware, Ohio, USA
Contact:

spam experts explain how I got spam...

Post by rsfeller » 2008-05-17 02:46

OK, hopefully I can explain this head scratcher (to me).

I have two domains on my test hmailserver. One is a xxx.org and the other is xxx.com. The "org" is live and testing while the "com" is not live. I have put users in pending the switch over but the MX record still points to another sever out in cyberspace.

I just ran the datadirectorysynchronizer.exe testing the movement of a data folder. While watching the status go by I saw items in the "com" folders!?!?!?!? This would be impossible as there should be no email coming to my sever for that domain, yet.

Does anyone know how the spam go in there? I noted that most of them were the same piece of spam in many different users accounts (again these accounts are not live, I simply put them in this week pending the switch).

WTF!?!?!

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Re: spam experts explain how I got spam...

Post by rodolfor » 2008-05-17 08:27

Someone could connect to your SMTP port using ip address, extract the domain name from welcome message or from other dns records and send you email.
You must activate SMTP logging and analyze (or post) the results.
Hmailserver [lastversion] + MSSQL

rsfeller
Senior user
Senior user
Posts: 264
Joined: 2008-04-25 23:17
Location: Delware, Ohio, USA
Contact:

Re: spam experts explain how I got spam...

Post by rsfeller » 2008-05-20 15:31

What should I be looking for in this logging? I have just turned it on from SMTP only.

This IP was a mail sever for 10 years and then off for one year, so I'm quite sure there are many services banging on it from previously.

Is this a security flaw of sorts with their servers banging on the door via IP to get the helo or just a common practice and side effect of SMTP?

NOTE: Log to come in a day.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: spam experts explain how I got spam...

Post by martin » 2008-05-20 18:59

People can guess addresses by looking at welcome message, helo message, DNS records and other things. This is a "limitation" in internet email in general.

Post Reply