I do not have a badhelo file but I do have a badmailfrom and badmailto.
So, what is happening here?
Do I have a bad machine out there posing as one of my accounts on my
domain sending from another domain?
Or has someone cracked his password and using his account remotely from
another host outside of my network.
I only have the one mailserver at 63.147.8.8 just for wletc.com.
If you are outside of the wletc.com domain you have to have
authentication checked on your mail client.
I also have spamdyke running.
Is there a way I can tell spamdyke to catch stuff like this?
Aleksander Podsiadly wrote:
W dniu 01.11.2009 17:00, David Milholen pisze:
Hello All,
I have an account on our system that seems to think we have been
compromised because he received a few hundred undeliverable messages
from our server.
It looks like something tried to forge his email address thru another
domain.
Here is the header:
The wletc.com domain is my domain.
I am having trouble figuring out why *...@66.173.241.56 *is trailing the
email address.
If anyone can give me some insight on what is happening here would be
great!
*Hi. T*his is the qmail-send program at ns2.wletc.com.
*I'm afraid I wasn't able to deliver your message to the
following addresses.
This is a permanent error; I've given up. Sorry it didn't work
out.
: User and password not set, continuing without authentication.
98.137.54.237 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a
yahoo.com account
(mobil_unloc...@yahoo.com ) [0] - mta171.mail.sp2.yahoo.com
/--- Below this line is a copy of the message.
Return-Path:
Received: (qmail 20793 invoked by uid 89); 30 Oct 2009 16:39:17 -0000
Received: by simscan 1.3.1 ppid: 20676, pid: 20789, t: 0.2022s
scanners: attach: 1.3.1
Received: from unknown (HELO localhost.localdomain) (gbutt...@wletc.com
@66.173.241.56)
by ns2.wletc.com with ESMTPA; 30 Oct 2009 16:39:17 -0000
From:"YAHOO MARKETING SOLUTIONS"
To:
Subject: ACCOUNT SUSPENSION
Content-type: text/html; charset=us-ascii
*
*
*
Edit your /var/qmail/control/badhelo file, no one smtp client should
say that he is:
8<--
# block host strings with no dot (not a FQDN)
!\.
localhost\.localdomain
ns2\.wletc\.com
mail\.wletc\.com
63\.147\.8\.8
8<-- EOT
Pozdrawiam / Regards,
Aleksander Podsiadły
mail: a...@westside.kielce.pl
jid: a...@jabber.westside.kielce.pl
ICQ: 201121279
gg: 9150578
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com