Re: Spoofed Mails

Wed, 05 Apr 2006 11:24:12 -0700

If you have logging turned on, you can see (in the logs/sendmail file) which user was sending mails. Do you have access to all of the headers? Presumably, since your host shut down your account, they verified the headers were coming from your own machine. If you gave an account to a spammer, you shouldn't do that. It doesn't matter what the reply-to or anything is set to. Maybe someone guessed a password? 

On Wed, 5 Apr 2006, Nipun Jain wrote:


No, my domain is not blacklist. I could not check for open mail relay at
checkor.com as its not working right now. But I tried some other sites which
said that my server was not an open relay. Maybe you can try to check it out
yourself, my domain is www.ccet.in. Also I am the sole user of my machine,
so the unscruplous user is remote. If it helps, the webserver is not on my
machine, its a remote shared webhosting (cPanel).
Can anyone check to spoof an email by setting up their reply to address as
something else? Does they face the same problem?

On 4/5/06, Nipun Jain <[EMAIL PROTECTED]> wrote:


 I am facing a problem of email spoofing with my webmail (running on
roundcube).

Some unscruplous person(s) using my webmail has set their reply to address
as [EMAIL PROTECTED] and / or [EMAIL PROTECTED]  in their
identity and is / are using that identity to send email to other people on
their webmail account at mydomain.com. Now the recipient gets fooled by
this spoofed mail as roundcube (and maybe other web based email) displays
the sender as the spoofed email id ( i.e. [EMAIL PROTECTED] or
[EMAIL PROTECTED]) and not the actual email id used to send the
email. I myself have received a couple of such mails and was perplexed to
see to get an email from [EMAIL PROTECTED] as I am the admin, and
my email is [EMAIL PROTECTED] ([EMAIL PROTECTED] does not
exist). I tried to figure out the actual email id by reading the email
headers but it didnt show the actual email id, only showed the spoofed email
id as [EMAIL PROTECTED] (or [EMAIL PROTECTED]).

Now is this supposed to work this way? I mean setting the reply to field
to any email address in roundcube enables one to spoof the sender's email
id? Is there any way to disable the "Reply To" field in roundcube so that
users are unable to send spoofed mails?





**************************************
Jon Daley
http://jon.limedaley.com/

Complex problems have simple, easy to understand, wrong answers.
-- Grossman's Misquote
























					Reply via email to