RE: Disturbing email
by "Mike Carlson" <domitianx(at)domitianx.com>
|
| Date: |
Thu, 13 Sep 2001 18:53:08 -0500 |
| To: |
"'Hank Marquardt'" <hmarq(at)yerpso.net>,
"'Juliana Halvorson'" <juliana(at)graphmaster.com> |
| Cc: |
<hwg-techniques(at)mail.hwg.org> |
| In-Reply-To: |
yerpso |
| |
todo: View
Thread,
Original
|
|
When you set up your mail client you can put anything you want as the
return address.
I get those in my hotmail account all the time. The sent address is the
address it was sent to.
************************
Mike Carlson
http://www.domitianx.com
domitianx(at)domitianx.com
Thought Of The Moment:
"My software never has bugs. It just develops random features."
************************
> -----Original Message-----
> From: owner-hwg-techniques(at)hwg.org
> [mailto:owner-hwg-techniques(at)hwg.org] On Behalf Of Hank Marquardt
> Sent: Thursday, September 13, 2001 5:18 PM
> To: Juliana Halvorson
> Cc: hwg-techniques(at)mail.hwg.org
> Subject: Re: Disturbing email
>
>
> The guess would be someone used your mailserver to send you
> email ... very little you can do to prevent this. The fact is
> they were really probably testing whether you could/would
> open relay mail elsewhere, but that probably failed so they
> sent you a message instead; ... check your root account on
> the mail server (or postmaster or whatever your default
> account is) and see if there are any bounced messages
> resulting from an outside connect trying to relay mail --
>
> If you have any of those, you can reverse dns the IP and mail
> to abuse@thatdomain, but don't hold your breath.
>
> For the mail servers I run there are dozens of these attempts
> daily -- I don't even bother with the abuse mails, all this
> stuff just goes to /dev/null and shows up in my security log
> summary in the morning.
>
> If you want to see how to do this manually, do a google
> search on "telnet smtp" or "telnet mail relay" ... you'll
> find something to show you a simple example of what's going
> on -- bottom line, if you run a mail server, people will try
> to use it.
>
> On Thu, Sep 13, 2001 at 02:32:37PM -0600, Juliana Halvorson wrote:
> >
> > My apologies if this is not the correct group.
> >
> > Today I received an email where the reply to address was from my
> > domain
> > - although it was not from my domain! Is there any way I
> can find out
> > exactly where it came from to stop this from happening again?
> >
> > Is there any legal recourse I can take to prevent this?
> >
> > Any suggestions would be greatly appreciated.
> >
> > Thanks in advance!
> > Juliana
>
> --
> Hank Marquardt <hank(at)yerpso.net>
> http://web.yerpso.net
>
> Web & Database Development in PHP, MySQL/PostgreSQL
> Small Office Networking Solutions - Debian GNU/Linux &
> FreeBSD PHP Instructor - HTML Writers Guild
<http://www.hwg.org>
*** Beginning PHP -- Starts August 20, 2001
*** http://www.hwg.org/services/classes/p171.3.html
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA