PDA

View Full Version : Email Spam problem



sandman
10-11-2005, 09:38 AM
I've got this spammer that is sending emails out using the domain in my sig. I cannot figure out how he is doing it based on the following setup:

- I am currently outsourceing my email to Everyone.net
- The MX is being forwarded to Everyone.net (so it works).
- I still have an email account on the local server so I can get emails from the site software and a contact form that I have setup.
- I only get emails on the server account from an email that is sourced from the server itself (due to the MX redirect).
- All other email dumps into my everyone.net account. Even email that was origianlly sent from the server account and replied to.

- One form of email that goes to my server account is when a user is "watching a topic" but their email is not valid. I get a fail email (For expample).

About 4 days ago a spammer started using the domain under about 4 different email names to send out spam. I found this out as I am getting the bouncebacks from this efforts. What is getting me is that I am getting the bouncebacks on my server account. If somebody was spoofing or setting up an everyone account, it would go to everyone.net email but not the server email.

So.... I was thinking an exploit in the site software. I use phpBB to run pretty much everything. Going through the server logs does not show anything (that I know to look for), There are no server email accounts besides the one that I use in the control panel. Just for fun I checked the accounts that people have setup through the everyone.net service and nothing there.

Right now I am leaning towards a phpBB exploit. I have it all up to date and nothing else out of the ordinary is going on that I know of. Searching around had not found much. As near as it looks to me, somebody is sending the email out from the server itself in some fashion.

Anyway, before I post it up on phpBB.com I was wondering if anybody else has gone through something like this and if there is anything that I am missing or should be looking for.

Thanks!

r2d2
10-11-2005, 10:56 AM
Can you look at one of the headers from the spam emails? Will that tell you more about how its happening?

I assume by spoofing you mean to fake the 'from' address, so it just superficially looks like it came from you but actually came from another account?

(Just suggestions here - I don't know too much beyond setting up basic email accounts :) )

sandman
10-12-2005, 08:06 AM
Thanks for the suggestion!

I looked at the headers and traced the first IP and it the emails are sourced out of China. It does not look like there is much I can do about it as it seems that it is being spoofed.

I might put a blurb up on my site about it so I dont get too much hate mail about it. :rolleyes: