[Dshield] SPAM email using my smtp server host name

Johannes B. Ullrich jullrich at sans.org
Thu Dec 4 20:15:42 GMT 2003


If a spammer connects directly to your mail server, they can send
messages without specifying the domain. The mail server will just add a
default domain (usually the host name) to this userid provided by the
spammer.

Depending on your mail server, it may be possible to just drop these
messages. In particular if this is just a mail relay and you don't get
any local mail from this particular system (but that can be dealt with
as well).



On Thu, 2003-12-04 at 13:54, Dshield Contributor wrote:
> I would like to add my request for the same help on this one.
> 
> Anyone know?
> 
> Kane Wong wrote:
> 
> "Recently, I found some spam email which is using the host name of my
> smtp server as the recipient (To:) address.  Do your guy know how the
> spammer find my host name as their destination email address?"
> 
> "For example; if my host name is called smtp.abc.com, then they would
> put xxxxx at smtp.abc.com in the To: field and target to my own mailbox."
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031204/38aa1f81/attachment.bin


More information about the list mailing list