[Dshield] SPAM email using my smtp server host name

John Sage jsage at finchhaven.com
Thu Dec 4 20:23:21 GMT 2003


Kane:

Not quite sure what you mean, but...

On Thu, Dec 04, 2003 at 10:11:08AM -0800, Kane Wong wrote:
> Date: Thu, 4 Dec 2003 10:11:08 -0800
> From: "Kane Wong" <kwong at cwalkergroup.com>
> To: "General DShield Discussion List" <list at dshield.org>
> Old-X-Envelope-To: list at dshield.org
> Subject: [Dshield] SPAM email using my smtp server host name
> 
> Recently, I found some spam email which is using the host name of my
> smtp server as the recipient (To:) address.  Do your guy know how the
> spammer find my host name as their destination email address? 
> 
> For example; if my host name is called smtp.abc.com, then they would
> put xxxxx at smtp.abc.com in the To: field and target to my own mailbox.


...do you mean "smtp server" like this:

[jsage at sparky ~] $ dig @greatwall mx cwalkergroup.com

; <<>> DiG 9.2.1 <<>> @greatwall mx cwalkergroup.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40713
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cwalkergroup.com.      IN   MX

;; ANSWER SECTION:
cwalkergroup.com. 3579  IN   MX      10 mail3.cwalkergroup.com.
cwalkergroup.com. 3579  IN   MX      20 mail.cwalkergroup.com.
/* snip */


If your domain name is out anywhere in any public forum, it's not too
hard for someone to get to your mail server name from your domain's MX
record.

Additional information is in your email headers:

/* snip */
Received: from unknown (HELO Appe250.cwalkergroup.com) (64.114.164.9)
  by 0 with SMTP; 4 Dec 2003 18:10:27 -0000
Received: from unknown(192.168.30.6) by Appe250.cwalkergroup.com via
  csmap
  id 24247; Thu, 04 Dec 2003 10:13:13 -0800 (PST)
/* snip */



- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.




More information about the list mailing list