[Dshield] SPAM email using my smtp server host name

Chris Brenton cbrenton at chrisbrenton.org
Thu Dec 4 21:17:58 GMT 2003


On Thu, 2003-12-04 at 13:54, Dshield Contributor wrote:
> I would like to add my request for the same help on this one.
> 
> Anyone know?
> 
> Kane Wong wrote:
> 
> "Recently, I found some spam email which is using the host name of my
> smtp server as the recipient (To:) address.  Do your guy know how the
> spammer find my host name as their destination email address?"

Do you mean the "from" address? If so, this is an old trick and has been
around for quite some time. Two possibilities:

1) If your MTA does not require the "From:" command to include a FQDN,
the spammer can just give a user name and your local domain will be
appended. Note that default Sendmail is safe from this attack.

2) Some spammer software will act as a name server as well as an MTA.
This means the software does your MX lookup so its just a matter of
passing this variable off to the MTA process to use as part of the from
address. Note that you can't fix this unless your MTA requires
authentication prior to acceptance, something I don't think anyone does
by default.

HTH,
C







More information about the list mailing list