E-mail Spam - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: E-mail Spam

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Ok. The first one is an effect of probably Sobig.F. Unfortunately, there's not much you can do about it other than delete it.

    The others have advice that you should follow:

    Send your questions to blacklist-admin@admin.cablespeed.com
    Send your questions to blacklist-admin@admin.cablespeed.com
    Since both of those ISPs seem to be using SpamCop you may want to visit that. If you find your ISP is listed there, then get them to deal with this (it means they have an open relay). If [quote="http://www.spamcop.net/bl.shtml"]your IP[/url] is listed there, then you need to check your machine to see if you have port 25 open (this would indicate a SMTP server is running and potentially an open relay). Open relay means an SMTP server that sends emails even tho' the source address isn't valid and the IP doesn't match with the source (that is one that fits their range of IPs).

    You did inadvertantly leave your IP in one of those messages so I did a check and lo' and behold I got this:

    Query bl.spamcop.net - 24.xx.yy.zz
    24.xx.yy.zz is ms-smtp.xx.yy.zz.rr.com

    24.xx.yy.zz not listed in bl.spamcop.net

    Since SpamCop started counting, this system has been reported about 20 times by less than 10 users. It has been sending mail consistently for at least 62.4 days. In the past 20.7 days, it has been listed once for a total of 23 hours

    * In the past week, this system has: Been witnessed sending mail about 5580 times

    A sample sent sometime during the 24 hours beginning Thu Apr 22 20:00:00 2004 -0400:
    Received: from -.-.-.com (-.-.-.com [24.93.47.43])
    by -.-.net (-.-.-.-.-) with - id -
    for <-@-.net>- Fri, - Apr 2004 - -
    Subject: attention - bonnie
    From: li.. at ..h.com

    A sample sent sometime during the 24 hours beginning Mon Apr 5 20:00:00 2004 -0400:
    Received: from -.-.-.com (-.-.-.com [24.93.47.43])-
    by -.-.net (-.-.-.-.-) with - id -
    Mon, - Apr 2004 - -
    Subject: - hello - sweetheart
    From: sk.. at ..l.net
    The bolded section is interesting. Unless you're running the email server, someone has. And given the name ms-smtp makes me think Microsoft SMTP (exchange?).

    Do a quick netstat -a and see if port 25 is open. If not, then you need to go and talk with Road Runner about their policies (talk to a manager not one of the flakes on the front line)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Member
    Join Date
    Nov 2003
    Posts
    58
    I have got these mysterious returned mails in my hotmail also. But hotmail.... I am not using Outlook express, how could this happen?

  3. #13
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    reason: 591 your host [24.93.47.43] is blacklisted by bl.spamcop.net.
    Is this your IP address? When I checked it, it seemed to be roadrunner's mail server.

    [rcgreen@acer rcgreen]$ telnet 24.93.47.43 25
    Trying 24.93.47.43...
    Connected to 24.93.47.43.
    Escape character is '^]'.
    220 ms-smtp-04.texas.rr.com ESMTP Welcome to Road Runner. WARNING: *** FOR AUTHORIZED USE ONLY! ***
    Otherwise, you have a trojan running a mail relay on your machine.
    I came in to the world with nothing. I still have most of it.

  4. #14
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I have got these mysterious returned mails in my hotmail also. But hotmail.... I am not using Outlook express, how could this happen?
    spellabc, might be the same reason I pointed out earlier: someone else is infected with a virus (possibly Sobig.F) and it's generating fake returned mails or is using your address as the source of emails being sent out to fake destinations (thus resulting in you getting the return email along with the infected attachment -- although I believe that hotmail removes infected attachments).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #15
    Junior Member
    Join Date
    May 2004
    Posts
    7
    MsMittens--
    Funny you mentioned port 25. Yesterday I ran a scan with TDS-3 on my ports and 25 was open. TDS-3 closed it.

  6. #16
    Junior Member
    Join Date
    May 2004
    Posts
    7
    Ok..I just checked again this AM. Port 25 is open again. How do I close it and keep it closed?

  7. #17
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Zetin, sounds like there is indeed a mail server running on your machine then. One way to find it would be to run netstat -aop (in respective order, this will show all connections and listening ports, what process is running each service that is listening and what protocols are being used -- usually UDP or TCP). Another tool that might be helpful is ProcessExplorer which also might show "unusual" processes.

    Are you by any chance running IIS and which version of Windows are you running?

  8. #18
    Junior Member
    Join Date
    May 2004
    Posts
    7
    IIs? We are running Windows XP

  9. #19
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    IIS is Internet Information Services and is an add-on that provides web, ftp, gopher and smtp. I asked because often when it's setup the default is to have SMTP on. You need to find the process running SMTP (simple mail transfer protocol)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides