• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 980
  • Last Modified:

spam problem

i get lots of spam from myself.
do you know what's wrong with it from header?
Received:  from odc-mgw02.xxx.com ([165.241.62.227])          by test.jp.xxx.com (Lotus Domino Release 7.0.3FP1)          with ESMTP id 2008111202294705-62660 ;          Wed, 12 Nov 2008 02:29:47 +0900
X_AuditID:  0a31b1e1-a9050bb000001130-ec-4919c10ab250
Received:  from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3])	by odc-mgw02.xxx.com (Symantec Mail Security) with SMTP id C4DAF3DC002	for <john.john@xxx.com>; Wed, 12 Nov 2008 02:29:46 +0900 (JST)
X_Env_Sender:  john.john@xxx.com
X_Msg_Ref:  server-4.tower-172.messagelabs.com!1226424584!26152912!1
X_StarScan_Version:  5.5.12.14.2; banners=-,-,-
X_Originating_IP:  [82.54.237.244]
X_SpamInfo:  blackholed by DUL
X_Spam_Flag:  YES
Subject:  SPAM:  I found driving license
Received:  (qmail 2038 invoked from network); 11 Nov 2008 17:29:45 -0000
Received:  from host244-237-dynamic.54-82-r.retail.telecomitalia.it (HELO host177-43-dynamic.183-80-r.retail.telecomitalia.it) (82.54.237.244)  by server-4.tower-172.messagelabs.com with SMTP; 11 Nov 2008 17:29:45 -0000
SendTo:  <john.john@xxx.com>
From:  <john.john@xxx.com>
MIME_Version:  1.0
Importance:  1
$MessageID:  <20081111172946.C4DAF3DC002@odc-mgw02.xxx.com>
PostedDate:  11/11/2008 11:29:46
X_Brightmail_Tracker:  AAAAAA==
$MIMETrack:  Itemize by SMTP Server on test/SVR/xxx CORP(Release 7.0.3FP1|February 24, 2008) at 2008/11/12 02:29:47,MIME-CD by Notes Client on john john/JP/xxx CORP(Release 5.0.10 |March 22, 2002) at 11/12/2008 14:30:39,MIME-CD complete at 11/12/2008 14:30:39
SMTPOriginator:  john.john@xxx.com
HasSafeStamp:  
RouteServers:  CN=test/OU=SVR/O=xxx CORP,CN=test/OU=SVR/O=xxx CORP
RouteTimes:  11/11/2008 11:29:47-11/11/2008 11:29:48,11/11/2008 11:31:00-11/11/2008 11:31:01
$Orig:  
$UpdatedBy:  CN=test/OU=SVR/O=xxx CORP,CN=test/OU=SVR/O=xxx CORP
Categories:  
$Revisions:  
DeliveredDate:  11/11/2008 11:31:01
 
If you are unable to see the message below, click here to view.

Open in new window

0
Hiroyuki Tamura
Asked:
Hiroyuki Tamura
  • 5
  • 5
4 Solutions
 
war1Commented:
Hello hiroyuki718,

Someone is spoofing your address and sending spam mail as you.  Make sure your computer is not an open relay
http://www.postcastserver.com/help/Blocking_Open_Relays.aspx
and
http://support.microsoft.com/kb/324059

If you have control of the server, you can Integrate SPF and DomainKeys, which would help to stop spoofing in the future:

SPF:
http://www.openspf.org/

DomainKeys:
http://domainkeys.sourceforge.net/

Hope this helps!
war1
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
messagelab spam filter can catch this spam.
but i guess if i block this spammer, SPF or Domainkeys is the only way...
if i leave it, i get more spams... any other damage to me?
0
 
Hiroyuki TamuraAuthor Commented:
and which line exactly tells "spoofing"? from snippet
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
war1Commented:
The combination of sending server which is not yours and from address which is yours show that spoofing is occurring.
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
which line shows sending server?
0
 
war1Commented:
It is usually the last Received line in the header

Received:  from host244-237-dynamic.54-82-r.retail.telecomitalia.it (HELO host177-43-dynamic.183-80-r.retail.telecomitalia.it) (82.54.237.244)  by server-4.tower-172.messagelabs.com with SMTP; 11 Nov 2008 17:29:45 -0000
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
we use frame relay to connect vpn to our main server.
can you guess what's the possibility they find our address?
0
 
war1Commented:
You left your address in a public website?  You sign up to a bad website, like pronography or shopping website, that collect addresses for spam.
0
 
Hiroyuki TamuraAuthor Commented:
Thank you.
0
 
war1Commented:
You are welcome, hiroyuki !
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now