[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ3i] spam-relay!?

Subject: Re: [cobalt-users] [RaQ3i] spam-relay!?
From: "Brian Curtis" <admin@xxxxxxxxxxx>
Date: Mon Dec 11 11:28:11 2000
Organization: Pomfret Computer Technologies
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Hey folks,
>
> I'm getting a report from one of my client subdomains on my server that
> he's receiving weird emails from somebody, with my server's main
> domain-name tacked on ala:
>
> From: "Hahaha" <hahaha@xxxxxxxxxxxxxxxxxxxxxxxx>
<mailto:hahaha@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> What could be going on here?  I looked through the maillog for the day
> in question when this was sent/recieved, but couldn't dredge up any
> "sexyfun.net" domain from all the lines...
>
> How can I best tell if I am being used as a spam relay?
>
> Thanks much all,
>
> ~ Theo


Have your client forward you the entire message including all headers and
take a look.  Chances are that it's just a spoofed "From:" address to make
it look like it's originating from your server.

On another note, **DO NOT** open the attachment included with the message.
It's the W32.Hybris virus.

Just to be safe, I'd run a virus check on all your WIN32 based workstations
which send/receive email on your server just to make sure one of them is not
infected.

--
Brian Curtis

References:
- [cobalt-users] [RaQ3i] spam-relay!?
  - From: Theodore Jones

Prev by Date: RE: [cobalt-users] Shell Tools Release 1.1-2 (includes RaQ2)
Next by Date: Re: [cobalt-users] <Off Topic>Virus</Off Topic>
Previous by thread: [cobalt-users] [RaQ3i] spam-relay!?
Next by thread: RE: [cobalt-users] [RaQ3i] spam-relay!?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index