DNS & Email Spoofing
Aug 4, 2008
I got an email "failure delivery notification" but i did not sent that email. It had my email address though.
So I contacted host and got a very quick reply:
Quote:
The is caused due to the email spoofing. Someone was spoofing your email account and sending mails by adding the mail header so that the appears to have originated from the actual source. By setting SPF record correctly in the DNS zone of the domain, we can almost prevent this.
Here The SPF record was not setup correctly. Now we have made some changes in the SPF record in the DNS zone file "/var/named/domainname.com.db".
------------
v=spf1 a mx ip4:67.21.1.226 ?all -----> v=spf1 a mx ip4:67.21.1.226 ~all
------------
Now I can understand that they have quickly fixed the problem. BUT I need to learn more on what is going on here.
I can understand that email spoofing is that spammer is sending email with header that shows it is my email address (which it is not).
But I dont understand the second part that a DNS record fix it.
What does that DNS line mean,
DNS stuff is really complicated and am lost when it comes to it.
View 8 Replies
ADVERTISEMENT
Apr 16, 2008
I got a bounced back message that I never sent. I was profoundly shocked to discover (through the header info) that the message originated from dotworlds.net; a site that ostensibly is a spoof email service provider.
Should such sites be allowed to exist?
View 2 Replies
View Related
May 4, 2007
Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com>
Received: from nobody by host.mydomain.com with local (Exim 4.63)
(envelope-from <nobody@host.mydomain.com>)
id 1Hju9b-0002y3-TH
for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400
To: lwilder1999@yahoo.com
Subject: Update Your Account Records
From: Wells Fargo Online <online@wellsfargo.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com>
Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
View 6 Replies
View Related
Aug 10, 2008
How do you defend against browser spoofing? From the tutorials shown at [url]. it seems really easy to spoof a firefox useragent.
View 5 Replies
View Related
Nov 8, 2007
I'm concerned about dns spoofing
As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:
- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)
I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.
What steps should I take to best protect my self and my business against these attacks please?
(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.
View 2 Replies
View Related
Apr 29, 2009
I have similar problem that explained [url]
The detail of my problem is below:
Some people sent spoofing mails from our mail users sent to our user from Postfix/local that is listed in maillog like below:
Apr 29 16:57:02 ns1 postfix/local[3075]: EC2153565E3: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=486, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Bu i do not know how to prevent this people not to use my Postfix/local delivery part. How can i prevent this attack?
When i connect to my mail server to sent or receive my mail it look like
Apr 29 17:25:28 ns1 dovecot: pop3-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=***.***.***.***, lip=***.***.***.***
....
Apr 29 17:25:55 ns1 dovecot: POP3(user@mydomain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0....
But the attackers connect directly like below:
Apr 29 17:29:59 ns1 postfix/local[2456]: 3192E357FD9: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=261, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
....
Apr 29 17:29:59 ns1 postfix/qmgr[2218]: 3192E357FD9: removed
How can the spammer connect to Postfix/local part? My mail server not open relay. i test it from internet.
View 2 Replies
View Related
May 28, 2015
I'm having difficulty sending an email to another email address (with a different domain) which is on the same VPS.The trouble is, on the other domain's VPS control panel, within the DNS settings, the MX records have been pointed externally (to an exchange server). Their email is turned off. But bizarrely, their mailbox is full.
It seems as though Plesk is ignoring the MX records, and sending MY email internally to the OTHER domain's mailbox on the same VPS.How do I get Plesk to send my mail to the correct EXTERNAL MX records?
View 4 Replies
View Related
Jul 18, 2009
I had a email address I deleted on my server (postfix on Debian 4), but to my surprise the server still recieves email for the address!
(I have manually tried sending a email to the address and it comes througt).
I have deleted the address from the /etc/postfix/virtual file and restarted postfix.
What could I have forgotten?
View 7 Replies
View Related
Feb 13, 2007
One of my customers asked me if is possible technically to offer free email services.
Since he's going to launch a big portal he want to offer such things later, for all users.
Now, there are problems as:
a) if there is any possibility to compress emails similar with GMAIL or YahooMail or so, because i can't imagine the email is uncompressed
b) how can be handled email boxes over multiple (mail ?) servers if the HDD space needed would be larger than for one server HDD ?
View 1 Replies
View Related
Oct 27, 2009
I am having an email issue and I can not resolve. I am hoping for some assisstance here.
One of my local clients are not able to email each other in their office. (About 10 employess I believe)
They are using Outlook mail client, and using ISP's SMTP server. They are able to send/recieve email to other users externally, but not intenally.
Using webmail works perfectly fine.
I spoke with my host and the said everything is working fine. I checked with the ISP to see if they are blocking the IP address on the SMTP server. They said they were not.
I have a personal account on the same server and tried to send email to another local email account, and it did not work either. Tried to send email to my clients email and they did not recieve anything.
I am on the same ISP as my client, so Im still not sure if its the ISP or not.
View 11 Replies
View Related
May 19, 2007
I setup mail piping with Exim so that e-mails sent to a specific account be forwarded to my PHP script. It's not working properly, because when I send a mail to this account, it's bounced by the mailer daemon:
Code:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
pipe to |/home/user/public_html/support/parse.php
generated by support@mydomain.com
local delivery failed
In my /etc/valiases/domain.com file I have:
Code:
support@mydomain.com: "|/home/user/public_html/support/parse.php"
*: :blackhole:
What can be causing the error?
View 2 Replies
View Related
Mar 11, 2008
On one my servers, I'm receiving hundreds of spam emails that are clogging up the email queue to email addresses that do not exist.
For instance domain.com, I would get
bob@domain.com
liz@domain.com
325235@domain.com
You get the picture. How do I setup my server so that if there isn't an email address setup the email automatically gets deleted instead of trying to attempt to deliver it?
View 3 Replies
View Related
Jun 30, 2007
I have a client who has his own hosting account, and wants to leave his e-mail on his own hosting account, but his website on my hosting account.
On his own hosting he has created a sub domain called shop, and pointed its A record to the IP address of my server. On my server I've setup his domain name, and created the sub domain shop. That all works fine.
The problem I have is that the site under the shop domain needs to send an e-mail to sales@hisdomain.com. Now my server thinks the main domain is setup on my server, so it sends the e-mail to itself.
I'm justing wondering how I can get the server to point the mails back to his hosting?
A previous host I've used said they had to add the domain as a remote domain on the server, then they had to make some changes to /etc/localdomains because I was getting errors trying to send mails to the address.
View 1 Replies
View Related
Dec 11, 2007
A email account can send email, but cannot receive email, why? How do I know the answer why?
View 14 Replies
View Related
Jun 24, 2008
I currently have a domain on Server 1 (Linux, Apache, Ubuntu, Matrix control panel).
This server does not have any spam filter, so I have moved all the email accounts to Server 2 (Linux, Apache, Fedora Core, Plesk) which does have a brilliant spam filter; and have changed the DNS record for mail.domain.com to the IP address for Server 2.
Emails are being successfully received on Server 2.
On Server 1, when an email is sent through SMTP to an address at that domain, it does not send it to Server 2, it gets delivered to the hosting account for the domain on Server 1. So what I am guessing is happening is that Server 1 detects the domain has an account on the server, and instead of looking up the DNS info for that domain, just assumes it is on Server 1.
What I need to do, is force Server 1 to send email for that domain to Server 2. Is this possible, and if so, how can it be achieved? If more info about the server is required for a solution please let me know and I'll provide what I can.
View 5 Replies
View Related
Jul 9, 2009
I have a Windoze box with three ip addresses and running Mailenable Professional as the mail server software. I do not run any DNS, rather I set up the domain to point to my server at the registrar. All of a sudden I'm getting returned mail, "This server requires PTR for unauthenticated connections". When I run the diagnostics on the mail server it says that none of my ip addresses have reverse dns....... I'm confused, what do I need to do at the registar and server level to feel joy again?
View 3 Replies
View Related
Apr 9, 2009
I've searched around on the forums and it's really confusing to choose a host. I was wondering if you could pls recommend me a host...
The system will have about 20 users and each user should have about 4-500mb space for email. FTP will be used fairly often too with file sizes up to a few hundred mb. The website won't take up much space.
View 14 Replies
View Related
Feb 28, 2008
i have a client that has configurated his email in Windows/Outlook and it works perfectly..
the problem is that, when he configurates it from a Mac, he can recieve emails but he cant send..
its the same internet connection..
My question... Is there anything else that he has to configurate in Mac that he doesnt in windows?
View 2 Replies
View Related
Sep 10, 2008
What is more recomended. Using a hosted service such as Google Apps or using the VPS server for email?
View 2 Replies
View Related
Sep 24, 2007
VPS I want to use to send out newsletters to my customers.
For sure, this is no spamming, but I know that some companies out there are sensitive to a lot of emails. Therefore I am looking for a company who will talk to me first if they have any concerns and who will not suspend my account the rambo way ;-)
View 5 Replies
View Related
Dec 16, 2008
We have been using ************ for about 6months now and have had an ok experience on their windows servers.. But recently we have been getting delayed emails, coming in between 5 minutes to 10 hours after an order has been submitted. We have submitted several help tickets. They say what email is having trouble and its all of them, they say we will check on it and then nothing, its sporatic but sometimes its totally unacceptable.
View 4 Replies
View Related
Jul 29, 2008
PROBLEM: Emails sent via BCC end up with the TO: field empty and some servers reject the emails if the TO: field is empty."
Hi folks, I recently moved from a certain provider who had raised their rates twice in one year (and some of you know who I'm talking about). I moved to another provider for my dedicated server, but now have a problem with email I send from my forum. I run a discussion forum and sometimes need to send notices to my members. I use an admin "control panel" in the forum software (similar to THIS forum). I send the emails out via BCC, but there is a place to put a default address, such as "members@myforum.com" . With my previous server, when I would send those out via BCC and the received emails would have the default address in the TO: field. However, since moving to the new server, the emails no longer have the default address and instead the TO: field is blank when people receive the emails. The problem is, some people
s servers require someting in the TO: field or they reject the email.
Assuming this is a server problem (mail server configuration?) does nayone have any ideas what the propblem might be? I'm using the exact same software as I used on the old server where things worked properly.
View 8 Replies
View Related
May 25, 2007
The reply my reseller gave me was as follows........
the domain overseas does not have the correct RFC dns entrys hence our mailserver will NOT accept NOR deliver email to it or accept from it. This may have not been an issue where you previously hosted due to the fact that they most likely used an insecure setup for the mail server. This issue is closed
-------------------------------
My customer can email his customers in china / russia just fine... but when they email him they get bounced back...
I do not understand RFC?
This customer has had different email problems with all of the 3 hosts he has been with. His last host mail worked fine 80% of the time, and he left because their servers were always down...
why mail from bk.ru eavangard.ru and tmag.com.cn and even yahoo.co.in
would be bounced back to the senders?
View 6 Replies
View Related
Jul 13, 2007
I have apache running on my Ded Server with mysql and PHP, but when someone registers they dont get an email. Is there a email system i have to setup? So my website sends emails?
View 14 Replies
View Related