Help requested: getting a lot of reply emails to messages .... - GoFuckYourself.com

NALEM · 09-29-2016, 01:18 PM

... that we never sent.

Hello everyone,

The server admin is on his honeymoon, so I turn to you, to understand where my problem exactly is.

My inbox is being flooded with various emails that "appear" to be replies to messages being sent from our @nalem.com email account, which is hosted on the same server as the domain "abc.com" (which I renamed here) is located.

Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com)

Your insight is greatly appreciated.

# # #

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
(generated from [email protected])
SMTP error from remote mail server after end of data:
host mailin-01.mx.aol.com [64.12.88.132]: 521 5.2.1 :
AOL will not accept delivery of this message.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com)
by svcemlmxl02.netnames.net with esmtp (NBT 4.72 1)
id 1bpZH4-0000up-Oi
for [email protected]; Thu, 29 Sep 2016 12:13:10 +0100
Received: from Ningbo Kangtuo Daily Products CO.,LTD (unknown [47.88.77.240])
by drm32.com (Postfix) with ESMTPSA id 56B146741084
for ; Thu, 29 Sep 2016 04:04:28 -0700 (PDT)
Date: Thu, 29 Sep 2016 19:04:26 +0800
To: [email protected]
From: John Knight
Reply-To: John Knight
Subject: Open vacancy
Message-ID:
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_cff896060fae4d493e3cf8877521ef40"
Content-Transfer-Encoding: 7bit

This is a multi-part message in MIME format.

--b1_cff896060fae4d493e3cf8877521ef40
Content-Type: text/plain; charset=us-ascii

Hey,

I am always searching for new, proven ways to make fast and easy money online.

Here's one that works

--b1_cff896060fae4d493e3cf8877521ef40
Content-Type: text/html; charset=us-ascii

Hey,

I am always searching for new, proven ways to make fast and easy money online.

Here's one that works<br>
</body>
</html>

--b1_cff896060fae4d493e3cf8877521ef40--

TFCash · 09-29-2016, 01:48 PM

really no good way to know 100% without seeing the full real headers, but if they have the actual IP that your domain reverses too, you need to dig into your mail logs and make sure your not sending out spam!!!

1st of all make sure your email server is not open relay. Email Server Test - Online SMTP diagnostics tool - MxToolbox you can plug in your mail servers IP or name and it will check to see if it is open for relay.

2nd if it's not, then dig into your mail server logs and do a search for [email protected] which appears to be the email address that the error was generated for. If it's in your mail log files you have an issue somewhere, could be a script or an open port that is allowing people to funnel mail thru your server.

If it's not in your mail logs, chances are they are just spoofing your email address and there is really nothing that you can do about that

If you do find that that email address was sent mail by your server, my recommendation would be to stop mail services until you can get it fixed! Yes you will loose mail, but the flip side of that coin is, every piece of mail that they send out of your box makes you that much more likely to be blacklisted, then your looking at months of spotty mail service till you can get all the majors to un-blacklist you.

hope this helps!

Barry-xlovecam · 09-29-2016, 02:42 PM

Code:

barry@paragon-DS-7:~$ curl 'https://ipinfo.io/68.119.555.222'
Please provide a valid IP address
barry@paragon-DS-7:~$ host 68.119.555.222
Host 68.119.555.222 not found: 3(NXDOMAIN)

Forged headers ...
I get these all the time and mark them junk

Welcome to the spam box

~Ray · 09-29-2016, 02:43 PM

Yep, mark them as spam and move on

onwebcam · 09-29-2016, 08:50 PM

Someone is likely spoofing your email address. Simply put they are using your email as the reply to. And if your email address is setup as a catch-all for the whole domain then they can spoof any@you and you will do just that, catch all..

NALEM · 09-30-2016, 10:14 AM

Thanks TFCash, Barry, Ray, and OnWebCam for your insight.

For the 8 years +/- that I had this account, very little spam came in. Several days ago I was overwhelmed and was thinking WTF. They mostly shared the same characteristic of appearing to be a "reply" to a message supposedly sent from us. I have been blocking them as they come in, and it has slowed down by about 80%.

A few more days, and this problem will get solved.

Again thanks for the comments.

rowan · 09-30-2016, 08:25 PM

Quote:

Originally Posted by NALEM

Thanks TFCash, Barry, Ray, and OnWebCam for your insight.

For the 8 years +/- that I had this account, very little spam came in. Several days ago I was overwhelmed and was thinking WTF. They mostly shared the same characteristic of appearing to be a "reply" to a message supposedly sent from us. I have been blocking them as they come in, and it has slowed down by about 80%.

A few more days, and this problem will get solved.

Again thanks for the comments.

Problem isn't really solved - you're blocking the bounces at your end (those "replies" are mail servers saying they're rejecting the mail), but tons of people are still being sent spam using your email address as the source. You can't really do much about that, except hope that your email was just a random selection and they'll eventually move on to using something else.

https://en.wikipedia.org/wiki/Joe_job

Jigster715 · 09-30-2016, 11:06 PM

We were getting those too. At first just spoofs but then the server had been hacked and we were being used as a spam server for real. Amerinoc played wack a mole until we left them.

09-29-2016, 01:18 PM	#1
NALEM Confirmed User Industry Role: Join Date: Nov 2010 Location: Where ever Delta flies Posts: 3,125	Help requested: getting a lot of reply emails to messages .... ... that we never sent. Hello everyone, The server admin is on his honeymoon, so I turn to you, to understand where my problem exactly is. My inbox is being flooded with various emails that "appear" to be replies to messages being sent from our @nalem.com email account, which is hosted on the same server as the domain "abc.com" (which I renamed here) is located. Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com) Your insight is greatly appreciated. # # # This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [email protected] (generated from [email protected]) SMTP error from remote mail server after end of data: host mailin-01.mx.aol.com [64.12.88.132]: 521 5.2.1 : AOL will not accept delivery of this message. ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com) by svcemlmxl02.netnames.net with esmtp (NBT 4.72 1) id 1bpZH4-0000up-Oi for [email protected]; Thu, 29 Sep 2016 12:13:10 +0100 Received: from Ningbo Kangtuo Daily Products CO.,LTD (unknown [47.88.77.240]) by drm32.com (Postfix) with ESMTPSA id 56B146741084 for ; Thu, 29 Sep 2016 04:04:28 -0700 (PDT) Date: Thu, 29 Sep 2016 19:04:26 +0800 To: [email protected] From: John Knight Reply-To: John Knight Subject: Open vacancy Message-ID: X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_cff896060fae4d493e3cf8877521ef40" Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. --b1_cff896060fae4d493e3cf8877521ef40 Content-Type: text/plain; charset=us-ascii Hey, I am always searching for new, proven ways to make fast and easy money online. Here's one that works --b1_cff896060fae4d493e3cf8877521ef40 Content-Type: text/html; charset=us-ascii Hey, I am always searching for new, proven ways to make fast and easy money online. Here's one that works<br> </body> </html> --b1_cff896060fae4d493e3cf8877521ef40-- __________________ "The time men spend in trying to impress others they could spend in doing the things by which others would be impressed."

09-29-2016, 01:48 PM	#2
TFCash Confirmed User Industry Role: Join Date: Apr 2001 Posts: 1,723	really no good way to know 100% without seeing the full real headers, but if they have the actual IP that your domain reverses too, you need to dig into your mail logs and make sure your not sending out spam!!! 1st of all make sure your email server is not open relay. Email Server Test - Online SMTP diagnostics tool - MxToolbox you can plug in your mail servers IP or name and it will check to see if it is open for relay. 2nd if it's not, then dig into your mail server logs and do a search for [email protected] which appears to be the email address that the error was generated for. If it's in your mail log files you have an issue somewhere, could be a script or an open port that is allowing people to funnel mail thru your server. If it's not in your mail logs, chances are they are just spoofing your email address and there is really nothing that you can do about that If you do find that that email address was sent mail by your server, my recommendation would be to stop mail services until you can get it fixed! Yes you will loose mail, but the flip side of that coin is, every piece of mail that they send out of your box makes you that much more likely to be blacklisted, then your looking at months of spotty mail service till you can get all the majors to un-blacklist you. hope this helps! __________________ TeenFlood.com Online since 1998. TFCash KissMeGirl VirginRiches MondoBucks tim at tfcash.com or submit a ticket at our HelpDesk

09-29-2016, 02:42 PM	#3
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Code: barry@paragon-DS-7:~$ curl 'https://ipinfo.io/68.119.555.222' Please provide a valid IP address barry@paragon-DS-7:~$ host 68.119.555.222 Host 68.119.555.222 not found: 3(NXDOMAIN) Forged headers ... I get these all the time and mark them junk Welcome to the spam box

09-29-2016, 02:43 PM	#4
~Ray visit hardlinks.org Industry Role: Join Date: Jun 2003 Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime Posts: 18,362	Yep, mark them as spam and move on __________________ Adult Backlinks for Adult Websites - Testimonials Available

09-30-2016, 10:14 AM	#6
NALEM Confirmed User Industry Role: Join Date: Nov 2010 Location: Where ever Delta flies Posts: 3,125	Thanks TFCash, Barry, Ray, and OnWebCam for your insight. For the 8 years +/- that I had this account, very little spam came in. Several days ago I was overwhelmed and was thinking WTF. They mostly shared the same characteristic of appearing to be a "reply" to a message supposedly sent from us. I have been blocking them as they come in, and it has slowed down by about 80%. A few more days, and this problem will get solved. Again thanks for the comments. __________________ "The time men spend in trying to impress others they could spend in doing the things by which others would be impressed."

09-29-2016, 08:50 PM	#5
onwebcam Fake Nick 1.0 Industry Role: Join Date: Oct 2005 Location: Rent free, your head Posts: 26,773	Someone is likely spoofing your email address. Simply put they are using your email as the reply to. And if your email address is setup as a catch-all for the whole domain then they can spoof any@you and you will do just that, catch all..

09-30-2016, 11:06 PM	#8
Jigster715 So Fucking Banned Industry Role: Join Date: Jul 2015 Location: elmer blackwood mansion Posts: 1,459	We were getting those too. At first just spoofs but then the server had been hacked and we were being used as a spam server for real. Amerinoc played wack a mole until we left them.