E-mail Question

Shamu · August 30, 2011

Not about FPS but thought someone might know about this crap.

How does someone send e-mail from your address to your customers with a bogus link that takes you to a Canadian drug house marketing Viagra and Cialis and other stuff.

I got two e-mails from my boss, sender address correct, that he did not send. Each time the link was named differently but each went to the same drug house. Included in the addresses along with me were several of our customers.

This is not a good thing.

How do they steal and send from your e-mail?

How can you prevent it?

Thanks.

hxtr · August 30, 2011

Shamu - E-mail Question

Not about FPS but thought someone might know about this crap.

How does someone send e-mail from your address to your customers with a bogus link that takes you to a Canadian drug house marketing Viagra and Cialis and other stuff.

I got two e-mails from my boss, sender address correct, that he did not send. Each time the link was named differently but each went to the same drug house. Included in the addresses along with me were several of our customers.

This is not a good thing.

How do they steal and send from your e-mail?

How can you prevent it?

Thanks.

I used to send email to friends as [email protected]. Used to freak them out.

Unless some software that verifies the DNS to the host IP/MX record you can send an email to anyone you want as anyone you want. Email is so simple. A sever has to announce who they are when they connect. You can Telnet to port 25 and talk to any email server. I used to send email that way and here is an example of how it would look.

S=Server

C=Client

C: HELO relay.example.orgC: MAIL FROM:<[email protected]>C: RCPT TO:<[email protected]>C: RCPT TO:<[email protected]>C: DATAC: From: "Bob Example" <[email protected]>C: To: "Alice Example" <[email protected]>C: Cc: [email protected]: Date: Tue, 15 Jan 2008 16:02:43 -0500C: Subject: Test messageC:C: Hello Alice.C: This is a test message with 5 header fields and 4 lines in the message body.C: Your friend,C: BobC: .C: QUIT{The server closes the connection}

RD · August 30, 2011

Yep.....what he said ^^^^^^

Hunter1948 · August 30, 2011

I used to get them from people I knew and they had hot mail address's . I ask them about it and they knew nothing about it. I blocked them untill they got new email address's. So someone is using your boss's email or one of your customers but sounds like your boss's email address is being used.

hxtr · August 30, 2011

Prevention?!?!?... Spam Filter by Barracuda. Very expensive but if a huge problem... worth every penny. I love that box and swear by it. And you can fly me down and I will set it up for you. hahahaha

Other SPAM filter software available but all depends on what you have... probably Exchange right?

I'm losing so much specific IT knowledge being out of computers. Really sucks.

Shamu · August 30, 2011

hxtr

Prevention?!?!?... Spam Filter by Barracuda. Very expensive but if a huge problem... worth every penny. I love that box and swear by it. And you can fly me down and I will set it up for you. hahahaha

Other SPAM filter software available but all depends on what you have... probably Exchange right?

I'm losing so much specific IT knowledge being out of computers. Really sucks.

Not sure about a spam filter because the address being used to send is my bosses e-mail address. Can't really block that for legitimate e-mails that are received daily.

It's just someone or something sending bogus e-mails from his address.

Masterlixx · August 30, 2011

There are a couple of ways they got your bosses email. he could have used it to sign up on a porn site or any type of site that would nto be a good site to sign up on. Or your boss signed up for soemthing using his email and their databse got stolen or they sold it. It canalso happend if it was a hotmail.. he may have accepted a freind and it was really a bot that pilfored his contact list. he could also have a virus that simply emails all his contacts to someone and they use his email to get to his contacts.. they try and get all his contacts to accept the virus and then do the same process. If they actually are using his email and not just spoofing it then he can change his password and that keeps them from sending on his smtp server asd in a hotmail or gmail server, and also if its a company server as well. but they can still make it look like his email from elswhere.. but when you look at the header its differnt information..

hxtr · August 30, 2011

Shamu

hxtr

Prevention?!?!?... Spam Filter by Barracuda. Very expensive but if a huge problem... worth every penny. I love that box and swear by it. And you can fly me down and I will set it up for you. hahahaha

Other SPAM filter software available but all depends on what you have... probably Exchange right?

I'm losing so much specific IT knowledge being out of computers. Really sucks.

Not sure about a spam filter because the address being used to send is my bosses e-mail address. Can't really block that for legitimate e-mails that are received daily.

It's just someone or something sending bogus e-mails from his address.

It's a spoof Shamu..... they are using your bosses email to send to him. Not a hard thing if your mail server does not check the MX to IP. Your mail sever just lets it pass as normal. I used to get lots of them in Yahoo... emails from me. a spam filter will verify the sender is who it's suppose to be. Maybe it's built into exchange now depending on what version but if not you can get a spam software depending on your hardware makeup. I don't know what you have but if you get info for me I can guide you. Done this many times.

This rules out he does not have spyware.. them things can do the same thing at times. Sure that was checked though.

This also rules out it is not internal.. users can do lots of stupid shit. But you can find out if that is the case through logs.

I need.. hardware type - know what I am dealing with... Dell, HP, IBM, Clone, Other

cpu type- can it handle the load

hard disk space- do you have enough

memory- do you have enough

Exchange type/version and patch level or other server type

How many users/mail boxes do you have- for clients and so forth.. a cost thing depending on licensing

Plus Exchange config- single server, muti server, any remote servers - and how many MX/Domains do you have, and some config files probably will be needed

do you host the MX record/DNS or does your ISP

Is email passed from another server.. like for your ISP or a mail host.. A mail host can also get you some spam protection if you have a Email Host that acts as a forwarder and they filter the spam for you. Probably the most effective in cost.

Some Exchange logs- that helps to see what you got

network design- where is the server located... dmz or behind a firewall. You will have to have a port open 25 to communicate to another server you vulnerability as any port open to the DMZ is always at risk.. The barracude has a leg inside and outside on DMZ which add lots of security

Do you have an IT person- would be a good question

That will get me started.... if you want this type of help just let me know. If not gives you guys something to think about.

hxtr · August 30, 2011

Masterlixx

There are a couple of ways they got your bosses email. he could have used it to sign up on a porn site or any type of site that would nto be a good site to sign up on. Or your boss signed up for soemthing using his email and their databse got stolen or they sold it. It canalso happend if it was a hotmail.. he may have accepted a freind and it was really a bot that pilfored his contact list. he could also have a virus that simply emails all his contacts to someone and they use his email to get to his contacts.. they try and get all his contacts to accept the virus and then do the same process. If they actually are using his email and not just spoofing it then he can change his password and that keeps them from sending on his smtp server asd in a hotmail or gmail server, and also if its a company server as well. but they can still make it look like his email from elswhere.. but when you look at the header its differnt information..

all good points.......

Sign In

E-mail Question

Recommended Posts

Shamu

hxtr

RD

Hunter1948

hxtr

Shamu

Masterlixx

hxtr

hxtr

Community

Activity

Members

Members Shop

Important Information