From owner-freebsd-questions@FreeBSD.ORG Sat Jan 6 03:28:54 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8F45A16A403 for ; Sat, 6 Jan 2007 03:28:54 +0000 (UTC) (envelope-from rob@fiberuplink.com) Received: from mail.fiberuplink.com (helix.fiberuplink.com [66.29.73.5]) by mx1.freebsd.org (Postfix) with SMTP id 331E413C441 for ; Sat, 6 Jan 2007 03:28:54 +0000 (UTC) (envelope-from rob@fiberuplink.com) Received: (qmail 63768 invoked by uid 1032); 6 Jan 2007 03:28:50 -0000 Received: from 208.107.101.135 by helix.fiberuplink.com (envelope-from , uid 1032) with qmail-scanner-1.25-st-qms (clamdscan: 0.87/1598. spamassassin: 3.1.0. perlscan: 1.25-st-qms. Clear:RC:0(208.107.101.135):SA:0(-1.5/4.0):. Processed in 3.75296 secs); 06 Jan 2007 03:28:50 -0000 X-Spam-Status: No, hits=-1.5 required=4.0 X-Antivirus-FiberUplink-Mail-From: rob@fiberuplink.com via helix.fiberuplink.com X-Antivirus-FiberUplink: 1.25-st-qms (Clear:RC:0(208.107.101.135):SA:0(-1.5/4.0):. Processed in 3.75296 secs Process 63760) Received: from host-135-101-107-208.midco.net (HELO rob) (rob@fiberuplink.com@208.107.101.135) by mail.fiberuplink.com with SMTP; 6 Jan 2007 03:28:46 -0000 Message-ID: <002301c73142$ce57c690$0a32a8c0@rob> From: "Rob W." To: References: <00bb01c73134$b061fa60$0a32a8c0@rob> <20070105212536.G8738@tbbqjvyy.6qbyyneqvnyhc.pbz> Date: Fri, 5 Jan 2007 21:28:59 -0600 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: Mail being sent from my domain... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 03:28:54 -0000 Ok, and I suppose by chance there is no way to prevent this from happening or a way to stop it huh? ----- Original Message ----- From: "Lars Eighner" To: "Rob W." Cc: Sent: Friday, January 05, 2007 9:25 PM Subject: Re: Mail being sent from my domain... > On Fri, 5 Jan 2007, Rob W. wrote: > >> Is it possible for people to send email out from my domain name and have >> fake users acting as comming from my network? > > Yes, if you have defeated the security features of your mail server either > accidentally or on purpose, but that is not what is happening in this > case. > There appears to be a recurrance (or mutation) of a virus we have seen > before. The mail is not originating on your server. Your domain is being > spoofed by the infected computer(s). The forged mail probably would not > escape detection by a knowledgeable human, but it is good enough to fool > some autoresponders and mail tossers, which is why you get the bounces. > > -- > Lars Eighner > http://www.larseighner.com/index.html > 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 > >