From owner-freebsd-questions@FreeBSD.ORG Sat Jan 6 03:45:12 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B406816A4D0 for ; Sat, 6 Jan 2007 03:45:12 +0000 (UTC) (envelope-from larse@larseighner.com) Received: from mail.team1internet.com (216-110-13-10.static.twtelecom.net [216.110.13.10]) by mx1.freebsd.org (Postfix) with ESMTP id 8154213C45D for ; Sat, 6 Jan 2007 03:45:07 +0000 (UTC) (envelope-from larse@larseighner.com) Received: by mail.team1internet.com (Postfix, from userid 12346) id C0BE716B4EE; Fri, 5 Jan 2007 21:23:09 -0600 (CST) Received: from larseighner.com (unknown [216.110.13.101]) by mail.team1internet.com (Postfix) with SMTP id 2405116B4AB; Fri, 5 Jan 2007 21:23:08 -0600 (CST) Received: by larseighner.com (nbSMTP-1.00) for uid 1003 larse@larseighner.com; Fri, 5 Jan 2007 21:25:45 -0600 (CST) Date: Fri, 5 Jan 2007 21:25:44 -0600 (CST) From: Lars Eighner X-X-Sender: larse@goodwill.6dollardialup.com To: "Rob W." In-Reply-To: <00bb01c73134$b061fa60$0a32a8c0@rob> Message-ID: <20070105212536.G8738@tbbqjvyy.6qbyyneqvnyhc.pbz> References: <00bb01c73134$b061fa60$0a32a8c0@rob> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Sanitizer: Anomy and SpamAssassin mail filter - see http://www.6dollardialup.com/support/spaminfo.html X-Spam-Status: No, hits=-3.4 required=6.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,OACYS_SINGLE,QUOTED_EMAIL_TEXT, REFERENCES,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_01_02 version=2.43 X-Spam-Level: Cc: freebsd-questions@freebsd.org Subject: Re: Mail being sent from my domain... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 03:45:12 -0000 On Fri, 5 Jan 2007, Rob W. wrote: > Is it possible for people to send email out from my domain name and have > fake users acting as comming from my network? Yes, if you have defeated the security features of your mail server either accidentally or on purpose, but that is not what is happening in this case. There appears to be a recurrance (or mutation) of a virus we have seen before. The mail is not originating on your server. Your domain is being spoofed by the infected computer(s). The forged mail probably would not escape detection by a knowledgeable human, but it is good enough to fool some autoresponders and mail tossers, which is why you get the bounces. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266