Need some help Hijacked Returned domain
steve at INTELIPORT.COM
Tue Feb 3 08:05:40 GMT 2004
We have in recent days been the recipient of spammers using our domain name as a return address. They use all kinds of names etc..
I could really use some assistance in trying to stop this or at least handle the bounce mail better, we are also getting a extreme amount
of mail from null senders logs are filled with from=<> on one of our server we have 20,000 entries in the last 15 hours.
Any hints, comments, ideas on stopping this I just added dnsbl.sorbs.net to sendmail and it's already starting to help (BTW great job Matthew)
are others having this problem also? it seems this started up a couple of days ago after MyDoom hit. Is anyone else having this happen or has
seen this before.
below is an example of the a org message that was returned I left off the information from where it was bounced.
Thanks in advance
Message-ID: <QVMEELMZZSXALGDVYHSPYZ at fidalgo.net>
From: Roseanna Escalante <webmaster at inteliport.com>
To: webmaster at northernbus.com
Subject: FWD: Available All. X at nax , v|agR@ _ \ Va:l:ium = S0ma , Pn:t:er
Date: Wed, 4 Feb 2004 02:23:41 -0500
X-Mailer: Internet Mail Service (5.5.2656.59)
We believe ordering medication should be as simple as ordering anything else
on the Internet: Private, secure, and easy.
On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@
Plus: A'cyc|0vir, Pr0z at .c, P@`xil, Bus:p at r, Ad|p&.x, I0`nam|n, M3ri:dia,
X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t, T'ram at do|,
U|t`r at m, L3:v|tra, Pr0p3ci`a
Most trusted name brands.
Enjoy deep discount meds here <http://www.affordablemeds.biz>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner