You are not logged in.
- Topics: Active | Unanswered
#1 2010-09-09 06:14:51
- eDio
- Member
- From: Ukraine, Kyiv
- Registered: 2008-12-02
- Posts: 422
My machine is sending spam intensively (?)
Beginning from yesterday, I've been getting a lot of e-mails (~ 2 messages per hour) like that one
From: MAILER-DAEMON@artsv.net (Mail Delivery System)
To: edio at gmx.us
Subject: Undelivered Mail Returned to Sender
Date: Thu, 9 Sep 2010 07:49:46 +0300 (EEST)This is the mail system at host mail.artsv.net.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.The mail system
<keje@online.ua>: host relay-cluster2.online.ua[77.120.110.134] said: 550 Mass
Spam from 193.239.132.2 detected - host rejected (in reply to RCPT TO
command)
From: рассылки <edio at gmx.us>
To: <keje@online.ua>
Subject: e-mail рассылки 2121
Date: Thu, 9 Sep 2010 06:43:37 +0200
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
Reporting-MTA: dns; mail.artsv.net
X-Postfix-Queue-ID: E7BC11A3828
X-Postfix-Sender: rfc822; edio at gmx.us
Arrival-Date: Thu, 9 Sep 2010 07:20:27 +0300 (EEST)Final-Recipient: rfc822; keje@online.ua
Original-Recipient: rfc822;keje@online.ua
Action: failed
Status: 5.0.0
Remote-MTA: dns; relay-cluster2.online.ua
Diagnostic-Code: smtp; 550 Mass Spam from 193.239.132.2 detected - host
rejected
I have several suspicions
1) I've got a malware and really sending spam. But how could it be, if I can't send e-mails through Outlook. I don't have the one.
2) Someone got my password and sending e-mails throuh my SMTP with outlook.
3) It's just a convoluted scheme for spam sending. As "sended mail" is attached to the message, but the whole message could easily pass spam filters.
What should I do, to check, if I'm sending spam and to stop these unpleasant letters in my inbox?
Thanks in advance.
Offline
#2 2010-09-09 06:25:54
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: My machine is sending spam intensively (?)
<keje@online.ua>: host relay-cluster2.online.ua[77.120.110.134] said: 550 Mass
Spam from 193.239.132.2 detected - host rejected (in reply to RCPT TO
command)
This message is the mail server at online.ua rejecting mail from your ISP (artsv.net) which suggests it's not *your* problem, but your ISP's problem. I'd be guessing someone is spoofing your e-mail address, which means when these bounces happen, they get sent back to you.
From: рассылки <edio at gmx.us>
To: <keje@online.ua>
Subject: e-mail рассылки 2121
Date: Thu, 9 Sep 2010 06:43:37 +0200
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
The "X-Mailer" header can be very easily forged/faked. Don't let it distract you. Do you even have any Windows machines? Or is SSH on your Linux machine(s) exposed to the internet?
Last edited by fukawi2 (2010-09-09 06:26:17)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#3 2010-09-09 06:33:13
- eDio
- Member
- From: Ukraine, Kyiv
- Registered: 2008-12-02
- Posts: 422
Re: My machine is sending spam intensively (?)
I have Windows 7 as the second OS.
But I have antivirus, I'm not so dumb to click every banner (also under linux), last time I've boot to Windows was several days ago after accidentaly chosing it in grub. So I've boot only to login screen and then rebooted to arch again.
Also Windows 7 have no Outlook Express too.
And I don't use SSH. I'm the only and strictly local user of my machine.
But I have no iptables, so my machine is likely unprotected. Isn't it?
Offline
#4 2010-09-09 11:23:26
- sagattarii
- Member
- Registered: 2008-11-10
- Posts: 19
Re: My machine is sending spam intensively (?)
No, you don't need iptables on a local machine with no server daemons running. As far as I can read it from your comments your are using your PC as a desktop system and you don't have any services running that are exposed to the www (especially if you sit behind a router). If you have no services running, all your ports are closed. You can check for services that you don't have installed via top or ps but if you have no such services or mailserver running you can not send spam. Probably the spammer is using random email addresses (collected anywhere in the web) as return address to trick some bad spamfilter. If you still worried you can post the full header of the emails you received but remember email is not save, you can fake almost all the information in it!
Edit: Look for services and task running that you don't have installed and check your internet traffic with tools like "vnstat" to see if you are generating mass traffic without using your connection.
Last edited by sagattarii (2010-09-09 11:25:27)
Offline
#5 2010-09-09 12:06:27
- eDio
- Member
- From: Ukraine, Kyiv
- Registered: 2008-12-02
- Posts: 422
Re: My machine is sending spam intensively (?)
I do have one service, that exposes my machine — ddclient for DynDNS. And I'm behind NAT. It had been running from times, when there was an ftp server on my machine.
Thank you for suggesting me vnstat. I will check traffic with it.
Seems like mails aren't coming now. And I saw fresh topic on gmx forum about spammers are using gmx mailboxes as "reply-to".
Anyway, I'll check traffic. For peace of mind 
Thank you.
Offline