sandman
10-11-2005, 09:38 AM
I've got this spammer that is sending emails out using the domain in my sig. I cannot figure out how he is doing it based on the following setup:
- I am currently outsourceing my email to Everyone.net
- The MX is being forwarded to Everyone.net (so it works).
- I still have an email account on the local server so I can get emails from the site software and a contact form that I have setup.
- I only get emails on the server account from an email that is sourced from the server itself (due to the MX redirect).
- All other email dumps into my everyone.net account. Even email that was origianlly sent from the server account and replied to.
- One form of email that goes to my server account is when a user is "watching a topic" but their email is not valid. I get a fail email (For expample).
About 4 days ago a spammer started using the domain under about 4 different email names to send out spam. I found this out as I am getting the bouncebacks from this efforts. What is getting me is that I am getting the bouncebacks on my server account. If somebody was spoofing or setting up an everyone account, it would go to everyone.net email but not the server email.
So.... I was thinking an exploit in the site software. I use phpBB to run pretty much everything. Going through the server logs does not show anything (that I know to look for), There are no server email accounts besides the one that I use in the control panel. Just for fun I checked the accounts that people have setup through the everyone.net service and nothing there.
Right now I am leaning towards a phpBB exploit. I have it all up to date and nothing else out of the ordinary is going on that I know of. Searching around had not found much. As near as it looks to me, somebody is sending the email out from the server itself in some fashion.
Anyway, before I post it up on phpBB.com I was wondering if anybody else has gone through something like this and if there is anything that I am missing or should be looking for.
Thanks!
- I am currently outsourceing my email to Everyone.net
- The MX is being forwarded to Everyone.net (so it works).
- I still have an email account on the local server so I can get emails from the site software and a contact form that I have setup.
- I only get emails on the server account from an email that is sourced from the server itself (due to the MX redirect).
- All other email dumps into my everyone.net account. Even email that was origianlly sent from the server account and replied to.
- One form of email that goes to my server account is when a user is "watching a topic" but their email is not valid. I get a fail email (For expample).
About 4 days ago a spammer started using the domain under about 4 different email names to send out spam. I found this out as I am getting the bouncebacks from this efforts. What is getting me is that I am getting the bouncebacks on my server account. If somebody was spoofing or setting up an everyone account, it would go to everyone.net email but not the server email.
So.... I was thinking an exploit in the site software. I use phpBB to run pretty much everything. Going through the server logs does not show anything (that I know to look for), There are no server email accounts besides the one that I use in the control panel. Just for fun I checked the accounts that people have setup through the everyone.net service and nothing there.
Right now I am leaning towards a phpBB exploit. I have it all up to date and nothing else out of the ordinary is going on that I know of. Searching around had not found much. As near as it looks to me, somebody is sending the email out from the server itself in some fashion.
Anyway, before I post it up on phpBB.com I was wondering if anybody else has gone through something like this and if there is anything that I am missing or should be looking for.
Thanks!