Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Mail Spoofing

  • 13-01-2010 12:06pm
    #1
    traco
    Registered Users, Registered Users 2 Posts: 1,707 ✭✭✭


    Anyone have any ideas about how to prevent "mail spoofing" - think thats the term.

    Basically mails seem to be being sent from random email address using our madeup @ company .ie address however when you check the return path in teh header it could be soe company in China or ecuador - two of todays mails for example. I don't think any of our accounts or PC's have been compromised but my service provider is looking into the headers to determine if possible where they originated.

    The issue is that we are now starting to appear on some blacklists - these seem to be more basic ones that just tag the @company.ie domain rather than digging deeper.

    Any advice appreciated on what we could do to prevent this or reduce exposure.


Comments

  • #2
    FusionNet
    Closed Accounts Posts: 695 ✭✭✭FusionNet


    Can I ask how you can be so confident your system has not been comprimised???? Have you a very tight security procedure in place with in house techs or do you rely on outside contractors? Also I presume you host your email with a company or again is that in house? I know for example that one host had a lot of its sites hacked recently.


  • #3
    traco
    Registered Users, Registered Users 2 Posts: 1,707 ✭✭✭traco


    I didn't say I was confident we hadn't been attacked or our security was compromised. It is a possibility and we have up to date virus, spyware etc but are running scans on all machines at the moment. At the moment though it seems like these mails are originating elswhere but our domains are being used. buut I am willing to listen to any advice.

    Email servers are hosted externally along with our sites, we have external contractors for support as we could not afford our own IT department. We will be 10 years running this year and thankfully we have been secure but our luck could have run out

    Here is an example of a header - our isp info removed as they have been excellent to date and I see no need to pulicize any details here concerning them. Spaces added to break links or numbers that might identify our isp altered

    Return-Path: <swaggeringlf @ smtp3. accelmail.com>
    X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
    our .host .com
    X-Spam-Level:
    X-Spam-Status: No, score=-94.5 required=3.0 tests=HTML_MESSAGE,J_CHICKENPOX_72,
    RDNS_NONE,URIBL_BLACK,URIBL_SBL,USER_IN_WHITELIST,XMAILER_MIMEOLE_OL_4B815
    autolearn=disabled version=3.2.4
    X-Original-To: me @ mycompany.ie
    Received: from localhost (localhost [999.9.9.9])
    by our .host .com (Postfix) with ESMTP id ********;
    Wed, 13 Jan 2010 12:13:37 +0000 (GMT)
    X-Virus-Scanned: amavisd-new at our .host .com
    Received: from 18970102189. user. veloxzone. com. br (unknown [189. 70. 72.221])
    by our .host .com (Postfix) with ESMTP id *********;
    Wed, 13 Jan 2010 12:13:35 +0000 (GMT)
    Received: from 189.70.72.221 by smtp3. accelmail. com; Wed, 13 Jan 2010 10:13:31 -0300
    Message-ID: <000d01ca9449$d24b3cb0$6400a8c0 @ swaggeringlf>
    From: "you @ mycompany.ie" <you @ mycompany.ie>
    To: <me @ mycompany.ie>
    Subject: A new settings file for the me @ mycompany.ie has just been released
    Date: Wed, 13 Jan 2010 10:13:31 -0300
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0007_01CA9449.D24B3CB0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 4.71.2730.2
    X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2


  • #4
    FusionNet
    Closed Accounts Posts: 695 ✭✭✭FusionNet


    Sorry Traco but this line " don't think any of our accounts or PC's have been compromised but my service provider is looking into the headers to determine if possible where they originated" gave me the feeling you thought your in house was solid.

    If its ok Ill pass your post info on to the security specialist I work with in ITG, he might shed some light on it.


  • #5
    FusionNet
    Closed Accounts Posts: 695 ✭✭✭FusionNet


    Right I talked to the other arm of the business and he gave me a very indepth answer, possible secuirty issues and also the fixes to this problem. In a nutshell you do not need to autheniticate SMTP outgoing mail for it to work. So for example I can send you a mail right now from Eoghan@yourbusinness.com and it will probably get to you. The mailserver be it onsite or external or both needs to be set up in a different way to the existing set up. These changes and fixes will also result in your email being unblacklisted with about 2 weeks from Spam cathers. Let me know if you need help with this and we can advise you in depth as to what needs to be done.


Advertisement