Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Possible compromised mail server?

Options
  • 25-09-2011 4:58pm
    #1
    DaSilva
    Registered Users Posts: 695 ✭✭✭


    Hey all, recently had an odd problem with my web hosting which is also my mail provider.

    One day I sent an email to another address on my same domain, and received a mail delivery failure from my hosting provider telling me my email could not be delivered. What was odd was, the mail did arrive to the single intended recipient, what the mail server was telling me, was that it failed to deliver the email to several addresses that I'm not familiar with (and very spam like). The email addresses where delivery had failed almost all had the format "ad*@aol.com" and a few "ad@random-spammy-investment-related-domain.com".

    That same day there were problems where emails would not be delivered.

    I logged a ticket with my provider and they responded that another customer's box had been compromised and tried to send a large volume of emails which corrupted the mail servers queue, hence my emails not being delivered sometimes, and one email oddly looking like it was sent to the addresses above. I asked how it was possible that a corrupted mail queue would result in email addresses being injected into my sent email, and they said:

    "Most likely cause is that your own address was spoofed via the corrupted mailbox i.e the header of sent mail was modified to appear as though it orginiated from <my email address> and becuase this was originating from our mail server the spam filter was not flagging it as spam. This was then sent out to a number of external email addresses, and some of these bounced back to your address because it looked to the recipient as though your address was the sender, when in fact the mail had originated from the corrupted mailbox."

    Perhaps I don't understand this correctly, but the delivery failed message contained a copy of the original email I had sent. If my address was simply being spoofed, how were the contents identical to the original?

    Am I right to be suspicious? I worry that my email has been siphoned off to some random spammers.


Comments

  • Options
    #2
    FruitLover
    Registered Users Posts: 2,534 ✭✭✭FruitLover


    Weird. I'd get back on to the admins and argue the case that the fact that your email was quoted in the NDR would imply that it wasn't simply someone spoofing your address.

    Do you use webmail or an SMTP client?

    Can you post a copy of the NDR (minus anything that might be sensitive)?


Advertisement