On 30/3/23 16:30, Julian Gilbey wrote:
I'm getting a significant number of spam messages being sent to my MTA (exim) for the address FRPJXbKeKuek at sport.qc.ca, and now I'm starting to see some sent to www-data at aether.toine.be. What is disturbing is that the machine is on a local network, and my internet-facing router does not forward anything to this machine. So I presume that these mails are originating from the machine itself.
The first problem I see is you have just published the internal DNS name of a machine in your local network.
bots will at this moment be scouring this mailing list and recording the internal dns name.
More intelligent bots will be able to pair your email address and server and the internal dns name and make a guess your internal server has a user www-data that can receive emails.
Hence you get emails to your public email server addressed to your internal server.
in 99.99% of the cases that won't be a problem. But in a small number of cases it will be.
-- Jeremy (Lists)
