[IMail Forum] Sorry to be a conspiracy theorist.

[Drew Weaver]

I'm noticing some very odd traffic, at first I thought it was Sobig.F but it is not, it is Spam, somehow someone is using 3 of my virtuals (only 3) to send out spam, I've run the abuse.net relay checker on all 3 and they come up clean, I guess all I know is as long as those 3 ip addresses are disabled on the server via just not having them added in the control panel/network/advanced my spool stays at a reasonable level, but as soon as I enable these 3 it quickly grows to 10s of thousands of messages. Whats weird is it really doesn't look like its being sent local, it also doesn't show it coming from a 3rd party.. It usually just says like this::   My relay rules are as follows:   Relay mail for addresses:   That 200.149.172.211 isnt listed there, so how is this mail being relayed through? This really doesn't make any sense.   Below is one of the .smd files in the spool for one of the domains.. the domain is hackmanframes.com. as you can see the message comes in to mail.hackmanframes.com from 200.149.172.211 which isn't yahoo by the way, and then.. uhh somehow? Attempts to deliver the message to [EMAIL PROTECTED], in which case it is undeliverable because I guess that isn't a valid address.   At first I assumed that this user has a mail relay on their end that insecure and smart hosts to my server, my server only accepts mail from users who are AUTH'd, so how can this be?   Something is fishy, advice?   -Drew     --begin spam-   Date:     Mon, 25 Aug 2003 15:39:45 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From:     "Postmaster" <[EMAIL PROTECTED]> Sender:   <[EMAIL PROTECTED]> To:       <[EMAIL PROTECTED]> Subject:  Undeliverable Mail X-Mailer: <SMTP32 v8.02>   undeliverable to [EMAIL PROTECTED]     Original message follows.   Received: from smtp0178.mail.yahoo.com [200.149.172.211] by mail.hackmanframes.com with ESMTP   (SMTPD32-8.02) id AC18C5100AA; Mon, 25 Aug 2003 05:51:20 -0400 Date: Mon, 25 Aug 2003 09:14:35 GMT From: "Wicewiel"<[EMAIL PROTECTED]> X-Priority: 3 To: [EMAIL PROTECTED] Subject: chriserintab, Get your University Diploma Mime-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <[EMAIL PROTECTED]>   To: [EMAIL PROTECTED] <html> <head> <title>University Diploma</title> </head> <body> <p></p> <p align="center" style="text-align:center"><b><span style="font-size:16.0pt; mso-bidi-font-size:18.0pt;font-family:Georgia">U N I V E R S I T Y&nbsp;&nbsp;&nbsp; D E G R E E<span style="mso-spacerun: yes">&nbsp;&nbsp; </span>P R O G R A M <o:p> </o:p> </span></b></p> <p align="center" style="text-align:center"><span style="font-family:&quot;Arial Black&quot;">&nbsp;<o:p> </o:p> </span></p> <p align="center" style="text-align:center"><span style="font-size:16.0pt; font-family:Georgia">Obtain the diploma you deserve based on your present<span style="mso-spacerun: yes"> </span>knowledge and life experience.<o:p> </o:p> </span></p> <p align="center" style="text-align:center"><span style="font-size:16.0pt; font-family:Georgia">A prosperous future, money earning power,<br> and the <span style="color:teal">Admiration</span><span style="color:red"> </span>of all</span><span style="font-size:13.5pt;font-family:Georgia">.</span><span style="font-family:Georgia"><o:p> </o:p> </span></p> <p align="center" style="text-align:center"><span style="font-size:16.0pt; mso-bidi-font-size:14.0pt;font-family:Georgia">Diplomas from established non-accredited schools.<br> <span style="mso-spacerun: yes">&nbsp;</span>Shows like any academic degree exactly<br> <span style="mso-spacerun: yes">&nbsp;</span>what you really can do<o:p> </o:p> </span></p> <p align="center" style="text-align:center"><b><span style="font-size:16.0pt;   [message truncated]