I have an easyjet account, with a unique mail alias "easyjet@mydomain.tld", including a jetstrap account for making bootstrap sites with the same setup for the mail.
This means that I ONLY use those mail aliases on those sites (I have a very special system, with one email per account I create on any site, thus I have loads of addresses on my server).
Anyway, so yesterday and today I got spam with attached malware on the two addresses mentioned above.
And I'm trying to figure out why.
I have not ruled out the possibility of my server being hacked, but since I've only receieved spam on two addresses thus far, I see that as unlikely.
I have contacted easyjer and jetstrap about this, and so far I've only gotten a reply from easyjet, with a super idiotic reply that only really tells me that they have no idea what they are talking about.
What I wonder now, is if other Suck-o members have easyjet or jetstrap accounts, and have gotten spam in the recent days that can be connected to this?
Getting spam on certain accounts
Getting spam on certain accounts
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Getting spam on certain accounts
hm, I have no accounts there, but have you checked your server logs for incoming mail attempts that might point to a wordlist for example? also have you checked the mail headers, just to make sure the mails were really for those addresses and your mail server is not badly configured and treats accounts like catchall addresses (for example)?
I get spammed on one of my accounts too, which is pretty strange because it's a business account which isn't displayed anywhere in public, and all spam is russian one....
I get spammed on one of my accounts too, which is pretty strange because it's a business account which isn't displayed anywhere in public, and all spam is russian one....
Re: Getting spam on certain accounts
Yeah the headers have been checked and they are sent to those addresses specifically, and I would never use catch all, not anymore at least xDbad_brain wrote:hm, I have no accounts there, but have you checked your server logs for incoming mail attempts that might point to a wordlist for example? also have you checked the mail headers, just to make sure the mails were really for those addresses and your mail server is not badly configured and treats accounts like catchall addresses (for example)?
I get spammed on one of my accounts too, which is pretty strange because it's a business account which isn't displayed anywhere in public, and all spam is russian one....
Will check the logs though, good idea!
"The best place to hide a tree, is in a forest"
Re: Getting spam on certain accounts
Logs doesn't indicate anything of interest really.
Only emails that have been recieved are for those addresses.
Only emails that have been recieved are for those addresses.
Code: Select all
Nov 26 14:00:57 mai postfix/smtpd[3268]: connect from 125-230-210-168.dynamic.hinet.net[125.230.210.168]
Nov 26 14:00:59 mai postfix/smtpd[3268]: XXXXXXXXX: client=125-230-210-168.dynamic.hinet.net[125.230.210.168]
Nov 26 14:01:00 mai postfix/cleanup[3272]: XXXXXXXXX: message-id=<XXXXXXX.XXXXXXXXX@bordmanjzfi.uaaghmvjoscsfmp.ru>
Nov 26 14:01:01 mai postfix/qmgr[2483]: XXXXXXXXX: from=<office@autokreditbank.ru>, size=98409, nrcpt=1 (queue active)
Nov 26 14:01:01 mai postfix/virtual[3273]: XXXXXXXXX: to=<mainaccount@mydomain.se>, orig_to=<easyjet@mydomain.se>, relay=virtual, delay=2.7, delays=2.7/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Nov 26 14:01:01 mai postfix/qmgr[2483]: XXXXXXXXX: removed
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Getting spam on certain accounts
ahh...good ol' hinet.
wouldn't worry about being compromised, the whole hinet IP range is one big spamhole, best is to either block the whole ranges completely by route reject because nothing good ever came from there anyway, or to use postgrey.
how they got your mail addresses is of course hard to say, it's possible they used a wordlist and fired out mails to whole IP ranges (that's what they usually do, and that's also why greylisting works so well against them), another option might be your mail address was in the database of a pwnd site or an infected private computer....good idea would be to see if google comes up with a result for the addresses.
wouldn't worry about being compromised, the whole hinet IP range is one big spamhole, best is to either block the whole ranges completely by route reject because nothing good ever came from there anyway, or to use postgrey.
how they got your mail addresses is of course hard to say, it's possible they used a wordlist and fired out mails to whole IP ranges (that's what they usually do, and that's also why greylisting works so well against them), another option might be your mail address was in the database of a pwnd site or an infected private computer....good idea would be to see if google comes up with a result for the addresses.
Re: Getting spam on certain accounts
Yeah did some searching, but nothing comes up (yet).bad_brain wrote:ahh...good ol' hinet.
wouldn't worry about being compromised, the whole hinet IP range is one big spamhole, best is to either block the whole ranges completely by route reject because nothing good ever came from there anyway, or to use postgrey.
how they got your mail addresses is of course hard to say, it's possible they used a wordlist and fired out mails to whole IP ranges (that's what they usually do, and that's also why greylisting works so well against them), another option might be your mail address was in the database of a pwnd site or an infected private computer....good idea would be to see if google comes up with a result for the addresses.
Will keep an eye out though, and bomb/spam the easyjet and jestrap support a bit until they can give a more professional answer ^^
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Getting spam on certain accounts
well, it's almost christmas time, miracles happen then...cats wrote:until they can give a more professional answer ^^