[clue-tech] HELP!! Someone has hijacked my mailserver for spam
David Anselmi
anselmi at anselmi.us
Wed Feb 23 22:03:21 MST 2005
Mike wrote:
> I recently switched to postfix from qmail (i know don't fix it if it's
> not broken)
qmail is plenty broken, depending how you look at it. Not to worry.
> and today I have hundreds of undeliverable emails in my
> inbox that were sent from my account. It looks like to me that someone
> has spoofed my email address. All the emails are from me but there is no
> corresponding log messages for any of th emails.
Check the headers and see how similar they are. Then post a sample and
summarize the variants (you might do the same for message bodies).
"Sent from my account" doesn't mean that much to me. Obviously they
were not sent from your MUA. Were they sent from your MTA (there should
be headers or postfix logs to back that up)? "Spoofed my email address"
doesn't have anything to do (necessarily) with your mail server.
[...]
> What setting am i missing? Is there anything I can do about this? I can
> post the headers of a message later if that will help.
It looks like your config only allows authenticated senders, arguing
against a mail server problem (though I don't run postfix so I could be
missing the obvious).
Dave
More information about the clue-tech
mailing list