Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Is someone trying to take my mailserver?

Feb 11, 2004 1:16AM PST

Hi all,

Sometimes I soooo don't get it!

For about the 4th time now, I've gotten an email notice for a failed mail delivery, and it looks like it's from my mail server but it's in German, English and French, and always the failed message is to "someone" @prd-foods.com. I'm not sending any mail to prd-foods.com, and I'm wondering if this is something I need to be concerned about? I'd hate for someone to be using my server or addy to be sending junk. How can I tell?

Thanks in advance!
Cindi

Discussion is locked

- Collapse -
Cindi, you've got one of the recent viruses on your machine.
Feb 11, 2004 1:43AM PST

It's propagating by using your machine to send mail, or its using your machine to send spam. You need to install a good anti-virus program, and, probably, a firewall. Assuming you're using Windows, check the Microsoft Site for more information. Also, check WWW.SYMANTEC.COM. Once there, click the Security Response button. Towards the bottom, in the middle, and under removal tools, click on the blue label which says 'Check for Security Risks'. Your machine will be scanned online for viruses, trojans, etc.

- Collapse -
Not necessarily, do not be unduly alarmed.
Feb 11, 2004 3:53AM PST

Anyone who has her email address in their address book could be infected, and interestingly enough one time when it was happening to me, it turned out a spammer that had me on his list was the one infected. It revealed to me who the spammer really was, without a spoofed IP, and I contacted him, which embarassed him to no end, he got very nasty with me, but I've not gotten any spam from him again. Sometimes a virus, especially on the machine of a spammer, can be our friend.

- Collapse -
Re: Not necessarily, do not be unduly alarmed.
Feb 11, 2004 4:14AM PST

Hi, James.

I agree with your header, but most of the recent viruses spoof the sender's name/addy to make things even more difficult. They'll choose one name from the address book on the infected computer (usually at random but sometimes by rule) and use it as the spoofed sender of the virus to everyone else in the address book.

-- Dave K.
Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
You're right. I forgot about that modus operandi. (NT)
Feb 11, 2004 5:05AM PST

.

- Collapse -
Re:Is someone trying to take my mailserver?
Feb 11, 2004 1:49AM PST

Hi Cindi,

If your host runs FormMail.pl (a cgi script) it can be used with your site's server's sendmail to allow others to send mail from your account. Check into that IF the return is to YOUR domain. (If you have your own cgi-bin edit the formmail.pl with only appropriate referrers.)

If this is happening with your ISP's email then it is most likely that someone is attempting to spoof the system and unresolved addresses are being bounced back at you as the account holder. That is something your ISP would have to attent to configuring to disallow.

Check with your ISP and provide them with copies of the mail INCLUDING all header info.

- Collapse -
Re:Re:Is someone trying to take my mailserver?
Feb 11, 2004 4:53AM PST

I've done the antivirus check and I'm coming out clean, since these started. I'm using PocoMail, so it's unlikely that any MS virus would be an issue. I'm also behind a router, so access to my computer would be minimal. This does leave my domain mailserver, huh. I don't see anywhere that FormMail.pl exists, but I really don't know what I'm doing here.

Ed, can I send you the email text with headers so you can see if I need to contact AffordableHost?

Cindi

- Collapse -
(NT) Sure you can.
Feb 11, 2004 4:56AM PST
- Collapse -
NT Thanks, on it's way.
Feb 11, 2004 5:13AM PST

.

- Collapse -
It's a common practice now for....
Feb 11, 2004 8:26AM PST

spammers to use addresses from their mail lists as the reply to address on the spam they send. When the spam bounces it bounces back to the forged address instead of the spammer Sad I see it more with people that have had the same address for a long time like myself. My main address is probably about 8 years old now and I'm getting more and more of the same thing you're seeing. I just flag it as junk mail and move on. Short of changing addresses there's not much you can do to stop it.

- Collapse -
I had this experience once and it's like Clay says ....
Feb 11, 2004 11:15AM PST

.
your address was used by the spammer as the 'reply to' address.

In my case the spam that was sent out was a virus! In fact the spammer was a virus. I was pretty sure I knew who's computer it was coming from but she insisted that her computer was NOT infected and nothing I could say would change her mind. She had NO virus checker on her computer and she refused to install one!

At any rate I got about 12 to 14 of these "returns" at a time, sometimes twice a day, for about two or three days. Once the virus played out it stopped but at the time it was really tying up my PC because the email was rather large and apparently the lady had a lot of bad addresses in her address book and those were all being returned to me. Maybe some were coming from other computers that became infected on down the line.

I even got a few emails from people saying I had sent them a virus! I didn't know any of these people. After answering one of them I realized there was no point in telling them it really wasn't from me but from a virus infecting someone else's computer. Altho true, it sounded stupid even to me.

- Collapse -
(NT) Message has been deleted.
Feb 11, 2004 1:16PM PST
- Collapse -
Re: Dupe deleted. (NT)
Feb 11, 2004 9:06PM PST

.

- Collapse -
Thanks, everyone.
Feb 13, 2004 1:36AM PST

I've sent the info to my hosting company, in case they want to do any investigating. Otherwise, it seems as though it's only a nuisance, and not much more.

Appreciate all the responses, and thank you, Ed. Happy

Cindi