Topic: Has someone Hacked my e-smith box?

[Jim Darrough]

Recently I started getting "MAIL DELIVERY ERROR" messages from AOL. These messages cite improper addressees at AOL, and return the messages to jed@clipper.net, which is the account I use to pick up my emails from the ISP. I am on a dialup by the way.
Is it possible someone has "hacked" my system and is sending advertising out? I cannot find anything in the mail logs, but I am not an expert.

Suggestions on where to look?

Thanks, Jim

[Meert]

Someone could have just used your email address as reply-to-address in his outgoing email.
E-smith doesn't allow smtp relaying by default, so unless you changed that, it shouldn't be possible touse your e-smith box.
You might want to check the headers of the returned mails. See if you can identify the ISP or SMTP server that sent the original message.

[Paul Nesbit]

If ever you are concerned that the security of your server may have been compromised please send an e-mail to security@e-smith.com.   Please don't post security concerns to public bulletin boards.

Thanks,

Paul

[David Hardy]

I've had similar experiences - heres how the bastards do it!

1. They send you spam but 'cleverly' set your address as the reply address as well as a bcc. They don't set you as a to: or cc: so your address only show up in the reply field.

2. You ESmith collects your mail by Multidrop and processes all the downloaded email.

3. The delivery address is invalid, so your ESmith helpfully returns the mail to the sender.

4. Which is you.

So you get the spam and you don't know where it came from unless you look carefully through the headers. The Spam Bastard's headers are not found in the normal place, as the email has been through your server twice before you get it as a failed bounce message.

It also means that things like SpamArrestor get fooled as these work by verifying your from credentials - so email from you will always get to you.

Fiendishly clever those damn Spam Bastards. They should all be shot.