[support] Hi-Jacked Email Identity (possibly OT?)

Earl Miles merlin at logrus.com
Wed Dec 7 17:40:40 UTC 2005 

The first thing you need to do is examine the mail headers and possibly your 
mail logs, and see if the messages are coming internally or externally. If 
you're running older software or have not secured your software properly, you 
might simply have left an open relay and then just about any joker could do it.

 From your message it may also be possible that people are just using your 
domain and not using your server at all. If that's actually happening there is 
little you can do about it. It's very easy to forge a domain. But generally that 
doesn't get domains black-listed.

The next possibility is that hack has been installed on your machine through 
some vulnerability or other, and that you could disable Drupal entirely and 
still have this problem. Those can be difficult to find; I recommend google 
searching on the topic for tools and ideas on how to track that sort of thing down.

Gunther Herzog wrote:
> Hello,
> 
>   I wonder if anyone else has experienced the
>   following phenomenon, and whether or not it is
>   Drupal-related, and might possibly have an idea
>   as to the next course of action to take...
> 
>   The following did not occur until AFTER I
>   started using Drupal (a few months ago), though
>   I have had my site and domain name for several
>   years.
> 
>   Essentially, what I keep getting on a
>   more-than-daily basis is emails with
> 
>   SUBJ: Delivery Status (failure)
>   FROM: postmaster@
> 
>   Following the @ would be the domain of NUMEROUS
>   domains that were hit, with attempted delivery
>   to hundreds of email addressees. And that's just
>   the bogus ones--who knows what actually got
>   through.
> 
>   My domain is now being filtered by MSN's
>   anti-spam and who knows how many others. I am
>   angry enough to offer any interested lawyer 100%
>   of the awarded fines in return for assistance in
>   tracking these people down and filing a
>   lawsuit.
> 
>   As to Drupal... at first I thought it might be
>   that one of the add-on modules I'd installed was
>   insecure. Before diving into the code, I simply
>   disabled Email-This-Page module and Subscribe
>   module. And the problem still persists. My next
>   idea would be to pull down the entire site and
>   put up a simple "Down for Maintenance" page and
>   see if the problem persists.
> 
>   Any ideas, folks?
> 
>   PS if you feel this is too off-topic and not
>   Drupal related, go ahead and email me privately
>   instead.
>

More information about the support mailing list