Ahh, that's the 32 bit ODBC manager. Basically, on a 64 bit machine, you can have 64 bit and 32 bit ODBC drivers installed. The normal place to look for the drivers is in the 32 bit version, but the actual ODBC applet that runs is the 64 bit one. This is why I have a shortcut to odbcad32 on my desktop.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
Can someone help me to interpret what's going on here?
My Junk Mail folder is filling up rapidly with email rejection notices. This has been going on sporadically for a couple of weeks, with a flurry of several hundred such messages, then a trickle, then none for a day or two before it starts again. A typical message is:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mail server after end of data:
host mta5.am0.yahoodns.net [184.108.40.206]: 554 Message not allowed - 
------ This is a copy of the message's headers. ------
Received: from bosmailscan10.eigbox.net ([10.20.15.10])
by bosmailout03.eigbox.net with esmtp (Exim)
for email@example.com; Fri, 06 Apr 2012 01:19:38 -0400
Received: from bosimpout01.eigbox.net ([10.20.55.1])
by bosmailscan10.eigbox.net with esmtp (Exim)
for firstname.lastname@example.org; Fri, 06 Apr 2012 01:19:37 -0400
Received: from bosauthsmtp01.eigbox.net ([10.20.18.1])
by bosimpout01.eigbox.net with NO UCE
id uVKd1i00301P9Sa01VKddX; Fri, 06 Apr 2012 01:19:37 -0400
X-Authority-Analysis: v=2.0 cv=eq1oOPVX c=1 sm=1
a=z5zA2GEyXHX4FYSAKYr2NA==:17 a=7UmD-tR_JRgA:10 a=VG0OwtqChsEA:10
a=8AlaD7fTCjEA:10 a=8nJEP1OIZ-IA:10 a=Sh_hsHRGdUoA:10 a=qrrI46oVAAAA:8
a=IIUmFY3D8pfpmdMjRkQA:9 a=gBDzBF7yGH2_iO3muJQA:7 a=wPNLvfGTeEIA:10
a=NTIIGRmZMWAA:10 a=P3BRNhQXk_0A:10 a=gYNu_iXhhMS5DrdM:21
Received: from 220.127.116.11.dynamic.mundo-r.com ([18.104.22.168] helo=Servidor)
by bosauthsmtp01.eigbox.net with esmtpsa (TLSv1:RC4-MD5:128)
for email@example.com; Fri, 06 Apr 2012 01:19:37 -0400
Date: Fri, 06 Apr 2012 07:19:33 +0200
X-Priority: 3 (Normal)
X-Mailer: The Bat! (v2.00.3) Personal
Subject: eyes," is caused now."Astute build raised its Carvers' to Lord idea or tell "Someone cried, "But ritual emptiness marring the foolish of this endless uncles,
The only constant is the reference to "bosxxxxxxx.eigbox.net" in the middle portion of the message header. Everything else in the message changes at random, and the IP addresses associated with my email address don't match anything I've ever used. What is doing this, and which server is compromised? Should I notify the admin for the eigbox.net domain that this is going on, or is that being spoofed, too?
My concern here is that some of the dumber blacklist algorithms might block me widely because they use the spoofed email address instead of examining the IP address. This small flood is a sign to me of a much larger iceberg melting (global warming, perhaps?) with only the tip showing up in my mailbox. Should I be concerned?
It looks like someone in northern Spain is sending out bulk e-mails and the Yahoo server is rejecting them. The mails are most likely originating from an innocent individual infected with a botnet mailer.
There is a little more to it than that... based on the mail header you posted... it appears that the mail server at bosauthsmtp01.eigbox.net is a misconfigured mail server. It looks like the assigned ip block where the mail server lives is 22.214.171.124/24 and is owned by 'Endurance International Group' according to the records[^]. The registered AS number for that IP block is AS29873[^] and you could attempt to contact them. In my experience... nobody every responds to abuse complaints unless there is a warrant attached.
The reason nobody responds to complaints probably has something to do with the fact that poor little Brian appears to be responsible for 79,461[^] domains within that ip range. And thats just one of the 51 ip blocks he appears to be responsible for.
Roger Wright wrote:
Should I be concerned?
There isn't much you can do about it... the SMTP protocols were not very well designed and the protocol allows spoofing. It is up to the mail server software to prevent this. Your ISP or web hosting provider should be diligent with keeping the mail servers properly configured.
By the way you should probably remove your rawright.net[^] e-mail address from the mail header you posted. But because you left it there... I was able to determine that your domain name rawright.net at 126.96.36.199 is on the 188.8.131.52/18 ip block[^] which poor little Brian is responsible for[^]. I hope you don't mind... I hacked, probed and prodded your box a little bit... and it appears to be running IIS/6.0 on windows server.
I was able to connect to your rawright.net SMTP port 25 and forge my origin domain. The SMTP server did not complain. A well configured an e-mail server will perform a reverse DNS here and make sure my IP address matches the domain from the HELO command. I connected multiple times and each time I was routed through a different *.eigbox.net smtp authorization server. It looks like your service provider is using some sort of round robin BGP/GLBP routing.
I spent a few minutes manually testing your mail server via raw TCP socket but always recieved the error: 550 bosauthsmtp: Host x.x.x.x: No unauthenticated relaying permitted (I used all of the tricks I know about and was unable to trick the server into allowing me to relay mail. This is what we want). So maybe its already fixed. But maybe it is not fixed... if you look closely at the mail header you posted... it says the spam came via ESMTPSA which means the spam was sent over an encrypted TLS[^]. Although I would probably continue testing via TLSWrap[^]... I think I'll not test any further. It may be that their plain text SMTP server is well protected... but the encrypted SMTP is vulnerable.
Anyway we could speculate about this all day... but the best person to handle this would be a systems administrator from your rawright.net hosting provider.
I'm quite impressed by the amount of information you were able to glean. FYI, I don't control the SMTP server - webhost4life.com does that. Perhaps it's time for another move, painful as the last one was.
I am coming from the business side rather than from the IT side, but I have been asked to solve a business problem that I think is totally common nowadays, and I hope you can help me with some system admin solutions.
I need to know if my idea will work and it would be very helpful if you could point out some problems areas that I need to consider.
We are a large international organization with a Microsoft infrastructure and about 200 staff who travel frequently. They typically use laptops we provide, but also they want to use their own devices (Bring Your Own Device = BYOD) such as iPads, Macintosh laptops, smartphones, Android tablets, you name it.
What I would like to say to our staff is this:
"Your work computer will be a laptop that you can take home with you or take abroad on your travels.
When you receive this computer it will come with a set of standard software installed, including anti-virus software. Thereafter you have admin rights over this laptop, you are completely responsible for everything on this computer, including backups, just as if it were your personal property. When you leave our organization, you turn your computer in.
"You store your work on your own computer, so you are responsible for backups. If you finish something that should be shared with your colleagues, you upload it to our corporate intranet online, and you let people know it’s there.
"When you come to the office, you will be able to plug your laptop into a docking station with a large-screen monitor and a keyboard. You can log into our network on your office computer, but not on any personal device.
"If you want to access the Internet or printers with any device other than your office laptop you can do so wirelessly."
What do you experienced System Administrators think of this approach. I know our staff would love me for it because they have some big problems with the security of our network, because they can't BYOD, they can install personal software on their laptops, getting software updates is a big hassle with the IT department, etc.
Thanks in advance for your help!
Last Visit: 31-Dec-99 19:00 Last Update: 29-Mar-15 11:50