Click here to Skip to main content
12,399,244 members (61,025 online)

System Admin

 
AnswerRe: wayne nucleus point of sale configuration documents or technical support from wayne nucleus Pin
Richard MacCutchan23-May-12 22:21
mvpRichard MacCutchan23-May-12 22:21 
AnswerRe: wayne nucleus point of sale configuration documents or technical support from wayne nucleus Pin
Richard MacCutchan23-May-12 23:39
mvpRichard MacCutchan23-May-12 23:39 
GeneralMessage Automatically Removed Pin
11-May-12 21:13
memberpaiaw11-May-12 21:13 
GeneralRe: How to Create and Use a Windows 7 Password Reset USB Pin
Richard MacCutchan22-May-12 22:52
mvpRichard MacCutchan22-May-12 22:52 
QuestionWindows detected a hard disk problem Pin
berba3-May-12 1:13
memberberba3-May-12 1:13 
AnswerRe: Windows detected a hard disk problem Pin
Richard MacCutchan3-May-12 1:31
mvpRichard MacCutchan3-May-12 1:31 
QuestionData acquisition from audio card Pin
Hibiscusblau25-Apr-12 0:19
memberHibiscusblau25-Apr-12 0:19 
AnswerRe: Data acquisition from audio card Pin
Chris Quinn16-Jul-12 4:40
memberChris Quinn16-Jul-12 4:40 
QuestionMore Of A Tip Than A Question Pin
Roger Wright24-Apr-12 13:13
memberRoger Wright24-Apr-12 13:13 
AnswerRe: More Of A Tip Than A Question Pin
Jörgen Andersson24-Apr-12 22:28
memberJörgen Andersson24-Apr-12 22:28 
AnswerRe: More Of A Tip Than A Question Pin
Pete O'Hanlon24-Apr-12 23:28
protectorPete O'Hanlon24-Apr-12 23:28 
GeneralRe: More Of A Tip Than A Question Pin
Roger Wright25-Apr-12 3:14
memberRoger Wright25-Apr-12 3:14 
QuestionA Flurry Of "Returned Mail" Pin
Roger Wright5-Apr-12 20:06
memberRoger Wright5-Apr-12 20:06 
AnswerRe: A Flurry Of "Returned Mail" PinPopular
Randor 7-Apr-12 19:13
member Randor 7-Apr-12 19:13 
Hey Roger,

It looks like someone in northern Spain is sending out bulk e-mails and the Yahoo server is rejecting them. The mails are most likely originating from an innocent individual infected with a botnet mailer.

There is a little more to it than that... based on the mail header you posted... it appears that the mail server at bosauthsmtp01.eigbox.net is a misconfigured mail server. It looks like the assigned ip block where the mail server lives is 38.113.1.0/24 and is owned by 'Endurance International Group' according to the records[^]. The registered AS number for that IP block is AS29873[^] and you could attempt to contact them. In my experience... nobody every responds to abuse complaints unless there is a warrant attached.

The reason nobody responds to complaints probably has something to do with the fact that poor little Brian appears to be responsible for 79,461[^] domains within that ip range. And thats just one of the 51 ip blocks he appears to be responsible for.

Roger Wright wrote:
Should I be concerned?

There isn't much you can do about it... the SMTP protocols were not very well designed and the protocol allows spoofing. It is up to the mail server software to prevent this. Your ISP or web hosting provider should be diligent with keeping the mail servers properly configured.

By the way you should probably remove your rawright.net[^] e-mail address from the mail header you posted. But because you left it there... I was able to determine that your domain name rawright.net at 66.96.146.82 is on the 66.96.128.0/18 ip block[^] which poor little Brian is responsible for[^]. I hope you don't mind... I hacked, probed and prodded your box a little bit... and it appears to be running IIS/6.0 on windows server.

Some thoughts:
I was able to connect to your rawright.net SMTP port 25 and forge my origin domain. The SMTP server did not complain. A well configured an e-mail server will perform a reverse DNS here and make sure my IP address matches the domain from the HELO command. I connected multiple times and each time I was routed through a different *.eigbox.net smtp authorization server. It looks like your service provider is using some sort of round robin BGP/GLBP routing.

I spent a few minutes manually testing your mail server via raw TCP socket but always recieved the error: 550 bosauthsmtp: Host x.x.x.x: No unauthenticated relaying permitted (I used all of the tricks I know about and was unable to trick the server into allowing me to relay mail. This is what we want). So maybe its already fixed. But maybe it is not fixed... if you look closely at the mail header you posted... it says the spam came via ESMTPSA which means the spam was sent over an encrypted TLS[^]. Although I would probably continue testing via TLSWrap[^]... I think I'll not test any further. It may be that their plain text SMTP server is well protected... but the encrypted SMTP is vulnerable.

Anyway we could speculate about this all day... but the best person to handle this would be a systems administrator from your rawright.net hosting provider.

Best Wishes,
-David Delaune
AnswerRe: A Flurry Of "Returned Mail" Pin
Luc Pattyn8-Apr-12 2:13
mvpLuc Pattyn8-Apr-12 2:13 
GeneralRe: A Flurry Of "Returned Mail" Pin
JohnPayton22-May-12 18:39
memberJohnPayton22-May-12 18:39 
GeneralRe: A Flurry Of "Returned Mail" Pin
Roger Wright9-Apr-12 9:02
memberRoger Wright9-Apr-12 9:02 
QuestionSql Server user with specific Privileges Pin
Rishi Shinde28-Mar-12 0:03
memberRishi Shinde28-Mar-12 0:03 
AnswerRe: Sql Server user with specific Privileges Pin
thatraja4-Oct-13 19:49
mvpthatraja4-Oct-13 19:49 
QuestionSystem Administration in the age of BYOD and consumerization Pin
quinet16-Mar-12 6:48
memberquinet16-Mar-12 6:48 
AnswerRe: System Administration in the age of BYOD and consumerization Pin
Richard MacCutchan16-Mar-12 7:14
mvpRichard MacCutchan16-Mar-12 7:14 
GeneralRe: System Administration in the age of BYOD and consumerization Pin
Michael Martin 16-Mar-12 20:24
member Michael Martin 16-Mar-12 20:24 
AnswerRe: System Administration in the age of BYOD and consumerization Pin
SCraw285518-Mar-12 10:14
memberSCraw285518-Mar-12 10:14 
QuestionRemote Desktop Connection Pin
Roger Wright10-Mar-12 18:58
memberRoger Wright10-Mar-12 18:58 
AnswerRe: Remote Desktop Connection Pin
Bernhard Hiller11-Mar-12 21:38
memberBernhard Hiller11-Mar-12 21:38 
GeneralRe: Remote Desktop Connection Pin
Roger Wright12-Mar-12 18:11
memberRoger Wright12-Mar-12 18:11 
GeneralRe: Remote Desktop Connection PinPopular
Michael Martin 14-Mar-12 0:24
member Michael Martin 14-Mar-12 0:24 
GeneralRe: Remote Desktop Connection Pin
Jochen Arndt14-Mar-12 1:48
memberJochen Arndt14-Mar-12 1:48 
GeneralRe: Remote Desktop Connection Pin
Jörgen Andersson14-Mar-12 1:56
memberJörgen Andersson14-Mar-12 1:56 
GeneralRe: Remote Desktop Connection Pin
Roger Wright14-Mar-12 16:15
memberRoger Wright14-Mar-12 16:15 
GeneralRe: Remote Desktop Connection Pin
Michael Martin 14-Mar-12 21:07
member Michael Martin 14-Mar-12 21:07 
GeneralRe: Remote Desktop Connection Pin
Roger Wright15-Mar-12 6:17
memberRoger Wright15-Mar-12 6:17 
GeneralRe: Remote Desktop Connection Pin
Michael Martin 16-Mar-12 20:25
member Michael Martin 16-Mar-12 20:25 
GeneralRe: Remote Desktop Connection Pin
loctrice15-Mar-12 5:49
memberloctrice15-Mar-12 5:49 
GeneralRe: Remote Desktop Connection Pin
Richard Andrew x6414-Mar-12 17:01
memberRichard Andrew x6414-Mar-12 17:01 
GeneralRe: Remote Desktop Connection Pin
Michael Martin 14-Mar-12 21:08
member Michael Martin 14-Mar-12 21:08 
AnswerRe: Remote Desktop Connection Pin
S Douglas21-Feb-13 8:38
memberS Douglas21-Feb-13 8:38 
QuestionRegistry Pin
loctrice5-Mar-12 5:16
memberloctrice5-Mar-12 5:16 
AnswerRe: Registry Pin
djj555-Mar-12 5:25
memberdjj555-Mar-12 5:25 
GeneralRe: Registry Pin
loctrice5-Mar-12 7:55
memberloctrice5-Mar-12 7:55 
GeneralRe: Registry Pin
loctrice7-Mar-12 4:09
memberloctrice7-Mar-12 4:09 
GeneralRe: Registry Pin
djj557-Mar-12 4:13
memberdjj557-Mar-12 4:13 
GeneralRe: Registry Pin
loctrice7-Mar-12 5:07
memberloctrice7-Mar-12 5:07 
GeneralRe: Registry Pin
SCraw285518-Mar-12 10:26
memberSCraw285518-Mar-12 10:26 
QuestionRun as Another Admin Pin
Richard Andrew x6414-Feb-12 12:55
memberRichard Andrew x6414-Feb-12 12:55 
AnswerRe: Run as Another Admin Pin
Jochen Arndt14-Feb-12 23:16
memberJochen Arndt14-Feb-12 23:16 
GeneralRe: Run as Another Admin Pin
Jörgen Andersson15-Feb-12 2:26
memberJörgen Andersson15-Feb-12 2:26 
GeneralRe: Run as Another Admin Pin
Jochen Arndt15-Feb-12 20:59
memberJochen Arndt15-Feb-12 20:59 
GeneralRe: Run as Another Admin Pin
Richard Andrew x6415-Feb-12 8:32
memberRichard Andrew x6415-Feb-12 8:32 
GeneralRe: Run as Another Admin Pin
Michael Martin 14-Mar-12 0:31
member Michael Martin 14-Mar-12 0:31 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Mobile
Web02 | 2.8.160721.1 | Last Updated 11 Jun 2016
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid