Hi I recently got an email from Amazon, saying that my EC2 instance is sending spam. So what they say is my mail server is receiving email for a non-existing user and therefore bounces the email back without validating the source netrange.
So to my understanding, some jerks are sending bogus emails to my mail server claiming to be someone else, and since the email delivery failed my mail server bounces the email back to that "someone else" that the jerk claimed to be.
I just want to know how I can reproduce this and how I can fix my mail server to not do it.
My system spec:
OS: Ubuntu 10.04
Mail Program: Sendmail
Experiments:
I tried the following:
1.
sendmail me@mydomain.com
FROM: bogus@notmydomain.com
SUBJECT: Spoof
Spoof
.
The above email got delivered to my mail box, with the FROM: header being bogus@notmydomain.com. This case people aren't getting spammed since the email is delivered to me.
2.
sendmail non-existing-user@mydomain.com
FROM: mypersonalemail@notmydomain.com
SUBJECT: BOUNCE!!!
Spoof
.
So I'm trying to reproduce the spamming attack here, I send an email to a non existing user in my domain, claiming to be someone else. However, I did not get any bounced email in my personal email box, not even in the junk folder.
3.
sendmail mypersonalemail1@notmydomain.com
FROM: mypersonalemail2@notmydomain.com
SUBJECT: hacked!!
Spoof!
.
This time I am trying to simulate a spoofing attack where I used my mail server to send email to someone faking someone else. This time I got the email in my junk folder, with the FROM: header being the faked user.
So the above is what I have found after my experiments. I cannot seem to reproduce the bounced email problem, but I can send email with faked origin.
So how can I prevent my mail server being used as spoofing tool??
Best Answer
Sounds like backscatter and if I'm understanding you, your understanding is correct but you're missing the right experiment:
(I changed the message a bit to make the bounce easier to spot.)
Better, try sending the same message from outside your server.