The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How did this happen? (mail hack?)

Discussion in 'E-mail Discussions' started by Svaha, Nov 23, 2003.

  1. Svaha

    Svaha Active Member

    Joined:
    Jan 17, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I have a client who has recieved a form off his site but some how an email address from the server got added to it. Here the headers (real names hidden)

    Any ideas How did the email addresses in red get there? They are not on the form or script he is using. One is "fr" after a legt address, and then "fr@servername.com" I'm a bit weak with email issues, but the rest of the headers look okay to me.

    Return-path: <nobody@l1.servername.com>
    Received: from punt-3.mail.demon.net by mailstore
    for user@jclientname.uk id 1ANaKG-0000hu-K6;
    Sat, 22 Nov 2003 16:09:36 +0000
    Received: from [64.191.xxx.xxx] (helo=servername.com)
    by punt-3.mail.demon.net with esmtp id 1ANaKG-0000hu-K6
    for username@clientname; Sat, 22 Nov 2003 16:09:36 +0000
    Received: from nobody by servername with local (Exim 4.24)
    id 1ANaKG-0006Ek-36
    for user@clientmane.com; Sat, 22 Nov 2003 11:09:36 -0500
    To: user@clientname.com
    Subject: Form from client site.
    From: Form submission<legit@mailaddress.com,fr >
    Reply-To: legit@mailaddress.com,fr@servername.com
    Message-Id: <E1ANaKG-0006Ek-36@servername.com>
    Date: Sat, 22 Nov 2003 11:09:36 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - servername.com
    X-AntiAbuse: Original Domain - clientdomain
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    X-AntiAbuse: Sender Address Domain - servername

    Thanks.
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    The "From" and "Reply-to" Headers can be spoofed by anybody. Not much one can do and all part of having a Domain name.
     
  3. Svaha

    Svaha Active Member

    Joined:
    Jan 17, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for replying.

    I suppose you are right, but why add an email address using the the servers hostname that's an unrouteable address? And on the at first line, it isn't even an email address, but just the letters "fr".

    Am I missing something?
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    If you are missing something, everyone else is also. Understanding the mind or intent of a Spammer, is something most of us do not have time for.
     
Loading...

Share This Page