Hi,
Recently, since late Jun, I have been seeing spam that appears to be
sent from an email alias I have. However, closer inspection of the spam
headers shows that someone connected into the smtp server (Exim ver
4.52) then sent it out using my alias.
My question is this an exploit or a configuration problem?
My other question is there a way to shut this down? Or can I get enough
info to bring to my hosting provider so they can fix whatever problem
maybe on their side?
Please note I do not have control over the smtp server, my hosting
provider does. Also there are no email accounts associated with the
domains. This has happened on 4 different domains that I have. Please
see a sample of the header below.
Thanks!
Received: from [220.70.206.152] (port=4460 helo=67.19.170.34)
by mustang.websitewelcome.com with smtp (Exim 4.52)
id 1Fv3uo-0006yP-G2 for postmaster@???; Mon,
26 Jun 2006 22:07:03 -0500
Date: Mon, 26 Jun 2006 23:07:10 -0400 (EDT)
Date-warning: Date header was inserted by ms-mta-04.nyroc.rr.com
From: postmaster@???
Subject: Re: hi
To: postmaster@???
Message-id: <548bgr$18nuf4m@???>
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - mustang.websitewelcome.com
X-AntiAbuse: Original Domain - colonichealth.net
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - colonichealth.net
Received: from [60.179.219.85] (port=1166 helo=85.219.179.60.broad.nb.zj.dynamic.cndata.com)
by mustang.websitewelcome.com with smtp (Exim 4.52)
id 1FvZCG-000049-4X for postmaster@???; Wed, 28 Jun 2006 07:31:15 -0500
Date: Wed, 28 Jun 2006 08:31:22 -0400 (EDT)
Date-warning: Date header was inserted by ms-mta-04.nyroc.rr.com
From: postmaster@???
Subject: Something for your site..
To: postmaster@???
Message-id: <53079d$1gs0i10@???>
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - mustang.websitewelcome.com
X-AntiAbuse: Original Domain - nceweb.com
