Posted on: 05/11/08 09:24pm
By: ronack
I'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL. The message is in Spanish, a few weeks ago I received a good 20 or 30 failure notices which indicate to me that SPAM is outgoing from my server. I did find this in my GL log which looks rather dubious. But since none of this is in Spanish I don't think this is it. Any ideas?
( I tried to include the log file but it detected it as spam)
Here is a link to a txt file[*1]
Re: Outgoing SPAM
Posted on: 05/11/08 10:09pm
By: Anonymous (ironmax)
Quote by: ronackI'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL. The message is in Spanish, a few weeks ago I received a good 20 or 30 failure notices which indicate to me that SPAM is outgoing from my server. I did find this in my GL log which looks rather dubious. But since none of this is in Spanish I don't think this is it. Any ideas?
( I tried to include the log file but it detected it as spam)
Here is a link to a txt file[*1]
Your link does not resolve from my end. Nor do I get any DNS lookup info on it. Well atleast at the time of this posting.
Michael
Re: Outgoing SPAM
Posted on: 05/12/08 03:06am
By: Dirk
Quote by: ronackI'm not sure how this is going on but I'm receiving delivery failure notices from the account i use in GL.
With "account" you mean the email address? You realize that this can easily (trivially, even) be faked? Happens to
everyone[*2] eventually ...
If you mean something else, we would need to be able to see that text file you linked to, but it's giving me a 404 ...
bye, Dirk
Re: Outgoing SPAM
Posted on: 05/12/08 04:35am
By: Dirk
Quote by: ronack( I tried to include the log file but it detected it as spam)
Found it in our logs (slightly censored):
Text Formatted Code
04/29/08 10:42:25 - Error communicating with SLV: RPC server did not send response before timeout.; Message was (@xml version="1.0" encoding="UTF-8"@)
<methodCall>
<methodName>slv</methodName>
<params>
<param>
<value><string>http://groups.google.ru/group/buy_ambien_online/...
http://groups.google.ru/group/.../best-ambien-prices-free-overnight-shipping</string></value>
</param>
</params>
</methodCall>
But that's just a notification that Spam-X was unable to contact
SLV[*3] to see if those URLs should be considered spam (obviously, they are).
Looks fine to me: Someone tried to post spam on your site. Spam-X tried to get SLV's opinion on those URLs but SLV was unreachable or at least did not respond in time, so that problem was logged and the processing of the post continued without SLV's input. If it didn't show up on your site, then some other Spam-X module caught it. Check your spamx.log, you should have an entry there with the same timestamp.
bye, Dirk
Re: Outgoing SPAM
Posted on: 05/12/08 05:47pm
By: ronack
So that's not it. Frankly I can't determine how their doing it. Can't find anything in the logs either GL or server.
This is the header of the message.
laudinha@telefonica.net
Return-Path: <Masked My Email Address>
Message-ID: <BAY0-MC2-F5mzfYuYyF002029c3@bay0-mc2-f5.bay0.hotmail.com>
X-OriginalArrivalTime: 29 Apr 2008 04:15:45.0789 (UTC) FILETIME=[B26C92D0:01C8A9AF]
Re: Outgoing SPAM
Posted on: 05/13/08 04:23pm
By: Dirk
What makes you think the spam was even sent through your site? As I said, it's easy to fake the reply address and you would get the bounces even if you didn't send anything.
Having said that: We had an embarrassing case recently where a Nigerian scam artist used geeklog.net to send their stuff via the "Send email" link from the profile. Those should show up in your logfiles, though.
Oh, and if those bounces contain the original spam text, feed some of the keywords to Spam-X and see if it catches anything (enable notifications or keep an eye on your spamx.log).
bye, Dirk
Re: Outgoing SPAM
Posted on: 05/13/08 05:20pm
By: ronack
I think that's might be whats going on. I received 4 failure notifications today. I'll keep digging.