Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SPAM from my domain

Status
Not open for further replies.
Helenp1983

Helenp1983

MIS
Dec 16, 2005
274
GB
Hi

i have a user being sent rude e-mails and it says they are from Y@munoz.co.uk which is my domain, i have no user Y of course but i can't add @munoz.co.uk to the spam filter. My filter is Policy patrol. What can i do?
 
Sort by date Sort by votes
I would say that it's probably not really coming from your domain. I would check your mail logs and verify that assumption.

It's probably actually a spammer or program that is spoofing your domain. Check the headers and see if they are coming from your mail server.

Hope this helps,

Erik
 
Upvote 0 Downvote
The users has deleted it, i will on the next one. I don't think it's coming from us.


If it is someone spoofing us, how do i block them coming through?
 
Upvote 0 Downvote
If you get another one, look at the headers or send them in this thread so I or others can look at it, and then we will see how we can try blocking it, but it may be difficult to block if they are clever.

Hope this helps,

Erik
 
Upvote 0 Downvote
You should be able to look at your firewall for this as well. This will depend upon how/what type of firewall you are using, but you should be able to block anything incoming from @munoz.co.uk.
 
Upvote 0 Downvote
Hi

I don't think it's from us: Received: from friend (unknown [193.225.113.130]) by vnet.trinite.co.uk



Microsoft Mail Internet Headers Version 2.0

Received: from mail pickup service by mmuk-exch-01.munoz.co.uk with Microsoft SMTPSVC;

Mon, 20 Feb 2006 15:35:12 +0000

Received: from trinitevisp.co.uk ([195.38.80.221]) by mmuk-exch-01.munoz.co.uk with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Feb 2006 15:35:10 +0000

Received: from trinitevisp.co.uk [195.38.85.216] by VMAILW2K3-42A.trinitevisp.co.uk with ESMTP; Mon, 20 Feb 2006 15:35:18

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830

Received: from vnet.trinite.co.uk [195.38.64.11] by VMAILW2K45.trinitevisp.co.uk with ESMTP; Mon, 20 Feb 2006 15:34:24

Received: from friend (unknown [193.225.113.130]) by vnet.trinite.co.uk (Postfix) with ESMTP id 84830275A8B for <kathryn.stephens@munoz.co.uk>; Mon, 20 Feb 2006 15:33:17 +0000 (GMT)

Received: from munoz.co.uk (munoz.co.uk [193.225.113.130]) by munoz.co.uk (8.13.1/8.13.1) with SMTP id X8EmLl814515 for <kathryn.stephens@munoz.co.uk>; Sat, 19 Aug 2000 14:13:05 +0600

Message-ID: <55870713282307.U2hGvI5850@munoz.co.uk>

From: "Andrew" <dw@munoz.co.uk>

To: <kathryn.stephens@munoz.co.uk>

Subject: Re:

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_NextPart_000_0051_01C631DB.DA3C46A0"

Date: Mon, 20 Feb 2006 15:33:17 +0000 (GMT)

Return-Path: <dw@munoz.co.uk>

X-OriginalArrivalTime: 20 Feb 2006 15:35:10.0935 (UTC) FILETIME=[3C49F670:01C63633]



------=_NextPart_000_0051_01C631DB.DA3C46A0

Content-Type: multipart/alternative;

boundary="----=_NextPart_001_0052_01C631DB.DA3C46A0"



------=_NextPart_001_0052_01C631DB.DA3C46A0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable



------=_NextPart_001_0052_01C631DB.DA3C46A0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable



------=_NextPart_001_0052_01C631DB.DA3C46A0--

------=_NextPart_000_0051_01C631DB.DA3C46A0

Content-Type: image/jpeg;

name="38.jpg"

Content-Transfer-Encoding: base64

Content-ID: <005001c631a1$2ddafda0$6400a8c0@VAIO>





------=_NextPart_000_0051_01C631DB.DA3C46A0--



-----Original Message-----
From: Andrew [mailto:dw@munoz.co.uk]
Sent: 20 February 2006 15:33
To: Kathryn Stephens
Subject: Re:
 
Upvote 0 Downvote
Doesn't look to me like it's from you indicated here:

[193.225.113.130]) by vnet.trinite.co.uk

You are:

mmuk-exch-01.munoz.co.uk

So, it's a spoof.

Hope this helps,

Erik
 
Upvote 0 Downvote
Thanks but is there away to block it? I'm not sure i can block ip's in policy patrol.
 
Upvote 0 Downvote
It's not from you, so you certainly can't block it!

________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
 
Upvote 0 Downvote
Your only course of action is to contact the adminstrator of that IP and see if they can do something. Unfortunately, it may be the Administrator who is spoofing you.


James P. Cottingham
-----------------------------------------
I'm number 1,229!
I'm number 1,229!
 
Upvote 0 Downvote
Thank you.

I have found that i can block ip addresses in my filter so i have done that thanks.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat
xit
  • Locked
  • News
New beta product from Malwarebytes 1
Replies
4
Views
206
kjv1611
kjv1611
waikhu
  • Locked
  • Question
Somebody help me out, when my pc st
Replies
3
Views
116
kjv1611
kjv1611
madcap86
  • Locked
  • Question
Google search results redirecting to spam pages
Replies
12
Views
256
Noway2
Noway2
1DMF
  • Locked
  • Question
How do drive by virus arbitarily execute code on my machine? 3
Replies
14
Views
232
thefarg
thefarg

Part and Inventory Search

Sponsor

Back
Top