Re: Ouch! My SBS got hacked! Please help me not be a spammer

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From reading this header, the spam originated from a network in Poland,
then was relayed to a mail server in British Columbia, Canada.

You're not hacked. You're on the receiving end of an e-mail spoof.

The method mentioned earlier for retrieving your e-mail addresses is
called directory harvesting. This can be avoided with 3rd-party
software such as GFI Mail Essentials, and/or by limiting the number of
recipients per message. Set it to 20 or 50 and it will be hard to go
through a phone book of names. Unless your mail account is bob@ or
john@ or admin@ or postmaster@. Then, there's no help from harvesting.

Also, if you inheiret a domain name that has been spoofed heavily in
the past, sending postmaster@ emails to your cell phone will surely
ruin any date night.

Take heart that you were one of the good people that will actually
unplug a suspect machine for diagnosis. Most grumble and complain for
6 months, spewing out spam and helping with DDOS attacks, then go out
and buy another computer.

Regards,
Alan

Bob Johnson wrote:
Russ,

Thank you for your constructive help. I'm not using it as a workstation, and
I haven't changed it to be an open relay.

The address is the internal group address for mydomain. So the email address
its coming from is mydomain@xxxxxxxxxxxxx

Here's one of the more descriptive email replies:

Internet Headers starts here

Microsoft Mail Internet Headers Version 2.0
Received: from pop.gravit-e.com ([204.174.19.79]) by mydomain.com with
[snip]
From: MAILER-DAEMON@xxxxxxxxxxxxxxxx
[snip]
Received: from p2p.sh-fut.pl (HELO 78.76/30.173.233.62.in-addr.arpa)
(62.233.173.78)

by mail.gravit-e.com with SMTP; 13 Oct 2006 18:39:21 -0000

.