|
Can someone help me to interpret what's going on here?
My Junk Mail folder is filling up rapidly with email rejection notices. This has been going on sporadically for a couple of weeks, with a flurry of several hundred such messages, then a trickle, then none for a day or two before it starts again. A typical message is:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
remy525@yahoo.com
SMTP error from remote mail server after end of data:
host mta5.am0.yahoodns.net [67.195.103.233]: 554 Message not allowed - [299]
------ This is a copy of the message's headers. ------
Return-path: <<code>my.address</code>>
Received: from bosmailscan10.eigbox.net ([10.20.15.10])
by bosmailout03.eigbox.net with esmtp (Exim)
id 1SG1aE-0003Tv-28
for remy525@yahoo.com; Fri, 06 Apr 2012 01:19:38 -0400
Received: from bosimpout01.eigbox.net ([10.20.55.1])
by bosmailscan10.eigbox.net with esmtp (Exim)
id 1SG1aD-0006DH-IJ
for remy525@yahoo.com; Fri, 06 Apr 2012 01:19:37 -0400
Received: from bosauthsmtp01.eigbox.net ([10.20.18.1])
by bosimpout01.eigbox.net with NO UCE
id uVKd1i00301P9Sa01VKddX; Fri, 06 Apr 2012 01:19:37 -0400
X-Authority-Analysis: v=2.0 cv=eq1oOPVX c=1 sm=1
a=z5zA2GEyXHX4FYSAKYr2NA==:17 a=7UmD-tR_JRgA:10 a=VG0OwtqChsEA:10
a=8AlaD7fTCjEA:10 a=8nJEP1OIZ-IA:10 a=Sh_hsHRGdUoA:10 a=qrrI46oVAAAA:8
a=IIUmFY3D8pfpmdMjRkQA:9 a=gBDzBF7yGH2_iO3muJQA:7 a=wPNLvfGTeEIA:10
a=NTIIGRmZMWAA:10 a=P3BRNhQXk_0A:10 a=gYNu_iXhhMS5DrdM:21
a=St506IR-4_hhMAsl:21 a=FLmnjis/JmE4jomwi6pJ+A==:117
X-EN-OrigOutIP: 10.20.18.1
X-EN-IMPSID: uVKd1i00301P9Sa01VKddX
Received: from 141.24.27.77.dynamic.mundo-r.com ([77.27.24.141] helo=Servidor)
by bosauthsmtp01.eigbox.net with esmtpsa (TLSv1:RC4-MD5:128)
(Exim)
id 1SG1aD-0008JG-FT
for remy525@yahoo.com; Fri, 06 Apr 2012 01:19:37 -0400
MIME-Version: 1.0
Date: Fri, 06 Apr 2012 07:19:33 +0200
X-Priority: 3 (Normal)
X-Mailer: The Bat! (v2.00.3) Personal
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: eyes," is caused now."Astute build raised its Carvers' to Lord idea or tell "Someone cried, "But ritual emptiness marring the foolish of this endless uncles,
From: my.address
To: remy525@yahoo.com
Message-ID: <CHILKAT-MID-e8cdfeda-d286-1c59-2362-82cf65c1e5d5@Servidor>
X-EN-UserInfo: c996fca110e1529a133127fe8b9b68eb:71b24f1e944ec8a088e91647e108c312
X-EN-AuthUser: <code>My.address</code>
Sender: <code>my.address</code>
X-EN-OrigIP: 77.27.24.141
X-EN-OrigHost: 141.24.27.77.dynamic.mundo-r.com
X-EN-Class: impout
The only constant is the reference to "bosxxxxxxx.eigbox.net" in the middle portion of the message header. Everything else in the message changes at random, and the IP addresses associated with my email address don't match anything I've ever used. What is doing this, and which server is compromised? Should I notify the admin for the eigbox.net domain that this is going on, or is that being spoofed, too?
My concern here is that some of the dumber blacklist algorithms might block me widely because they use the spoofed email address instead of examining the IP address. This small flood is a sign to me of a much larger iceberg melting (global warming, perhaps?) with only the tip showing up in my mailbox. Should I be concerned?
Will Rogers never met me.
modified 16-Apr-12 14:52pm.
|
|
|
|
|
Hey Roger,
It looks like someone in northern Spain is sending out bulk e-mails and the Yahoo server is rejecting them. The mails are most likely originating from an innocent individual infected with a botnet mailer.
There is a little more to it than that... based on the mail header you posted... it appears that the mail server at bosauthsmtp01.eigbox.net is a misconfigured mail server. It looks like the assigned ip block where the mail server lives is 38.113.1.0/24 and is owned by 'Endurance International Group' according to the records[^]. The registered AS number for that IP block is AS29873[^] and you could attempt to contact them. In my experience... nobody every responds to abuse complaints unless there is a warrant attached.
The reason nobody responds to complaints probably has something to do with the fact that poor little Brian appears to be responsible for 79,461[^] domains within that ip range. And thats just one of the 51 ip blocks he appears to be responsible for.
Roger Wright wrote: Should I be concerned?
There isn't much you can do about it... the SMTP protocols were not very well designed and the protocol allows spoofing. It is up to the mail server software to prevent this. Your ISP or web hosting provider should be diligent with keeping the mail servers properly configured.
By the way you should probably remove your rawright.net[^] e-mail address from the mail header you posted. But because you left it there... I was able to determine that your domain name rawright.net at 66.96.146.82 is on the 66.96.128.0/18 ip block[^] which poor little Brian is responsible for[^]. I hope you don't mind... I hacked, probed and prodded your box a little bit... and it appears to be running IIS/6.0 on windows server.
Some thoughts:
I was able to connect to your rawright.net SMTP port 25 and forge my origin domain. The SMTP server did not complain. A well configured an e-mail server will perform a reverse DNS here and make sure my IP address matches the domain from the HELO command. I connected multiple times and each time I was routed through a different *.eigbox.net smtp authorization server. It looks like your service provider is using some sort of round robin BGP/GLBP routing.
I spent a few minutes manually testing your mail server via raw TCP socket but always recieved the error: 550 bosauthsmtp: Host x.x.x.x: No unauthenticated relaying permitted (I used all of the tricks I know about and was unable to trick the server into allowing me to relay mail. This is what we want). So maybe its already fixed. But maybe it is not fixed... if you look closely at the mail header you posted... it says the spam came via ESMTPSA which means the spam was sent over an encrypted TLS[^]. Although I would probably continue testing via TLSWrap[^]... I think I'll not test any further. It may be that their plain text SMTP server is well protected... but the encrypted SMTP is vulnerable.
Anyway we could speculate about this all day... but the best person to handle this would be a systems administrator from your rawright.net hosting provider.
Best Wishes,
-David Delaune
|
|
|
|
|
Fived as I'm impressed.
|
|
|
|
|
Ditto, 5 just because of the results of your investigation
|
|
|
|
|
I thought I'd removed all those references.
I'm quite impressed by the amount of information you were able to glean. FYI, I don't control the SMTP server - webhost4life.com does that. Perhaps it's time for another move, painful as the last one was.
Will Rogers never met me.
|
|
|
|
|
Can I create a new sql server user who can only view(read only) a specific view in my database. I don't want to allow this user to see/read/write anything else in database.
|
|
|
|
|
|
I am coming from the business side rather than from the IT side, but I have been asked to solve a business problem that I think is totally common nowadays, and I hope you can help me with some system admin solutions.
I need to know if my idea will work and it would be very helpful if you could point out some problems areas that I need to consider.
We are a large international organization with a Microsoft infrastructure and about 200 staff who travel frequently. They typically use laptops we provide, but also they want to use their own devices (Bring Your Own Device = BYOD) such as iPads, Macintosh laptops, smartphones, Android tablets, you name it.
What I would like to say to our staff is this:
"Your work computer will be a laptop that you can take home with you or take abroad on your travels.
When you receive this computer it will come with a set of standard software installed, including anti-virus software. Thereafter you have admin rights over this laptop, you are completely responsible for everything on this computer, including backups, just as if it were your personal property. When you leave our organization, you turn your computer in.
"You store your work on your own computer, so you are responsible for backups. If you finish something that should be shared with your colleagues, you upload it to our corporate intranet online, and you let people know it’s there.
"When you come to the office, you will be able to plug your laptop into a docking station with a large-screen monitor and a keyboard. You can log into our network on your office computer, but not on any personal device.
"If you want to access the Internet or printers with any device other than your office laptop you can do so wirelessly."
What do you experienced System Administrators think of this approach. I know our staff would love me for it because they have some big problems with the security of our network, because they can't BYOD, they can install personal software on their laptops, getting software updates is a big hassle with the IT department, etc.
Thanks in advance for your help!
- Thom
|
|
|
|
|
quinet wrote: I know our staff would love me for it
And I suspect your IT department and company lawyers would hate you. IT security is a very serious business and in any corporate organisation it is important to keep good control in order to protect your financial and intellectual property. If you open up your corporate network so people can hook their own systems into it whenever they like, then you are likely to face some serious issues. However many promises people make and however many rules you ask them to follow, the system will be abused.
My advice, don't do it.
Unrequited desire is character building. OriginalGriff
I'm sitting here giving you a standing ovation - Len Goodman
|
|
|
|
|
Richard MacCutchan wrote: And I suspect your IT department and company lawyers would hate you. IT security is a very serious business and in any corporate organisation it is important to keep good control in order to protect your financial and intellectual property. If you open up your corporate network so people can hook their own systems into it whenever they like, then you are likely to face some serious issues. However many promises people make and however many rules you ask them to follow, the system will be abused. My advice, don't do it.
Depends on the network setup. At the customer site I work at, the wireless and office network are 2 distinct and separate connections to the Internet. When connected to the wireless there is no connectivity to the servers available unless you connect in via the VPN or have a Domain connected laptop that uses Direct Access to connect in from anywhere.
If the Wireless and Wired network are all running off the same Internet connection and internal network, then like you say, runaway.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
quinet wrote: "When you come to the office, you will be able to plug your laptop into a
docking station with a large-screen monitor and a keyboard. You can log into our
network on your office computer, but not on any personal device.
In addition to our desktops we employ this setup for our laptop users. This is becoming more common as the power and memory capabilities increasingly are cheaper.
quinet wrote: "Your work computer will be a laptop that you can take home with you or take
abroad on your travels. When you receive this computer it will come with a
set of standard software installed, including anti-virus software. Thereafter
you have admin rights over this laptop, you are completely responsible for
everything on this computer, including backups, just as if it were your personal
property. When you leave our organization, you turn your computer in.
Again this is a great idea, but I would advise using some form of encryption. Bitlocker works well, but it depends on what OS you're currently using. They're are other software based encryption programs to use w/leagcy OS'. This still can create an issue as the user almost never do backups or willingly run AV scans. As long as you're using Active Directory you could push out Forefront and do Bitlocker key recovery. They still download willy-nilly programs like RegReviver and what not, but this gives you a stance on giving them an ultimatim. Either you behave with it, or we'll just re-image it when you screw it up. This tends to stop a lot of the BS downloaders, but not all of them.
quinet wrote: "If you want to access the Internet or printers with any device other than your
office laptop you can do so wirelessly."
We do this as well and it works very well, as it exists on an external network. This can present some issues too if you're in a building close to other businesses or the public I guess. We're fortunate to be "out-of-town", but I think this would still be an answer for the BYOD'ers.
Something worth reading, albeit it's invincible!
|
|
|
|
|
I just tried using Remote Desktop Connection today, accessing important apps on my desktop from my laptop, and it works great. But that was between rooms, using my home workgroup and the desktop computer name as the target, connecting over the wireless LAN. Now I want to go to the next level, and do the same over the Internet. The MS instruction fall a little short of covering that configuration. Here's my setup:
Internet -> cable modem/router -> Cisco/Linksys E4200 wireless router -> Wired connection to desktop, wireless to laptop.
The only routable IP address in the lot is the WAN address on the E4200, which is bridged from the cable modem. It's dynamic, and that could be a problem, but it wouldn't be too difficult to write a service on my website to allow me to look up the current IP address anytime I'm travelling. It hasn't changed in a couple of years, so that's not an immediate concern. What is a concern is that I don't know how to configure the laptop to connect to the home IP address, nor what ports and services I need to enable on the router to move RDC traffic from the router to the desktop, and back to the laptop in my hotel 300 miles away.
Can someone point me to the information I need to accomplish this?
Will Rogers never met me.
|
|
|
|
|
Services like dyndns.org allow you to get your IP address from a name, thus you can do a ping your-computer-name.dyndns.org .
To get from the internet into your private home network, you must configure port forwarding on the router.
|
|
|
|
|
Thanks... I found a website with instructions. There wasn't a whole lot of info from MS about which ports and protocols to enable, but the site gives a few clues.
Will Rogers never met me.
|
|
|
|
|
Roger Wright wrote: Thanks... I found a website with instructions. There wasn't a whole lot of info from MS about which ports and protocols to enable, but the site gives a few clues.
Roger, port 3389 is what you want for RDP but I would not want to open that up on my router and expose my network to the internet.
I'd seriously look at getting a little, low power, low heat output box, put a Linux Distro on it and SSH to the Linux Box (reasonably locked down) and SSH Tunnel through it to the Windows Boxen, Routers, Website stuff like your USB HDD.
I reckon you could easily work it out, but I could happily help you through, even give you a call on a landlne (if you have one) cause I can call you Yanks for free except for mobiles.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Michael Martin wrote: Roger, port 3389 is what you want for RDP but I would not want to open that up on my router and expose my network to the internet.
My 5 to point this out.
|
|
|
|
|
Yesterday I would probably have pointed out that RDP is one of the safest protocols around. And that it probably isn't a safety problem to consider.
But today I think I'll pass.[^]
|
|
|
|
|
Quite right, Michael, but I just had to try it. I don't have the time to set up a Linux box, but I might one day.
A reasonably safe option is to set up a VPN connection to use when travelling, and Win7 supposedly supports that. But following the step-by-step instructions presented in Help simply doesn't work. I have no clue why, since Microsoft won't tell you what needs doing, but insists on providing a friendly, if retarded, "wizard" to do everything wrong for you.
Will Rogers never met me.
|
|
|
|
|
Roger Wright wrote: I don't have the time to set up a Linux box, but I might one day
If your willing to use CentOS (Red Hat Enterprise Linux with the copyright stuff pulled out, but built from the same source) I can send you a Word document on how to set it up exactly as I have. The joy of SSH is it is completely encrypted end to end.
Roger Wright wrote: A reasonably safe option is to set up a VPN connection to use when travelling,
and Win7 supposedly supports that. But following the step-by-step instructions
presented in Help simply doesn't work. I have no clue why, since Microsoft won't
tell you what needs doing, but insists on providing a friendly, if retarded,
"wizard" to do everything wrong for you.
The VPN Connection is easy to setup on Windows 7 (has been since XP) but do you have the VPN to connect to? Does your Router have a VPN built into it and is it activated? Otherwise you will need one running on your Windows 2008 R2 box and I'm not sure if one is built in or if it needs to be 3rd party.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
According to the "documentation" provided by Win7 Help, a separate server shouldn't be required. One little wizard configures the host machine, the other does the remote. My router doesn't have a VPN server in it, but I've enabled VPN passthrough to let the little buggers through. On making the connection, the authentication works - at least it completes without announcing any errors - then it proceeds to invoke a couple of miniport drivers, then just times out. The most informative I've been able to get from it is that the host didn't respond. Very curious...
I do have an old PC that I could use for Linux, so if you'd like to send along your instructions I'll give them a look. Thanks, Michael!
Will Rogers never met me.
|
|
|
|
|
I'll pull it out, clean it up and send it across in the next couple of days.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Roger Wright wrote: I have no clue why, since Microsoft won't tell you what needs doing, but insists on providing a friendly, if retarded, "wizard" to do everything wrong for you.
this is the funniest thing I have read today. This is the real way to complain about something!
If it moves, compile it
|
|
|
|
|
Michael Martin wrote: I'd seriously look at getting a little, low power, low heat output box, put a Linux Distro on it and SSH to the Linux Box (reasonably locked down) and SSH Tunnel through it to the Windows Boxen, Routers, Website stuff like your USB HDD.
Sounds like fodder for a good article!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: Sounds like fodder for a good article!
About 3 years ago I mentioned on here that I would do exactly that, including SAMBA for file sharing and such, still haven't pulled the finger out.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
You could do what others have suggested or just get a subscription to https://logmein.com/[^]
From WIKI (logmein is blocked at my company)
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.[4]
Users access remote desktops using either the LogMeIn Ignition stand-alone application or a web portal. The web portal requires either an ActiveX plugin for Internet Explorer, or an extension for Firefox (the LogMeIn plug-in for Firefox), or an extension for Safari (the LogMeIn plug-in for Safari), failing that it falls back to requiring Java in order to run a Java program,[5] and failing that it falls back to "a screen-shot-based HTML remote control".[6] The web portal also provides status information for the remote computers and, optionally, remote computer management functions.
The service connects the remote desktop and the local computer using SSL over TCP or UDP and utilizing NAT traversal techniques to achieve peer-to-peer connectivity when available.[4][7][8]
Common sense is admitting there is cause and effect and that you can exert some control over what you understand.
|
|
|
|
|