|
List Info
Thread: Why is this getting thru?
|
|
| Why is this getting thru? |
 
United States |
2008-01-01 19:43:14 |
This is not a valid user in our domain, why is this getting
thru? Here are
the full headers from the spoofed email:
Received: from nyrsko (unverified [80.188.21.198])
by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
for <gmeadows compendiamedia.com>; Tue, 01 Jan 2008
18:17:01 -0600
Return-Path: <xtvoctcompendiamedia.com>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not
listening
Return-path: <xtvoctcompendiamedia.com>
X-Original-To: xxxxcompendiamedia.com
Delivered-To: xxxxcompendiamedia.com
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
by mail.compendiamedia.com with esmtp
id 650350-650350-36
for xxxxcompendiamedia.com; Wed, 02 Jan 2008
01:16:52 +0100 (EET)
Message-ID: <e07601c84cdd$2801d030$c615bc50compendiamedia.com>
From: "Sadie" <xtvoctcompendiamedia.com>
To: "Kris" <xxxxcompendiamedia.com>
Subject: ghost than widow
Date: Wed, 02 Jan 2008 01:16:52 +0100 (EET)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0&qu
ot;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Rcpt-To: <xxxxcompendiamedia.com>
X-Avast: Message is clean
X-IP-stats: No info recorded yet ip=80.188.21.198
X-X-Originating-IP: 80.188.21.198
X-Rcpt-To: <xxxxsheridansq.com>
X-Rcpt-Original: <xxxxcompendiamedia.com>
X-Avast: Message is clean
Status: U
X-UIDL: 1199233021.1868_273185.compendiaserver1
X-Antivirus: AVG for E-mail 7.5.516 [269.17.13/1205]
PS: compendiamedia is our old business domain, and all valid
user mail is
forwarded to our sheridansq.com mail address.
BUT this is being received without SMTP authentication being
applied.
What's going on here?
Thanks.
Glenn Meadows
Director Media Services/IT Manager
Sheridan Square Entertainment
210 25th Avenue North
Suite 1200
Nashville, TN 37203
615-277-1882 (ph)
615-277-1801 (fax)
|
|
| Re: Why is this getting thru? |
United States |
2008-01-01 20:40:20 |
Glenn,
Glenn Meadows wrote:
> This is not a valid user in our domain, why is this
getting thru? Here are
> the full headers from the spoofed email:
>
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>
> for <gmeadowscompendiamedia.com>; Tue, 01 Jan 2008
18:17:01 -0600
> Return-Path: <xtvoctcompendiamedia.com>
> X-Verify-SMTP: Host 80.188.21.198 sending to us was not
listening
> Return-path: <xtvoctcompendiamedia.com>
> X-Original-To: xxxxcompendiamedia.com
> Delivered-To: xxxxcompendiamedia.com
> Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> by mail.compendiamedia.com with esmtp
> id 650350-650350-36
> for xxxxcompendiamedia.com; Wed, 02 Jan 2008
01:16:52 +0100 (EET)
> Message-ID: <e07601c84cdd$2801d030$c615bc50compendiamedia.com>
> From: "Sadie" <xtvoctcompendiamedia.com>
> To: "Kris" <xxxxcompendiamedia.com>
> Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100 (EET)
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0&qu
ot;
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
> X-Rcpt-To: <xxxxcompendiamedia.com>
> X-Avast: Message is clean
> X-IP-stats: No info recorded yet ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To: <xxxxsheridansq.com>
> X-Rcpt-Original: <xxxxcompendiamedia.com>
> X-Avast: Message is clean
> Status: U
> X-UIDL: 1199233021.1868_273185.compendiaserver1
> X-Antivirus: AVG for E-mail 7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old business domain, and all
valid user mail is
> forwarded to our sheridansq.com mail address.
>
> BUT this is being received without SMTP authentication
being applied.
> What's going on here?
>
> Thanks.
>
It was delivered to your server, not sent via your server.
That's why
authentication isn't needed. I would change your
SPF record to strict (use -a instead of ~a) and that
should, I believe,
prevent this issue.
I believe there is also another setting I can't recall that
will check
that it is a valid email address since it appears to come
from your
domain, I just can't recall it at the moment.
Dale
|
|
| RE: Why is this getting thru? |
United States |
2008-01-01 22:17:36 |
Our spf record is that way (copied and pasted from our DNS
record for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or
does it only
need to be for compendiamedia.com???
Glenn Meadows
Sheridan Square Entertainment
-----Original Message-----
From: Dale Therio [mailto:listsehome.net]
Sent: Tuesday, January 01, 2008 8:40 PM
To: surgemail-listnetwinsite.com
Subject: Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn Meadows wrote:
> This is not a valid user in our domain, why is this
getting thru?
> Here are the full headers from the spoofed email:
>
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>
> for <gmeadowscompendiamedia.com>; Tue, 01 Jan 2008
18:17:01 -0600
> Return-Path: <xtvoctcompendiamedia.com>
> X-Verify-SMTP: Host 80.188.21.198 sending to us was not
listening
> Return-path: <xtvoctcompendiamedia.com>
> X-Original-To: xxxxcompendiamedia.com
> Delivered-To: xxxxcompendiamedia.com
> Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> by mail.compendiamedia.com with esmtp
> id 650350-650350-36
> for xxxxcompendiamedia.com; Wed, 02 Jan 2008
01:16:52 +0100
> (EET)
> Message-ID: <e07601c84cdd$2801d030$c615bc50compendiamedia.com>
> From: "Sadie" <xtvoctcompendiamedia.com>
> To: "Kris" <xxxxcompendiamedia.com>
> Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100 (EET)
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0&qu
ot;
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
> X-Rcpt-To: <xxxxcompendiamedia.com>
> X-Avast: Message is clean
> X-IP-stats: No info recorded yet ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To: <xxxxsheridansq.com>
> X-Rcpt-Original: <xxxxcompendiamedia.com>
> X-Avast: Message is clean
> Status: U
> X-UIDL: 1199233021.1868_273185.compendiaserver1
> X-Antivirus: AVG for E-mail 7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old business domain, and all
valid user mail
> is forwarded to our sheridansq.com mail address.
>
> BUT this is being received without SMTP authentication
being applied.
> What's going on here?
>
> Thanks.
>
It was delivered to your server, not sent via your server.
That's why
authentication isn't needed. I would change your SPF record
to strict (use
-a instead of ~a) and that should, I believe, prevent this
issue.
I believe there is also another setting I can't recall that
will check that
it is a valid email address since it appears to come from
your domain, I
just can't recall it at the moment.
Dale
|
|
| Re: Why is this getting thru? |
United States |
2008-01-02 01:10:46 |
|
|
TXT records in the DNS are for the domain, not the
host.
For compendiamedia.com
If it says "host record" it's really for the
domain.
BarryZ
1USA
----- Original Message -----
Sent: Tuesday, January 01, 2008 11:17 PM
Subject: RE: [SurgeMail List] Why is this getting thru?
Our spf record is that way (copied and pasted from our DNS record
for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or does it
only
need to be for compendiamedia.com???
Glenn
Meadows
Sheridan Square Entertainment
-----Original Message-----
From:
Dale Therio [mailto:listsehome.net]
Sent: Tuesday, January 01, 2008 8:40
PM
To: netwinsite.com">surgemail-listnetwinsite.com
Subject:
Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn
Meadows wrote:
>; This is not a valid user in our domain, why is this
getting thru? ;
> Here are the full headers from the spoofed
email:
>
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>;
> for <compendiamedia.com">gmeadowscompendiamedia.com>;
Tue, 01 Jan 2008 18:17:01 -0600
> Return-Path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not listening
>
Return-path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Original-To: compendiamedia.com">xxxxcompendiamedia.com
>
Delivered-To: compendiamedia.com">xxxxcompendiamedia.com
>
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> ; by
mail.compendiamedia.com with esmtp
> ; id
650350-650350-36
> for compendiamedia.com">xxxxcompendiamedia.com; Wed, 02 Jan
2008 01:16:52 +0100
> (EET)
> Message-ID: <compendiamedia.com">e07601c84cdd$2801d030$c615bc50compendiamedia.com>
>
From: "Sadie" <compendiamedia.com">xtvoctcompendiamedia.com>
>
To: "Kris" <compendiamedia.com">xxxxcompendiamedia.com>
>
Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100
(EET)
> MIME-Version: 1.0
> Content-Type:
multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0"
> X-Priority:
3
> X-MSMail-Priority: Normal
>; X-Mailer: Microsoft Outlook Express
6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
>; X-Rcpt-To: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> X-IP-stats: No info recorded yet
ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To:
< xxxxsheridansq.com">xxxxsheridansq.com>
>
X-Rcpt-Original: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> Status: U
> X-UIDL:
1199233021.1868_273185.compendiaserver1
> X-Antivirus: AVG for E-mail
7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old business
domain, and all valid user mail
> is forwarded to our sheridansq.com mail
address.
>
> BUT this is being received without SMTP authentication
being applied.
> What's going on here?
>
>
Thanks.
>
It was delivered to your server, not sent
via your server. That's why
authentication isn't needed. I would change
your SPF record to strict (use
-a instead of ~a) and that should, I
believe, prevent this issue.
I believe there is also another setting I
can't recall that will check that
it is a valid email address since it
appears to come from your domain, I
just can't recall it at the
moment.
Dale
|
| Re: Why is this getting thru? |
United States |
2008-01-02 01:19:04 |
|
|
>>I believe there is also another setting I
can't recall that will check that
it is a valid email address since it
appears to come from your domain, I
just can't recall it at the
moment.
Dale
g_from_bounce
g_from_check
and likewise I thought there was a g_from_exact
somewhere...
BarryZ
|
| Re: Why is this getting thru? |
United States |
2008-01-04 03:11:52 |
|
|
Hey Glen Meadows.... is it working correctly?
BarryZ
1USA
----- Original Message -----
Sent: Wednesday, January 02, 2008 2:10 AM
Subject: Re: [SurgeMail List] Why is this getting thru?
TXT records in the DNS are for the domain, not the
host.
For compendiamedia.com
If it says "host record" it's really for the
domain.
BarryZ
1USA
----- Original Message -----
Sent: Tuesday, January 01, 2008 11:17 PM
Subject: RE: [SurgeMail List] Why is this getting thru?
Our spf record is that way (copied and pasted from our DNS record
for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or does it
only
need to be for compendiamedia.com???
Glenn
Meadows
Sheridan Square Entertainment
-----Original Message-----
From:
Dale Therio [mailto:listsehome.net]
Sent: Tuesday, January 01, 2008 8:40
PM
To: netwinsite.com">surgemail-listnetwinsite.com
Subject:
Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn
Meadows wrote:
>; This is not a valid user in our domain, why is this
getting thru? ;
> Here are the full headers from the spoofed
email:
>
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>;
> for <compendiamedia.com">gmeadowscompendiamedia.com>;
Tue, 01 Jan 2008 18:17:01 -0600
> Return-Path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not listening
>
Return-path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Original-To: compendiamedia.com">xxxxcompendiamedia.com
>
Delivered-To: compendiamedia.com">xxxxcompendiamedia.com
>
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> ; by
mail.compendiamedia.com with esmtp
> ; id
650350-650350-36
> for compendiamedia.com">xxxxcompendiamedia.com; Wed, 02 Jan
2008 01:16:52 +0100
> (EET)
> Message-ID: <compendiamedia.com">e07601c84cdd$2801d030$c615bc50compendiamedia.com>
>
From: "Sadie" <compendiamedia.com">xtvoctcompendiamedia.com>
>
To: "Kris" <compendiamedia.com">xxxxcompendiamedia.com>
>
Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100
(EET)
> MIME-Version: 1.0
> Content-Type:
multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0"
> X-Priority:
3
> X-MSMail-Priority: Normal
>; X-Mailer: Microsoft Outlook Express
6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
>; X-Rcpt-To: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> X-IP-stats: No info recorded yet
ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To:
< xxxxsheridansq.com">xxxxsheridansq.com>
>
X-Rcpt-Original: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> Status: U
> X-UIDL:
1199233021.1868_273185.compendiaserver1
> X-Antivirus: AVG for E-mail
7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old business
domain, and all valid user mail
> is forwarded to our sheridansq.com mail
address.
>
> BUT this is being received without SMTP authentication
being applied.
> What's going on here?
>
>
Thanks.
>
It was delivered to your server, not sent
via your server. That's why
authentication isn't needed. I would change
your SPF record to strict (use
-a instead of ~a) and that should, I
believe, prevent this issue.
I believe there is also another setting I
can't recall that will check that
it is a valid email address since it
appears to come from your domain, I
just can't recall it at the
moment.
Dale
|
| RE: Why is this getting thru? |
United States |
2008-01-04 06:42:42 |
|
|
Thanks for the follow up Barry.
I turned on a couple of related settings, things seem to be
better, only time will tell though.
Again, thanks.
Glenn Meadows
Sheridan Square Entertainment
Hey Glen Meadows.... is it working
correctly?
BarryZ
1USA
----- Original Message -----
Sent: Wednesday, January 02, 2008 2:10 AM
Subject: Re: [SurgeMail List] Why is this getting
thru?
TXT records in the DNS are for the domain, not the
host.
For compendiamedia.com
If it says "host record" it's really for the
domain.
BarryZ
1USA
----- Original Message -----
Sent: Tuesday, January 01, 2008 11:17 PM
Subject: RE: [SurgeMail List] Why is this getting
thru?
Our spf record is that way (copied and pasted from our DNS
record for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or does it
only
need to be for compendiamedia.com???
Glenn
Meadows
Sheridan Square Entertainment
-----Original
Message-----
From: Dale Therio [mailto:listsehome.net]
Sent: Tuesday,
January 01, 2008 8:40 PM
To: netwinsite.com">surgemail-listnetwinsite.com
Subject:
Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn
Meadows wrote:
>; This is not a valid user in our domain, why is this
getting thru? ;
> Here are the full headers from the spoofed
email:
>;
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>
> for <compendiamedia.com">gmeadowscompendiamedia.com>;
Tue, 01 Jan 2008 18:17:01 -0600
> Return-Path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not listening
>
Return-path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Original-To: compendiamedia.com">xxxxcompendiamedia.com
>
Delivered-To: compendiamedia.com">xxxxcompendiamedia.com
>
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> ; by
mail.compendiamedia.com with esmtp
> ; id
650350-650350-36
> ; for
xxxxcompendiamedia.com">xxxxcompendiamedia.com; Wed, 02
Jan 2008 01:16:52 +0100
> (EET)
> Message-ID: <compendiamedia.com">e07601c84cdd$2801d030$c615bc50compendiamedia.com>
>
From: "Sadie" <compendiamedia.com">xtvoctcompendiamedia.com>
>
To: "Kris" <compendiamedia.com">xxxxcompendiamedia.com>
>
Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100
(EET)
> MIME-Version: 1.0
> Content-Type:
multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0"
> X-Priority:
3
> X-MSMail-Priority: Normal
>; X-Mailer: Microsoft Outlook
Express 6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
> X-Rcpt-To: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> X-IP-stats: No info recorded yet
ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To:
< xxxxsheridansq.com">xxxxsheridansq.com>
>
X-Rcpt-Original: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> Status: U
> X-UIDL:
1199233021.1868_273185.compendiaserver1
>; X-Antivirus: AVG for E-mail
7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old
business domain, and all valid user mail
> is forwarded to our
sheridansq.com mail address.
>
> BUT this is being received
without SMTP authentication being applied.
> What's going on
here?
>
> Thanks.
>
It was delivered to
your server, not sent via your server. That's why
authentication isn't
needed. I would change your SPF record to strict (use
-a instead of
~a) and that should, I believe, prevent this issue.
I believe there is
also another setting I can't recall that will check that
it is a valid
email address since it appears to come from your domain, I
just can't
recall it at the
moment.
Dale
|
| Re: Why is this getting thru? |
United States |
2008-01-04 07:44:49 |
|
|
Keep an eye on the logs.
You didn't say.... but if you haven't purchased Surgemail
yet, please do so.
BarryZ
1USA
just one of the group
----- Original Message -----
Sent: Friday, January 04, 2008 7:42 AM
Subject: RE: [SurgeMail List] Why is this getting thru?
Thanks for the follow up Barry.
I turned on a couple of related settings, things seem to be
better, only time will tell though.
Again, thanks.
Glenn Meadows
Sheridan Square Entertainment
Hey Glen Meadows.... is it working
correctly?
BarryZ
1USA
----- Original Message -----
Sent: Wednesday, January 02, 2008 2:10 AM
Subject: Re: [SurgeMail List] Why is this getting
thru?
TXT records in the DNS are for the domain, not the
host.
For compendiamedia.com
If it says "host record" it's really for the
domain.
BarryZ
1USA
----- Original Message -----
Sent: Tuesday, January 01, 2008 11:17 PM
Subject: RE: [SurgeMail List] Why is this getting
thru?
Our spf record is that way (copied and pasted from our DNS
record for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or does it
only
need to be for compendiamedia.com???
Glenn
Meadows
Sheridan Square Entertainment
-----Original
Message-----
From: Dale Therio [mailto:listsehome.net]
Sent: Tuesday,
January 01, 2008 8:40 PM
To: netwinsite.com">surgemail-listnetwinsite.com
Subject:
Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn
Meadows wrote:
>; This is not a valid user in our domain, why is this
getting thru? ;
> Here are the full headers from the spoofed
email:
>;
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>
> for <compendiamedia.com">gmeadowscompendiamedia.com>;
Tue, 01 Jan 2008 18:17:01 -0600
> Return-Path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not listening
>
Return-path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Original-To: compendiamedia.com">xxxxcompendiamedia.com
>
Delivered-To: compendiamedia.com">xxxxcompendiamedia.com
>
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> ; by
mail.compendiamedia.com with esmtp
> ; id
650350-650350-36
> ; for
xxxxcompendiamedia.com">xxxxcompendiamedia.com; Wed, 02
Jan 2008 01:16:52 +0100
> (EET)
> Message-ID: <compendiamedia.com">e07601c84cdd$2801d030$c615bc50compendiamedia.com>
>
From: "Sadie" <compendiamedia.com">xtvoctcompendiamedia.com>
>
To: "Kris" <compendiamedia.com">xxxxcompendiamedia.com>
>
Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100
(EET)
> MIME-Version: 1.0
> Content-Type:
multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0"
> X-Priority:
3
> X-MSMail-Priority: Normal
>; X-Mailer: Microsoft Outlook
Express 6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
> X-Rcpt-To: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> X-IP-stats: No info recorded yet
ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
> X-Rcpt-To:
< xxxxsheridansq.com">xxxxsheridansq.com>
>
X-Rcpt-Original: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> Status: U
> X-UIDL:
1199233021.1868_273185.compendiaserver1
>; X-Antivirus: AVG for E-mail
7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old
business domain, and all valid user mail
> is forwarded to our
sheridansq.com mail address.
>
> BUT this is being received
without SMTP authentication being applied.
> What's going on
here?
>
> Thanks.
>
It was delivered to
your server, not sent via your server. That's why
authentication isn't
needed. I would change your SPF record to strict (use
-a instead of
~a) and that should, I believe, prevent this issue.
I believe there is
also another setting I can't recall that will check that
it is a valid
email address since it appears to come from your domain, I
just can't
recall it at the
moment.
Dale
|
| RE: Why is this getting thru? |
United States |
2008-01-04 11:00:12 |
|
|
Been a Surgemail user for 3 years. We're a small
office, 30 people, with 75 active email addresses. Not TONS of
traffic. We also used to have a second Surge server running in our NY
office, but we closed that office, and I've not fired that server back up yet,
soon though. The existing one is on a PIII 1.3gig Celeron, the one not in
service is a Dual Xeon 2.8gig box.
It's just a matter of spare time, I also am an audio
engineer here at the record label, as well as the sole IT person for everyone.
<smile>.
The beauty of Surgemail, is it just plain works.
Takes VERY little care/feeding for our small company. I'm finally about to
remove one of the domains from an old closed portion of the company, which gets
a ton of spam hits. ; The remaining people here now get no mail at their old
addresses, so I can just remove the domain, and not worry about it
anymore.
;
Glenn Meadows
Sheridan Square Entertainment
Keep an eye on the logs.
You didn't say.... but if you haven't purchased
Surgemail yet, please do so.
BarryZ
1USA
just one of the group
----- Original Message -----
Sent: Friday, January 04, 2008 7:42 AM
Subject: RE: [SurgeMail List] Why is this getting
thru?
Thanks for the follow up Barry.
I turned on a couple of related settings, things seem to
be better, only time will tell though.
Again, thanks.
Glenn Meadows
Sheridan Square Entertainment
Hey Glen Meadows.... is it working
correctly?
BarryZ
1USA
----- Original Message -----
Sent: Wednesday, January 02, 2008 2:10 AM
Subject: Re: [SurgeMail List] Why is this getting
thru?
TXT records in the DNS are for the domain, not the
host.
For compendiamedia.com
If it says "host record" it's really for the
domain.
BarryZ
1USA
----- Original Message -----
Sent: Tuesday, January 01, 2008 11:17 PM
Subject: RE: [SurgeMail List] Why is this getting
thru?
Our spf record is that way (copied and pasted from our DNS
record for
compendiamedia.com):
v=spf1 mx ip4:64.2.187.194 -all
SHOULD that TXT record be set fro mail.comendiamedia.com, or does it
only
need to be for compendiamedia.com???
Glenn
Meadows
Sheridan Square Entertainment
-----Original
Message-----
From: Dale Therio [mailto:listsehome.net]
Sent:
Tuesday, January 01, 2008 8:40 PM
To: netwinsite.com">surgemail-listnetwinsite.com
Subject:
Re: [SurgeMail List] Why is this getting thru?
Glenn,
Glenn
Meadows wrote:
>; This is not a valid user in our domain, why is this
getting thru? ;
> Here are the full headers from the spoofed
email:
>;
> Received: from nyrsko (unverified [80.188.21.198])
> by compendiamedia.com (SurgeMail 3.8o) with ESMTP id
2357962-1891013
>
> for <compendiamedia.com">gmeadowscompendiamedia.com>;
Tue, 01 Jan 2008 18:17:01 -0600
> Return-Path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Verify-SMTP: Host 80.188.21.198 sending to us was not listening
>
Return-path: <compendiamedia.com">xtvoctcompendiamedia.com>
>
X-Original-To: compendiamedia.com">xxxxcompendiamedia.com
>
Delivered-To: compendiamedia.com">xxxxcompendiamedia.com
>
Received: from [80.188.21.198] (port=1118
helo=80.188.21.198)
> ;
by mail.compendiamedia.com with esmtp
> ; id
650350-650350-36
> ; for
xxxxcompendiamedia.com">xxxxcompendiamedia.com; Wed,
02 Jan 2008 01:16:52 +0100
> (EET)
> Message-ID: <compendiamedia.com">e07601c84cdd$2801d030$c615bc50compendiamedia.com>
>
From: "Sadie" <compendiamedia.com">xtvoctcompendiamedia.com>
>
To: "Kris" <compendiamedia.com">xxxxcompendiamedia.com>
>
Subject: ghost than widow
> Date: Wed, 02 Jan 2008 01:16:52 +0100
(EET)
> MIME-Version: 1.0
> Content-Type:
multipart/alternative;
>
boundary="----=_NextPart_001_E075_01C84CD4.C65499B0"
> X-Priority:
3
> X-MSMail-Priority: Normal
>; X-Mailer: Microsoft Outlook
Express 6.00.2900.3028
> X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.3028
> X-Rcpt-To: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> X-IP-stats: No info recorded yet
ip=80.188.21.198
> X-X-Originating-IP: 80.188.21.198
>
X-Rcpt-To: <sheridansq.com">xxxxsheridansq.com>
>
X-Rcpt-Original: <compendiamedia.com">xxxxcompendiamedia.com>
>
X-Avast: Message is clean
> Status: U
> X-UIDL:
1199233021.1868_273185.compendiaserver1
>; X-Antivirus: AVG for E-mail
7.5.516 [269.17.13/1205]
>
> PS: compendiamedia is our old
business domain, and all valid user mail
> is forwarded to our
sheridansq.com mail address.
>
> BUT this is being received
without SMTP authentication being applied.
> What's going on
here?
>
> Thanks.
>
It was delivered
to your server, not sent via your server. That's why
authentication isn't
needed. I would change your SPF record to strict (use
-a instead of
~a) and that should, I believe, prevent this issue.
I believe there
is also another setting I can't recall that will check that
it is a valid
email address since it appears to come from your domain, I
just can't
recall it at the
moment.
Dale
|
[1-9]
|
|
compendiam
compendiam