Re: [OT] Has my e-mail account been hacked?

To: debian-user@lists.debian.org
Subject: Re: [OT] Has my e-mail account been hacked?
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Wed, 14 Oct 2015 14:22:45 +1100
Message-id: <[🔎] 561DCA85.1040509@affinityvision.com.au>
In-reply-to: <[🔎] 561DB971.5010708@longlandclan.id.au>
References: <[🔎] 1667908699.49175606.1444661022955.JavaMail.zimbra@wowway.com> <[🔎] 561BCA45.9060505@craneworks.de> <[🔎] 561C1DB1.8060901@longlandclan.id.au> <[🔎] 1539111333.49518996.1444694339269.JavaMail.zimbra@wowway.com> <[🔎] 561C8A57.1060704@longlandclan.id.au> <[🔎] 20151013081521.GU4908@well-adjusted.de> <[🔎] 1544958959.50246315.1444787615221.JavaMail.zimbra@wowway.com> <[🔎] 561DB971.5010708@longlandclan.id.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 14/10/2015 1:09 PM, Stuart Longland wrote:
>> No.  My id on this mail server is "zlinuxman".  I have no idea
>> who "thecoughingcanary" is.  Nor do I understand why the SMTP
>> server would allow "thecoughingcanary" to send out e-mails in my
>> name, unless "thecoughingcanary" is an administrator account.

Yes, that can be a serious problem; any ONE user can compromise others.

> This is making a lot more sense now.  So 'wowway.com' is your ISPs 
> server, and 'thecoughingcanary' is another customer of theirs.
> Likely a compromised one.  Your ISP needs to know about this.

Yep.

> Why did it allow the email to be relayed?  Well, the credentials
> were correct, that's all that was needed.  (Yes, SMTP is that
> basic.)

Right.

> You'd probably find you can send email from *any* email address
> you choose, provided that the email address domain permits that
> server to send emails from that domain.
> 
> (e.g. my domain has SPF records that only permit a small handful
> of servers to send emails with a 'longlandclan.id.au' domain.
> Anyone else will trigger a "soft-failure".)

SPF is only good if the receiving server does proper checks and you
don't have a soft fail in your setup.  Too many servers don't seem to
care about SPF failing, which is why back scatter is [or was] a much
greater problem that it should ever have been.

A.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlYdyoQACgkQqBZry7fv4vuA9gD+IvJyS7o4qSNJo/hKW+heUe11
zmxAEtvo5lI9NvR65JMBAJUnLst8W/l+gj0lysa2B7G2oVfcRQzUGvu0b7c+NNyv
=Eshk
-----END PGP SIGNATURE-----

Reply to:

References:
- [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Florian Pelgrim <florian.pelgrim@craneworks.de>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stuart Longland <stuartl@longlandclan.id.au>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stuart Longland <stuartl@longlandclan.id.au>
- Re: [OT] Has my e-mail account been hacked?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stuart Longland <stuartl@longlandclan.id.au>

Prev by Date: Re: [OT] Has my e-mail account been hacked?
Next by Date: Re: [OT] Has my e-mail account been hacked?
Previous by thread: Re: [OT] Has my e-mail account been hacked?
Next by thread: Re: [OT] Has my e-mail account been hacked?
Index(es):
- Date
- Thread