How to stop spoofing?

Galactic Zero · Tue Mar 01, 2005 4:42 pm

One of my clients recieved this email and I know it wasn't from the server as I manage the server and the domain. So, how does this happen and how do I prevent it in the future?

----- Original Message -----
From: <administration@chapelledesfleurs.com>
To: <janice@chapelledesfleurs.com>
Sent: Thursday, February 24, 2005 5:44 PM
Subject: Notify about your e-mail account utilization.

Dear user, the management of Chapelledesfleurs.com mailing system wants to let you know that, Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

Please, read the attach for further details.

For security purposes the attached file is password protected. Password
is "12373".

The Management,
The Chapelledesfleurs.com team
http://www.chapelledesfleurs.com

The attachment was this:

Norton AntiVirus removed the attachment: Attach.zip.
The W32.Beagle.J@mm threat was detected in the attachment.

Unread post by **scott** » Wed Mar 02, 2005 7:04 pm

yeah thats a virus message all right. Very clever one too, are you running clamav?

Galactic Zero · Thu Mar 03, 2005 1:29 am

Yes I am, however it's not the latest and greatest.. Which I'm waiting on from you.

I know you've been busy so I haven't asked in a while nor have I seen that you've updated that one yet.

[admin@gz admin]$ rpm -qa |grep clamav
clamav-0.80-1.rhel3.gamera
[admin@gz admin]$

[admin@gz admin]$ ps -aux |grep clamd
qmailq 4323 0.0 0.6 9332 6360 ? S Jan04 0:00 /usr/sbin/clamd
admin 13805 0.0 0.0 3676 684 pts/0 S 23:29 0:00 grep clamd
[admin@gz admin]$

Unread post by **scott** » Thu Mar 03, 2005 11:39 am

.83 has been in the archive for over a week now

Galactic Zero · Thu Mar 03, 2005 1:10 pm

EEP!!..

Been other wise occupied for the past month with deaths in my family...

Thanks for your hard work.