A spammer sending out fraudulent Chase Card Services emails this morning somehow utilized my cluster manager to send out at least 2000 emails that I’m aware of, with about 616 still sitting in the remote queue.
I have since disabled double bouncebacks on the mail server (my admin account had around 2000 emails this morning from bouncebacks).
I’ve also shut off smtp inbound and outbound (this server is used only for internal web site testing, no clients, or email.)
Is this a case of spoofing and the default of double bounceback being on allowing for the spam to be relayed through the server? I’ve already had one spam complaint, the headers make it appear exactly as if my server sent the message out.
We’ve been seeing this quite a bit lately on the shared hosting side of things. 99% of the time, the cause is a security hole in some piece of software installed on an account (phpBB, coppermine, etc). The best thing to do to keep this from happening is to make sure that all your software is up to date with the latest version released by the company who makes it. And if only 2000 were sent, you got lucky. We’ve seen instances of 50-200k queued. Luckily, they were removed before going out