Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam to some 'private' directory email addresses
  •  
fishtech

Messages: 628
Karma: 14
Send a private message to this user
Hi,

I have Kerio Connect 7.3.2 on OSX Server 10.6.8.

A strange subset of email addresses in my domain has been receiving spam. One spam message is addressed to 7 or 8 recipients.The recipients include internal email addresses that are not searchable in Google, plus some email addresses that are 'out there' in Google already.

Not all the email addresses in the domain receive this spam, only a subset. So I don't think our directory (Open Directory) has been compromised.

But is there any known way that these internal addresses could have been somehow pulled from our server into the wild?

FWIW, the spam is always variants of the bbb.org spam described at < http://www.bbb.org/blog/2011/11/alert-phishing-scam-uses-bbb -name-and-logo/>

Thanks,

ft.
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
fishtech wrote on Tue, 06 March 2012 17:05
The recipients include internal email addresses that are not searchable in Google

But is there any known way that these internal addresses could have been somehow pulled from our server into the wild?



I guess these addresses were harvested by spyware on client's side, e.g. in Outlook - from all sent and received messages, address book...
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I agree with Radek Sip. Google does not know about everything that is available on the internet, and one single email from a "private" mail address to an external recipient will "compromise" it (for lack of a better word). When a PC is infected with the right type of malware, the first thing that is stolen is the address book. Then it rips through To: and Cc: fields in the inbox and sent items to pick up more addresses, and then it trawls through the browser cache. Web site scraping comes far down on the list.

Not publishing an address on the internet will only take you so far, and then only for a while. It leaks out no matter what, although it could take years.

... and that's why we put friday joke recipients in the Bcc: field and trim unnecessary mail header cruft from forwards. Right?
Previous Topic: migration: local users - > active directory
Next Topic: KOC v7.2.0 doesn't synchronise correctly with server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 13:47:55 CET 2017

Total time taken to generate the page: 0.00359 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.