Free SMTP server is spyware

  • Thread starter Thread starter Laurent Herve
  • Start date Start date
L

Laurent Herve

I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

for sure this peoples don't belong to my contacts ! The mails are
still not sent, althought i will not be able to read then, i.e. spy upon
the spy....BTW IIRC, "keif" means delation in german, really bad sens
of humor !

laurent
 
I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

for sure this peoples don't belong to my contacts ! The mails are
still not sent, althought i will not be able to read then, i.e. spy upon
the spy....BTW IIRC, "keif" means delation in german, really bad sens
of humor !

laurent
Click to expand...
Which Company wrote it?
 
Laurent Herve said:
I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

for sure this peoples don't belong to my contacts ! The mails are
still not sent, althought i will not be able to read then, i.e. spy upon
the spy....BTW IIRC, "keif" means delation in german, really bad sens
of humor !

laurent
Click to expand...


There is no such word as "keif" in german!
"Keifen" is to mean: to scold, to squabble, to nag or to brawl.
"Keiferei" is the noun for the above .

Delation means: delate [dI'leIt] verb (tr)
1 (formerly) to bring a charge against; denounce; impeach
2 (Rare) to report (an offence, etc.)
3 (Obsolete) to make known or public

[C16: from Latin delatus, from deferre to bring down, report,
indict, from DE- + ferre to bear]
de*lation noun
de*lator noun

Nothing funny there!

Fred
 
I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
Click to expand...

A Google search for "(e-mail address removed)" found that address plastered
all over "penpal" pages on the Net. The others bring up no results.

I've never heard of spyware sending emails. What they do is phone home
without the user being aware of it.

I reccommend you check your computer for viruses and Trojans.
 
I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

for sure this peoples don't belong to my contacts ! The mails are
still not sent, althought i will not be able to read then, i.e. spy upon
the spy....BTW IIRC, "keif" means delation in german, really bad sens
of humor !

laurent
Click to expand...
PostCast Server is an SMTP mail server program that completely replaces
your ISP's SMTP server. Start sending messages directly from your
computer by making one small change in your e-mail program.

http://www.postcastserver.com/

PostCast Server Free Edition v2.6.0

http://www.postcastserver.com/download/release.aspx?p=3
 
Mel said:
PostCast Server is an SMTP mail server program that completely replaces
your ISP's SMTP server. Start sending messages directly from your
computer by making one small change in your e-mail program.

http://www.postcastserver.com/

PostCast Server Free Edition v2.6.0

http://www.postcastserver.com/download/release.aspx?p=3
Click to expand...

Yep i know this program, i used it before. But it's ~30 Mo big. Free Smtp
was little, loads quickly.... but also, don't write to a log. PosCast works
with IE,
so once i removed IE i was obliged to look for a replacement of
PosCast.

Anyway i can't access to the letters this app is sending,
(i checked the files in the directory...i should read inside an exe
or a dll maybe.)

laurent
 
Anyway i can't access to the letters this app is sending,
(i checked the files in the directory...i should read inside an exe
or a dll maybe.)
Click to expand...

Strange behavior to say the least. If all else fails you could always
write to the author about the unexplained Emails.
 
Laurent Herve :
I just see it sending mail to peoples i don't know (because the
connection was down, it couldn't send) :

(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

for sure this peoples don't belong to my contacts ! The mails are
still not sent, althought i will not be able to read then, i.e. spy upon
the spy....BTW IIRC, "keif" means delation in german, really bad sens
of humor !
Click to expand...

Hmm, couldn't it be that you offered the SMTP service to the internet
and someone used it for spamming through your machine? This can happen
in a matter of minutes! Then you cut off the line and these mails were
still in the queue?

It would help much if you were able to look into these mails.

Another explanation would be that your mail client tried to send
"delivery receipt" or "reading receipt" back to the sender of an
email. I've seen spam mails using these special haeder lines to make
mails clients do that:

X-Confirm-Reading-To: <address>
Return-receipt-to: <address>

When you open the mail in your reader, and the client is configured
that way, it sends back a mail stating that you've read it. The
addresses mentioned above sound very much like spam mails...




Viele Grüße,
Sascha
 
Mel :
http://www.softstack.com/freesmtp.html
Click to expand...

Strange piece of software, according to the description. I have no
Idea why I'd need it.
It's very simple but very useful for laptop users traveling around the
world and connecting their PCs to different Internet Service Providers
in different countries.
Click to expand...

When you've Internet connection, you can use your usual mail server as
well. Furthermore, many receiving mail servers deny mails coming
directly from Dialups.



Viele Grüße,
Sascha
 
Sascha Wostmann said:
Laurent Herve :


Hmm, couldn't it be that you offered the SMTP service to the internet
and someone used it for spamming through your machine? This can happen
in a matter of minutes! Then you cut off the line and these mails were
still in the queue?

It would help much if you were able to look into these mails.

Another explanation would be that your mail client tried to send
"delivery receipt" or "reading receipt" back to the sender of an
email. I've seen spam mails using these special haeder lines to make
mails clients do that:

X-Confirm-Reading-To: <address>
Return-receipt-to: <address>

When you open the mail in your reader, and the client is configured
that way, it sends back a mail stating that you've read it. The
addresses mentioned above sound very much like spam mails...
Click to expand...

Anyway, i tested all the adresses, all are bad except the first :)
i have to reinstall a firwall to control that.

laurent
 
Sascha Wostmann said:
Mel :


Strange piece of software, according to the description. I have no
Idea why I'd need it.


When you've Internet connection, you can use your usual mail server as
well. Furthermore, many receiving mail servers deny mails coming
directly from Dialups.



Viele Grüße,
Sascha
Click to expand...
..
Sasch,

Your statement begs the question: "how does the receiving email server know
what type of connection the sending server has". I can't think of any way
to determine this other than speed and that is not a reliable determining
factor. I'm probably wrong but I don't believe that the receiving server
can make that determination.

Although very OT, please explain and thanks in advance,


Dave H.
 
DaveH said:
Your statement begs the question: "how does the receiving email server know
what type of connection the sending server has". I can't think of any way
to determine this other than speed and that is not a reliable determining
factor. I'm probably wrong but I don't believe that the receiving server
can make that determination.
Click to expand...

I'll try, but my english (especially the special vocables) might be
wrong...

There are DNS-Blacklists that list all Dialup IP Numbers. Usually an
ISP has several IP Adresses available, for example 80.90/16. Some of
them are fixed adresses for their own purposes or for business
customers who want to offer servers. Other IPs are given to dialup
users on each login. These are usually called dynamic IPs. These IPs
usally come from a well known IP range, for example 80.90.100.1/24

So when there is a connection on my SMTP server coming from
80.90.100.135, the DNSBL knows that it is a dialup account. My server
might consider answering with an error code instead of accepting the
mail.

Otherwise, when the ISP customer uses their mailserver, the connection
comes from this fixed IP, say 80.90.50.1, which is not listed in the
DNSBL and my server has a higher acceptance to this mail.


Viele Grüße,
Sascha
 
(snip)
Hmm, couldn't it be that you offered the SMTP service to the internet
and someone used it for spamming through your machine? This can happen
in a matter of minutes! Then you cut off the line and these mails were
still in the queue?
Click to expand...

(snip)

Most ISPs will reject mail sent from a local SMTP server anyway, so it's
usefulness is limited. Sometimes you can get around this by registering your
local IP address as a domain (you can use an alias on no-ip.com if you have
dynamic IP.)

jw
 
JW :
(snip)


(snip)

Most ISPs will reject mail sent from a local SMTP server anyway, so it's
usefulness is limited.
Click to expand...

nevertheless it is still one of the main sources of worm mails...

And in the given context it might have been that the SMTP server has
been used as a relay for the spammer, and was configured itself in a
way that it uses the normal ISP server as relay.

- spammer found open SMTP server
- spammer relayed his mails via this server
- this server relays the spam mails to the ISP
- the ISP delivers the mails to the receipient



Viele Grüße,
Sascha
 
Sascha Wostmann said:
JW :


nevertheless it is still one of the main sources of worm mails...

And in the given context it might have been that the SMTP server has
been used as a relay for the spammer, and was configured itself in a
way that it uses the normal ISP server as relay.

- spammer found open SMTP server
- spammer relayed his mails via this server
- this server relays the spam mails to the ISP
- the ISP delivers the mails to the receipient
Click to expand...

This is not the typical smtp relay setup which is still a primary souce of spam.

It's certainly possible, but I think unlikely, that an SMTP server on a _local_
PC will be used as a relay by a spammer, unless intentionally intended as such
by the installer. Certainly most people that have the need or technical know-how
to use such a program will probably also have a router/nat configuration and/or
some firewall and will be exposing neither their private IP address nor the SMTP
port.

jw
 
JW said:
This is not the typical smtp relay setup which is still a primary souce of spam.

It's certainly possible, but I think unlikely, that an SMTP server on a _local_
PC will be used as a relay by a spammer, unless intentionally intended as such
by the installer.
Click to expand...

I have not intended that...

Certainly most people that have the need or technical know-how
to use such a program will probably also have a router/nat configuration and/or
some firewall and will be exposing neither their private IP address nor the SMTP
port.
Click to expand...

Ah no, just i forgot to install firewall. My IP is dynamic, but the program
can
send a mail to a remote host with my IP and then use MY smtp server as a
relay host, so long as a let it doing that.

Just before i saw this list of messages, i saw "connect" in the box
for sending messages, and i took some time to connect, longer as
if it would have been an internal message from the program.

So IMO i'm used as a relay host for spam or something.


LH
 
Back
Top