Under Attack

[Nottingham Fox]

Our work e-mail appears to be under some sort of attack from service.mail.qq.com - We are getting approximately 250 e-mails per hour which is full of all sorts of shit that I don't understand.

It's pissing me off and I have no idea how to stop it. Can anyone help?

Ta very much.

 

[OldGit]

Isn't service.mail.qq.com the Chinese version of Yahoo? If so maybe Yahoo could advise you

 

[Jeff]

Our work e-mail appears to be under some sort of attack from service.mail.qq.com - We are getting approximately 250 e-mails per hour which is full of all sorts of shit that I don't understand.

It's pissing me off and I have no idea how to stop it. Can anyone help?

Ta very much.

Do you have a mail server at your place of work or is it provided by an external company?

Is the mail all coming from the same address?



Someone has replied to the tweet that was sent when you started the thread - https://twitter.com/MickeySpoonK/status/331763928407351296?

 

[Nottingham Fox]

Do you have a mail server at your place of work or is it provided by an external company?

Is the mail all coming from the same address?



Someone has replied to the tweet that was sent when you started the thread - https://twitter.com/MickeySpoonK/status/331763928407351296?

The mail server is provided by an outside company within another of our offices. One of my office staff contacted them and they said there's nothing they can do.

I have under estimated the amount of e-mails. It's more like 600 an hour.

We are getting 2 sorts of e-mails. The first one is from 'Mailer Daemon' - Mail Delivery Subsystem and contains the following:

The original message was received at Tue, 7 May 2013 15:04:54 +0100 from [173.208.226.134]

----- The following addresses had permanent fatal errors ----- <[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)
<[email protected]>
(reason: 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727)

----- Transcript of session follows -----
451 4.4.1 reply: read error from mx3.qq.com.
451 4.4.1 reply: read error from mx2.qq.com.
... while talking to mx1.qq.com.:
>>> MAIL From:<[email protected]>
<<< 550 Connection denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000727
554 5.0.0 Service unavailable

The other e-mail is also from Mailer Daemon - Mail Delivery Subsystem and contains the following:

**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************

The original message was received at Tue, 7 May 2013 10:43:35 +0100 from [204.12.201.22]

----- Transcript of session follows ----- <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<28412....com>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>... Deferred: Connection reset by mx1.qq.com.
Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old

 

[Nottingham Fox]

So I believe someone is using our e-mail address to send shit out, and this is all the crap coming back?

 

[Jeff]

So I believe someone is using our e-mail address to send shit out, and this is all the crap coming back?

Yes. Looks like bounce messages because someone has been sending thousands of messages from your address, and the addresses they're being sent to either don't exist or are blocked (maybe by a spam filter).

It could be that your mail server has been hacked and it is genuinely sending all those emails via your server, but it's more likely that the "from" address has been faked, and there's not much you can do about that. It happens to me every so often and I just set up mail rules to delete all the bounce messages.

 

[Nottingham Fox]

Thanks Jeff. I've set up this rule and hopefully it'll stop pretty soon.

 

[Motown Fox]

A similar thing happened to my daughters yahoo email about 10 days ago, but on a much smaller scale. It turned out that someone from UAE had used her email to send out messages saying how she earned $5,000 - $8,000 amonth from this website that there was then a link to.

It was somehow programmed to delete any emails that bounced back so they went straight into Trash. It had picked all email addresses used recently and some of her contacts. The only reason I found out was because I was one of those emailed and I knew she had not sent the email.

2 of these emails went to her current employer and one where she was hoping to work, as well as to people who were friends or people she used to work with.
Yahoo must have found out somehow as they sent her notification, although I had already acted once I saw the email to me.
Not sure what her employer and potential future employer would have made of it.

 

[Shents]

Not sure what her employer and potential future employer would have made of it.

I wouldn't worry too much about this, our recruitment generic email account at work receives dozens of these types of emails a day and they just get deleted, or filtered out by mail software.

This is probably the case for many organisations.

 

[Mawsley]

...saying how she earned $5,000 - $8,000 amonth from this website that there was then a link to.

That sounds brilliant, can you post the website?

 

[SJN-Fox]

A similar thing happened to my daughters yahoo email about 10 days ago, but on a much smaller scale. It turned out that someone from UAE had used her email to send out messages saying how she earned $5,000 - $8,000 amonth from this website that there was then a link to.

It was somehow programmed to delete any emails that bounced back so they went straight into Trash. It had picked all email addresses used recently and some of her contacts. The only reason I found out was because I was one of those emailed and I knew she had not sent the email.

2 of these emails went to her current employer and one where she was hoping to work, as well as to people who were friends or people she used to work with.
Yahoo must have found out somehow as they sent her notification, although I had already acted once I saw the email to me.
Not sure what her employer and potential future employer would have made of it.

Yahoo and BTInternet have been hit several times recently.