Re: help with spam

Subject: Re: help with spam
From: James Zuelow (e5z8652@zuelow.net)
Date: Sun Apr 21 2002 - 09:54:23 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: gkvokov@ieee.org: "sendmail help"
• Previous message: bryan@ak.net: "help with spam"
• In reply to: bryan@ak.net: "help with spam"
• Next in thread: Mark-Nathaniel Weisman: "Re: help with spam"
• Reply: James Zuelow: "Re: help with spam"
• Reply: James Zuelow: "Re: help with spam"

----- Original Message -----
From: <bryan@ak.net>
To: <aklug@aklug.org>
Sent: Sunday, April 21, 2002 4:01 AM
Subject: help with spam

>
> Guys, I need some help here. It seems some sort of spam agent
> got into my system. If I used Windows, I wouldn't be surprised,
> but on my linux system, I'm a little disturbed.
>
> I casually looked at the 'alias' mail folder that qmail establishes
> for email to root, and I saw a failure to deliver a message from a
> bogus address to a spammer's system. The original message is quoted
> below:
>
> --- Below this line is a copy of the message.
>
> Return-Path: <anyone@anywhere.com>
> Received: (qmail 18886 invoked from network); 12 Apr 2002 18:57:17 -0000
> Received: from unknown (HELO mail-ncdni834xs) (208.49.202.2)
> by 177-122-237-24.anc-dial.gci.net with SMTP; 12 Apr 2002 18:57:17 -0000
> From: anyone@anywhere.com
> Subject: 24.237.122.177
> To: test@efunsoft.com
> Date: Sat, 13 Apr 2002 03:56:18 -0500

I got that efunsoft attempt as well on my machine, about the same date.
They must have hit the whole GCI netblock.

Essentially, what happened is that qmail was asked to relay a message, and
it didn't work. You happened to be online when whatever tool efunsoft was
using to find open relays tested your IP address. It *isn't* a trojan or
virus or anything like that.

Even if the relay had gone through, it would be hard for them to exploit
since you're using a dial up modem and your IP changes often.

<For the archives>
However it's very important for dial-up users to understand that their IP
address *is* a real, live IP address when their modem is connected. And
they should set up their network services appropriately - if someone finds
an open relay on a dial-up IP, they can still exploit it as long as the
connection is live (say you're downloading an ISO overnight and you're
connected for hours and hours).
</For the archives>

Cheers,

James

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: gkvokov@ieee.org: "sendmail help"
• Previous message: bryan@ak.net: "help with spam"
• In reply to: bryan@ak.net: "help with spam"
• Next in thread: Mark-Nathaniel Weisman: "Re: help with spam"
• Reply: James Zuelow: "Re: help with spam"
• Reply: James Zuelow: "Re: help with spam"

This archive was generated by hypermail 2a23 : Sun Apr 21 2002 - 09:54:41 AKDT