Re: help with spam


Subject: Re: help with spam
From: Mark-Nathaniel Weisman (mark@infinitevisions.ws)
Date: Sun Apr 21 2002 - 23:46:12 AKDT


on 4/21/02 9:54 AM, James Zuelow at e5z8652@zuelow.net wrote:

>
>
> ----- Original Message -----
> From: <bryan@ak.net>
> To: <aklug@aklug.org>
> Sent: Sunday, April 21, 2002 4:01 AM
> Subject: help with spam
>
>
>>
>> Guys, I need some help here. It seems some sort of spam agent
>> got into my system. If I used Windows, I wouldn't be surprised,
>> but on my linux system, I'm a little disturbed.
>>
>> I casually looked at the 'alias' mail folder that qmail establishes
>> for email to root, and I saw a failure to deliver a message from a
>> bogus address to a spammer's system. The original message is quoted
>> below:
>>
>> --- Below this line is a copy of the message.
>>
>> Return-Path: <anyone@anywhere.com>
>> Received: (qmail 18886 invoked from network); 12 Apr 2002 18:57:17 -0000
>> Received: from unknown (HELO mail-ncdni834xs) (208.49.202.2)
>> by 177-122-237-24.anc-dial.gci.net with SMTP; 12 Apr 2002 18:57:17 -0000
>> From: anyone@anywhere.com
>> Subject: 24.237.122.177
>> To: test@efunsoft.com
>> Date: Sat, 13 Apr 2002 03:56:18 -0500
>
> I got that efunsoft attempt as well on my machine, about the same date.
> They must have hit the whole GCI netblock.
>
> Essentially, what happened is that qmail was asked to relay a message, and
> it didn't work. You happened to be online when whatever tool efunsoft was
> using to find open relays tested your IP address. It *isn't* a trojan or
> virus or anything like that.
>
> Even if the relay had gone through, it would be hard for them to exploit
> since you're using a dial up modem and your IP changes often.
>
> <For the archives>
> However it's very important for dial-up users to understand that their IP
> address *is* a real, live IP address when their modem is connected. And
> they should set up their network services appropriately - if someone finds
> an open relay on a dial-up IP, they can still exploit it as long as the
> connection is live (say you're downloading an ISO overnight and you're
> connected for hours and hours).
> </For the archives>
>
> Cheers,
>
> James
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
In addition to that, as of late GCI has been under serious threat. Over the
last four weeks, several attempted DDos attacks were put on on the net. My
mail server got caught up in the one several weeks ago, so I now they are
out there. Make sure the open relay is off within sendmail, and limit the
amount of recipients a singular mail can go to. If you are still not
satisfied with what James said, take a visit to www.abuse.net and test your
relay.

His Servant,
Mark

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Sun Apr 21 2002 - 23:46:19 AKDT