[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] How can we trace and stop this email abuse?
- Subject: RE: [cobalt-users] How can we trace and stop this email abuse?
- From: "Ali & Charlie" <dynamicduo@xxxxxxxxxxxxxxxx>
- Date: Fri Dec 24 12:37:01 1999
They have actually figured out a way to use the mail server on this RaQ2 to
send these messages. We have never opened these files as we know they are
viruses and they are not being passed onto our list members. We now have a
few ISP's involved as well as they company they are pretending to represent,
but this still does not help us figure out how they are using our mail
server when no relaying is allowed.
Thanks,
Charlie
>
>
>
> My guess would be that someone on your list has the virus and it's sending
> itself to any address in their address book. Hopefully you didn't run the
> attachment and aren't sending it yourself.
>
> --
> Dan Kriwitsky
>
>
>
> >
> >
> > Hi,
> >
> > Are we correct in assuming that someone has figured out a way to
> > use one of
> > our servers to send spam messages? Or are we misinterpreting the
> > header? How
> > can we find out who this is and prevent this?
> >
> > We are getting a ton of these everyday and they all come complete with a
> > virus. They are all directed only at us as far as we can tell
> and any help
> > in dealing with this would be greatly appreciated. They are
> being directed
> > to graphicsnews@xxxxxxxxxxxxxxxx, which is a majordomo address
> > and we should
> > be receiving a 'Non Member Submission Notice' but we are not. We are the
> > only ones receiving this note on the mail list, thank goodness.
> >
> > mail.designheaven.com is our mail server on a RAQ2, however we
> > are the only
> > ones who can send email with this server. They keep logging in with a
> > different IP Address
> > Below is the header of 2 different mail messages:
> >
> > EXAMPLE 1
> > +++++++++
> > Return-Path: <graphicsnews@xxxxxxxxxxxxxxxx>
> > Received: from mail.designheaven.com (tnt3-6.mtco.com [208.155.39.6])
> > by casey.designheaven.com (8.9.3/8.9.3) with SMTP id HAA09219
> > for grfxring@xxxxxxxxxxxxxxxx; Thu, 23 Dec 1999 07:25:46 -0700
> > Date: Thu, 23 Dec 1999 07:25:46 -0700
> > From: graphicsnews@xxxxxxxxxxxxxxxx
> > Message-Id: <199912231425.HAA09219@xxxxxxxxxxxxxxxxxxxxxx>
> > To: grfxring@xxxxxxxxxxxxxxxx
> > Subject: Graphics Ring Newsletter - Edition 20
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="----=_NextPart_000_0007_01AF0E92.A4E9CDO0"
> > X-UIDL: fac29f34f39d43fd115c234e13ff0d5b
> >
> >
> > EXAMPLE 2
> > +++++++++
> > Return-Path: <graphicsnews@xxxxxxxxxxxxxxxx>
> > Received: from mail.designheaven.com (host171_161.inter.edu
> > [164.42.171.161]
> > (may be forged))
> > by casey.designheaven.com (8.9.3/8.9.3) with SMTP id GAA13468
> > for grfxring@xxxxxxxxxxxxxxxx; Wed, 22 Dec 1999 06:51:13 -0700
> > Date: Wed, 22 Dec 1999 06:51:13 -0700
> > From: graphicsnews@xxxxxxxxxxxxxxxx
> > Message-Id: <199912221351.GAA13468@xxxxxxxxxxxxxxxxxxxxxx>
> > To: grfxring@xxxxxxxxxxxxxxxx
> > Subject: Graphics Ring Newsletter - Edition 19
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="----=_NextPart_000_0007_01AF0E92.A4E9CDO0"
> > X-UIDL: 3e65ba143bd27c00071e7a454fcc69ac
> >
> > Thanks,
> > Ali & Charlie