[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Getting Mail Bombed!

Subject: Re: [cobalt-users] Getting Mail Bombed!
From: Michael <mike@xxxxxxxxxx>
Date: Mon Jul 23 13:21:49 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 10:48 AM 7/23/2001 -0400, you wrote:


>>here is another snipe from the offending mail, this is more complete snipe than my first one:
>>
>>
>>Return-Path: <scarlett@xxxxxxxxxxxx>
>>Received: from 1starnet.com (bizmail-one.1starnet.com [207.243.104.31])
>>        by www.astrology-online.com (8.10.2/8.10.2) with ESMTP id f6N3rjk16081
>>        for <mike@xxxxxxxxxxxxxxxxxxxx>; Sun, 22 Jul 2001 22:53:45 -0500
>>Received: from sweep [207.243.104.28] by 1starnet.com
>>  (SMTPD32-6.06) id ACE138F011C; Sun, 22 Jul 2001 22:41:24 -0500
>>Received: (from scarlett [12.18.105.100])
>> by sweep (NAVIEG 2.1 bld 73) with SMTP id M2001072222390415886
>> for <mike@xxxxxxxxxxxxxxxxxxxx>; Sun, 22 Jul 2001 22:39:05 -0500
>>From: "Scarlett Owen"<scarlett@xxxxxxxxxxxx>
>
>
>Hi,
>
>Have you tried contacting 1starnet.com? I ask because I actually have a brother-in-law who uses that service from Northeast Texas. They are very proactive when it comes to virus scanning and their contact page will provide you with quite a list of actual people to write to.
>http://www.1starnet.com/contact/
>
>HTH,
>Diana
>
>Crest Communications, Inc.              diana@xxxxxxxxxxxxx
>Beautiful Sunny Florida         http://crestcommunications.com/
>352-495-9359, 425-732-9785 fax
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users



Well starnet is just one of dozens of sources of this mail.  I did have I guess kind of a break-through.  Out of 430 messages today received from this bomb, I found that they only consisted of about 20 email adresses ( from field) so I went to /etc/mail pico access then added lines like this

erwer@xxxxxxxxxxxx     501 infected rejected sircam

and on down the list of all the names.

Then I did makemap hash /etc/mai/access < /etc/mail/access

Then restarted sendmail

The vast majority of them are not pigging up the mail boxes with the attachments, it just gets rejected.  Kinda a God send that the same addresses seem to keep repeating, if the addresses were different this solution would be impossible.

Thanks

Mike

References:
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Michael
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Elmer Fuddpucker
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Carrie Bartkowiak
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Diana Brake

Prev by Date: Re: [cobalt-users] To many users make authentification slow ideas?
Next by Date: Re[3]: [cobalt-users] Open SSH and Telnet problems [RaQ3]
Previous by thread: Re: [cobalt-users] Getting Mail Bombed!
Next by thread: Re: [cobalt-users] Getting Mail Bombed!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index