Re: [cobalt-users] RE: RE: Re: How can I speed up Sendmail?

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 02:23 PM 5/3/2002, you wrote:
> James Dean Young wrote:
>
> > >    Interesting coincidence...early this morning I got hit with a series
> > >    of
> > >"test" messages "forged" to be from "me" at various addresses (name
> > >obviously taken from whois records, since it's styled a way I never use,
> > >but the addresses were apparently harvested since they _aren't_ on the
> > >whois record) originating at c-24-98-172-83.atl.client2.attbi.com
> > >[24.98.172.83] (larts sent, 'natch).
> >
> > I got several as well.
>
> As did I. Makes me wonder if they pulled our mail server addresses out of
> the headers from the messages while they were on the list. Oh well the IP is
> blackholed at our routers now and will remain there until AT&T responds to
> our abuse complaint. Unlikely that IP will come out anytime soon... :/
>
> -- Travis


A lot of email generated today is due to people infected with the Klez 
virus.  I see many trying to use bogus email addresses I have.  I have done 
a bit of research via isp's and have found out the people I thought were 
trying to relay through me are actually people infected with the virus.  As 
it has it's own smtp server built in, it pulls addresses from your computer 
and then uses them.  I blocked a couple before I figured out what was going 
on.  I am currently getting hit with about 50 or so Klez per day.  Thanks 
to a procmail recipe they are going away quietly.  Only one has gotten 
through since I got the recipe and I have not seen one sircam in many 
months.  I do see them in the procmail.log though.