[plug] nasty spammer

Ben Jensz jensz at wn.com.au
Wed Mar 27 16:19:33 WST 2002


Yeah, I get messages the same.  But someone did in fact get a couple of
emails through, they did bring up a couple of errors with their first couple
of attempts and all I gleaned was two hostnames "ilovelara.com" and
"online.ie", which both actually resolved to IP addresses.  The
"ilovelara.com" one, is owned by someone with an AOL email address (surprise
surprise).

But none of these apparent ones in the last couple of days have even come
from our mail server at all, nothing in the logs for them.. so it appears
they are spoofing as being our mail server.  Here is part of the headers
I've received from spamcop.net:

Received: from yahoo.com (dugong.goolarri.com [203.34.124.30])
by smtp2.ruc.dk (Postfix) with SMTP
id 5DE711DE015; Tue, 26 Mar 2002 17:04:23 +0100 (CET)
Received: from 158.234.112.240 ([158.234.112.240]) by
mailout2-eri1.midsouth.rr.com with esmtp; 26 Mar 2002 05:03:53 +1100
Received: from mx.rootsystems.net ([107.164.149.108])
by da001d2020.lax-ca.osd.concentric.net with QMQP; 26 Mar
2002 14:58:20 +0100
Received: from [172.145.15.219] by q4.quik.com with esmtp; 26 Mar
2002 19:52:48 -0400
Received: from [146.249.28.69] by pet.vosn.net with smtp; 26 Mar 2002
20:47:16 -0500

Thats up until it apparently gets to our mail server and it relays it.  And
those entires before our valid mail server being in the headers are invalid
and false as well.  But there isn't anything about our mail server receiving
it from any other mail servers either.


/ Ben

>
> Postfix sends messages, from time to time, indicating that someone is
> trying to use us for relaying.
>
> Email addresses involved, in persistent attempts, include .sg and
> sg.co.nz.
>
> Information from the Singapore police, indicates that the spoofing has
> originated from the USA or Canada.
>
> The FBI seem to think that security breach attempts (no, I do not
> use the word "hacking", for this, Christian) in order to implement
> unauthorised relaying, is acceptable practice, as the FBI does not regard
> the possible DoS attacks, and, possible viral email relaying, etc, as
> threats to the USA infrastucture. But then, the FBI probably uses Win 3x,
> for security...
>
> --
> Bret Busby
> ..............




More information about the plug mailing list