Bob Crandell wrote: > The computer they are complaining about [216.239.175.40] is not > running sendmail or qmail, yet spamers are using it somehow. Please > tell me there is enough information here to determine that they are > spoofing. This computer is not supposed to be handling email at > all.
Any program on any computer can SEND email. You only need sendmail et al to RECEIVE email. If it's a Windows box, chances are good that it has a virus/trojan that is sending spam. If it's a Unix box, it may have been popped, or it may have an exploitable CGI or something. In either case, use Ethereal and look for packets with a source host of 216.239.175.40 and a destination port of 25 (SMTP). See what other traffic immediately precedes the spam -- that will give you a clue where to look. Ben is the expert on using forensics disks to analyze popped boxes. -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
