Thank you Theo.
Your concerns are valid....
I am using Trashfinder to block by keyword, and accept
by "from:"
address.
Without safeguards, anyone can put their address as the sender,
and could
gateway though trashfinder as an "exception".
This could be the single biggest issue we have, I am currently only
getting
a couple of these a week, but should it catch on, I am in trouble !
John Martoccio
Intelligent Solutions (a computer VAR)
Fox Lake, IL, USA
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Theo Barker
> Sent: Wednesday, February 04, 2004 6:31 PM
> To: [email protected]
> Subject: RE: John Martoccio (was RE: MyDoom & SMTPRCV)
>
>
> My apologies John. It WAS the read receipt return message. I
> just tested it
> out and it does the same thing. I guess that should be in the FAQ for
> SMTPRCV and SMTPRS.
>
> Thanks,
> Theo
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John Martoccio
> Sent: Tuesday, February 03, 2004 2:34 PM
> To: [email protected]
> Subject: RE: John Martoccio (was RE: MyDoom & SMTPRCV)
>
>
> What the hell are you talking about ?
>
> I never sent anything to anyone individually to this
> list in the past month
> (except Randy in an effort to make a couple of TF suggestions).
> I am trying to grasp what exactly you are saying happen
> to your server,
> but I an guessing that since I sent the message to the group, it was
> received by your server from the group on behalf of John
> Martoccio (with my
> IP address). I have noticed that many messages have no "to"
> or "from", but
> that information is actually in the ".rcp" file (especially where BCC
> transmissions are made). I assure you that a) I did not send
> you anything
> that was using your server as a relay point, and b) I am not
> a spammer.
>
> BTW, I did have my "read receipt" request turned on, maybe
> what you found
> was a return receipt message.
>
> I hope you figure out what is happening.
>
> Sincerely,
> John Martoccio
> Intelligent Solutions (a computer VAR)
> Fox Lake, IL, USA
> [EMAIL PROTECTED]
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Theo Barker
> > Sent: Saturday, January 31, 2004 12:30 AM
> > To: [email protected]
> > Subject: John Martoccio (was RE: MyDoom & SMTPRCV)
> >
> >
> > Well, as a matter of fact, John Martoccio [EMAIL PROTECTED]
> > just exploited a
> > weakness in SMTPRCV and & AntiRelay, this morning, to relay
> a message
> > through my machine. I don't think he would have known my
> > whereabouts and use
> > of IMS/AntiRelay/SMTPRCV if it weren't for my posting on this list.
> >
> > In Log message:
> >
> > <[EMAIL PROTECTED]> [30/Jan/2004:07:47:56]
> > 192.168.x.x
> > theobhome <> [EMAIL PROTECTED]
> >
> > where "<>" was the only From: address listed in the log, and
> > the source IP
> > address was my mail server.
> >
> > John, would you like to explain what you're up to? If I don't
> > hear from you
> > on this list, I'll be calling your home phone number.
> >
> > Theo Barker
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of BSarton
> > Sent: Friday, January 30, 2004 9:12 AM
> > To: [email protected]
> > Subject: Re: MyDoom & SMTPRCV
> >
> >
> > Theo,
> > I observe that your domain name is 3 letters long,
> > so is mine.
> > This might be the cause of our vulnerability against randomly
> > generated fake
> > user adresses
> > I've long been asking myself "why does this append to me',
> > but I've never suspected beeing on this list as a possible cause.
> > In fact I was on the list long before this started to happen,
> > in summer
> > 2003.
> > Benoit
> >
> >
> > | Also, since I've been subscribed to this list and had
> > SMTPRCV running I've
> > | logged a bunch of attempts to send email to an invalid
> > user. Is that a
> > | feature of subscribing to the list or just that SMTPRCV
> > logs it and SMTPRS
> > | did not?
> >
> > This is the discussion list for the IMS Free email server software.
> > To unsubscribe send mailto:[EMAIL PROTECTED]
> >
> > Delivered by Rockliffe MailSite
> > http://www.rockliffe.com/mailsite
> > Rock Solid Software (tm)
> >
> > This is the discussion list for the IMS Free email server software.
> > To unsubscribe send mailto:[EMAIL PROTECTED]
> >
> > Delivered by Rockliffe MailSite
> > http://www.rockliffe.com/mailsite
> > Rock Solid Software (tm)
> >
>
> This is the discussion list for the IMS Free email server software.
> To unsubscribe send mailto:[EMAIL PROTECTED]
>
> Delivered by Rockliffe MailSite
> http://www.rockliffe.com/mailsite
> Rock Solid Software (tm)
>
> This is the discussion list for the IMS Free email server software.
> To unsubscribe send mailto:[EMAIL PROTECTED]
>
> Delivered by Rockliffe MailSite
> http://www.rockliffe.com/mailsite
> Rock Solid Software (tm)
>
This is the discussion list for the IMS Free email server software.
To unsubscribe send mailto:[EMAIL PROTECTED]
Delivered by Rockliffe MailSite
http://www.rockliffe.com/mailsite
Rock Solid Software (tm)
