Atul Chitnis saw fit to inform LI that:
>According to my reading of those headers, the messages seem to have been
>coming out of aunet.org itself. I could be wrong - I haven't had my first
>coffee yet.
No. He has relay raped two servers - aiims.aiims.ac.in (All India Instt
of Medical Sciences, Delhi) and www.iimb.ernet.in (IIM Bangalore) to do
it.
The received from: ip is 203.247.16.133 - which belongs to a Korean
university. Almost certainly spoofed.
This k1dd33 has been a bit lucky to choose boxes which allow _spaces_ (and
special characters) in the HELO. Effectively anonymising where he came
from. Now, if only we get those server's logs, we can track him a bit
easier that way.
Gopi, can you please use your largest mallet to whack IIMB's guys on the
head, and ask them wtf they want to run sendmail on a _web_ server for?
Their mailserver just escaped getting RBL'd thanks to you ... could you
tell them to delete all superfluous sendmail and other MTA binaries, and
centralize their mailhosting?
The same goes for AIIMS - they ought to get a better mailserver / upgrade
their current one.
Atul - mail me the headers offlist will you?
--
Suresh Ramasubramanian + [EMAIL PROTECTED]
Most people wouldn't know music if it came up and bit them on the ass.
-- Frank Zappa
-----------------------------------------------------------------------
The LIH mailing list archives are available at:
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
