Re: My fault or just Spam
On Wednesday 18 February 2004 21:08, Ed Budd wrote: It's a virus (my AV calls it Worm.Gibe.F). I bet most of the list gets these occasionally. Heh, yeah, I'm getting it 3 times a day at least. Same goes for the mydoom A variant. It's quite anoying to have your mailbox flooding with these things. But then again, I'm happy to be 100% Microsoft free :) Cheers, Jorn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My fault or just Spam
unfortunately, it's likely it's your fault for using email, hehe... at least one of the recent windows viruses steals addresses from the address books of infected machines and sends out mail to/from those addresses. It's likely that someone that had your address in their address book was infected and your email address got abused as a result. i have definitely felt the pain of that over the last month, as i'm sure many others have. i can't even avoid the pain of using windows by not using windows anymore. i have to convince everyone i know not to use windows :) aaron I've fairly recently setup a mail server to: 1) learn about email and server configurations and all that goes along with administrating it. 2) And being able to recieve loads of email from freebsd-questions without fear of restriction on any other account (i.e. loss of email that I want to save). Anyhow, within the month that I've had my server running I've been recieving numerous emails that are obviously malicious to Windows users (i.e. contain an attachment with some random-letters.exe and nonsense about a patch). In short my concern is not that me or my wife will run this, sense we don't use Windows, but whether these emails are just spam or if it is my fault. If said emails are just spam, fine. Not to say that I like spam but it gives me a reason to learn how to setup a spam filter and/or tarpit. The reason I worry that it's not just spam is that there are only 2 accounts, mine and my wifes, and she doesn't use her's except to email me and I've only used mine to setup freebsd-questions and email her. So why would I be getting spam? So then I think maybe it's my fault. What I mean by my fault is, is my machine being used to relay spam and then I am getting bounces from the poor people recieve this crap? I really would hate for this to be the case. Even if said emails are not my fault how do I assure that I am not relaying spam unbeknown to me? This is a sample header from one such email. Now I'm not too sure how to take this. Return-Path: [EMAIL PROTECTED] Received: from mail.themango.org ([unix socket]) by mail.themango.org (Cyrus v2.2.3) with LMTP; Tue, 17 Feb 2004 16:06:23 -0600 X-Sieve: CMU Sieve 2.2 Received: from centennialrd.net (unknown [196.32.150.6]) by themango.org (Postfix) with ESMTP id B2194450F2 for [EMAIL PROTECTED]; Tue, 17 Feb 2004 16:06:21 -0600 (CST) Received: from qexstrg (jp [196.32.129.120]) by centennialrd.net (8.12.10/8.12.10) with SMTP id i1HLwZHp022746; Tue, 17 Feb 2004 17:58:36 -0400 Date: Tue, 17 Feb 2004 17:58:35 -0400 Message-Id: [EMAIL PROTECTED] From: Technical Bulletin [EMAIL PROTECTED] To: MS User [EMAIL PROTECTED] SUBJECT: Newest Microsoft Patch Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=bicnhrvs My configuration is FreeBSD 5.2.1, Postfix + Cyrus Thanks for any help, Luke ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My fault or just Spam
It's a virus (my AV calls it Worm.Gibe.F). I bet most of the list gets these occasionally. Some hapless windows user got infected and has you in their address book (perhaps through the outlook auto-add-addresses-to-addressbook-function applied to something you posted once on a public list??) Install Clamav from ports and set it up to interface with postfix (I use it with sendmail milter but should be similar -- check clamav site for details). Don't sweat it, man -- life as usual in the wild-and-woolly... EB On Tue, 17 Feb 2004 19:29:03 -0600 (CST) [EMAIL PROTECTED] wrote: I've fairly recently setup a mail server to: 1) learn about email and server configurations and all that goes along with administrating it. 2) And being able to recieve loads of email from freebsd-questions without fear of restriction on any other account (i.e. loss of email that I want to save). Anyhow, within the month that I've had my server running I've been recieving numerous emails that are obviously malicious to Windows users(i.e. contain an attachment with some random-letters.exe and nonsense about a patch). In short my concern is not that me or my wife will run this, sense we don't use Windows, but whether these emails are just spam or if it is my fault. If said emails are just spam, fine. Not to say that I like spam but it gives me a reason to learn how to setup a spam filter and/or tarpit. The reason I worry that it's not just spam is that there are only 2 accounts, mine and my wifes, and she doesn't use her's except to email me and I've only used mine to setup freebsd-questions and email her. So why would I be getting spam? So then I think maybe it's my fault. What I mean by my fault is, is my machine being used to relay spam and then I am getting bounces from the poor people recieve this crap? I really would hate for this to be the case. Even if said emails are not my fault how do I assure that I am not relaying spam unbeknown to me? This is a sample header from one such email. Now I'm not too sure how to take this. Return-Path: [EMAIL PROTECTED] Received: from mail.themango.org ([unix socket]) by mail.themango.org (Cyrus v2.2.3) with LMTP; Tue, 17 Feb 2004 16:06:23 -0600 X-Sieve: CMU Sieve 2.2 Received: from centennialrd.net (unknown [196.32.150.6]) by themango.org (Postfix) with ESMTP id B2194450F2 for [EMAIL PROTECTED]; Tue, 17 Feb 2004 16:06:21 -0600 (CST) Received: from qexstrg (jp [196.32.129.120]) by centennialrd.net (8.12.10/8.12.10) with SMTP id i1HLwZHp022746; Tue, 17 Feb 2004 17:58:36 -0400 Date: Tue, 17 Feb 2004 17:58:35 -0400 Message-Id: [EMAIL PROTECTED] From: Technical Bulletin [EMAIL PROTECTED] To: MS User [EMAIL PROTECTED] SUBJECT: Newest Microsoft Patch Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=bicnhrvs My configuration is FreeBSD 5.2.1, Postfix + Cyrus Thanks for any help, Luke ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My fault or just Spam
unfortunately, it's likely it's your fault for using email, hehe... Damn this new fangled technology! If only this mailing list was backwards compatible with the USPS. :) at least one of the recent windows viruses steals addresses from the address books of infected machines and sends out mail to/from those addresses. It's likely that someone that had your address in their address book was infected and your email address got abused as a result. This is what I was wondering, if somehow my email address had just been snarfed from this list or if some poor soul on the list was infected with such a virus. i have definitely felt the pain of that over the last month, as i'm sure many others have. i can't even avoid the pain of using windows by not using windows anymore. i have to convince everyone i know not to use windows :) Yeah, it's a real shame and trying to get people out of their comfort zone to try something else seems to be nigh impossible :). But at least I feel better about what I've configured so far... it's now time for me to learn more about stopping spam at my server. I believe there was a thread about this not too long ago. Off I go. aaron Luke ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My fault or just Spam
On Tue, Feb 17, 2004 at 07:29:03PM -0600, [EMAIL PROTECTED] wrote: Anyhow, within the month that I've had my server running I've been recieving numerous emails that are obviously malicious to Windows users (i.e. contain an attachment with some random-letters.exe and nonsense about a patch). In short my concern is not that me or my wife will run this, sense we don't use Windows, but whether these emails are just spam or if it is my fault. Not your fault at all. The 'net is being plauged at the moment by a series of Windows worm programs that attempt to spread themselves through e-mail. Once the infect a machine, they send e-mail to addresses listed in uers' address books, and also forge the sender address using the same source. See, eg. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] This means that you and I, as innocent and uninfected bystanders will be deluged in three types of message as a consequence: i) Messages from the trojan program attempting to propagate itself. ii) Bounce messages from the mailer daemon saying that messages of type (i) couldn't be delivered, sent to the forged sender addresses. iii) Really annoying messages sent by some dim-witted anti-virus software accusing you of sending virus infested e-mails. These are completely pointless, as the sender addresses are forged, and the AV software writers should know that. In fact the huge flood of messages of type (iii) have outnumbered the messages of type (i) in this latest outbreak. AV software writers making themselves part of the problem there, rather than the solution. As FreeBSD users we can, of course, act all smug about this and just set our spam filters and AV software to dump all of the (i), (ii) and (iii) types of message into the bit-bucket. If you want to test your machine to see if it is providing an open relay, go to http://www.abuse.net/relay.html and follow the instructions. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
