I turned on the nobody alias for a few minutes, and the messages are actual
bounce messages from postmasters who are getting spam from someone forging
our return address. Very active spammer. Anything we can do?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Sent: Wednesday, September 22, 2004 8:38 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Attack?
I turned on the nobody alias for a few minutes, and the
messages are actual
bounce messages from postmasters who are getting spam from
someone forging
our return address. Very active
]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 9:55 AM
Subject: RE: [Declude.Virus] Attack?
If the bounce messages give you enough header information to track the
orignating IP you can complain to the guy's upstream, but my experience is
that most of these guys these days are using
: Wednesday, September 22, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
If the bounce messages give you enough header information to
track the orignating IP you can complain to the guy's
upstream, but my experience is that most of these guys these
days are using
Declude never sees it anyway; never makes it to the queue. It errors
on the RCPT TO: line. With the Refuse Null Senders box checked, it
errors one command earlier, on MAIL FROM. Probably not enough to
make a difference.
Actually, it would be a significant difference under load. But this
Of course this means that most Out of office messages will not
make their way into your system
And you will be doing your users a great disservice by rejecting
hop-one bounces.
And you will get blacklisted.
There is no informed, rational reason to disable all messages from the
null
For three days now we've been getting these emails addressed to random
strings every few minutes. IPs keep changing. Sometimes one mail per IP,
sometimes several. What is this? Zombie computers? Forged IPs? And how
many hits are you going to get with random strings?
09:21 00:00
]
Subject: [Declude.Virus] Attack?
For three days now we've been getting these emails addressed to random
strings every few minutes. IPs keep changing. Sometimes one mail per
IP, sometimes several. What is this? Zombie computers? Forged IPs?
And how many hits are you going to get with random
Look in the archives for info on dictionary attacks. They're very common
these days.
Darin.
- Original Message -
From: Stan Buck [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 11:49 AM
Subject: [Declude.Virus] Attack?
For three days now we've been getting
with other things to try and track this how-to down..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stan Buck
Sent: Tuesday, September 21, 2004 11:50 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Attack?
For three days now we've been getting
]
[mailto:[EMAIL PROTECTED] Behalf Of IS - Systems Eng.
(Karl Drugge)
Sent: Tuesday, September 21, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
Oh wow. I've seen this before.
I can't remember the name, something like an 'inadvertent reflective
DDOS attack
, INC.
www.duracom.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze
Sent: Tuesday, September 21, 2004 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I've seen this happening with us for a while now.. I started tracking
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kris McElroy
Sent: Tuesday, September 21, 2004 1:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I had two gateways running declude, both boxes were Dual Xeon 2.8Ghz, 2GB
Ram, 3x36Gb 15K scsi, 128MB Raid
, 2004 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I've seen this happening with us for a while now.. I started tracking the IP
addresses to try and have iMail block them, but I would have to enter them
manually and wasn't going to do that.. Way too many.. Hahaha
I think
: Tuesday, September 21, 2004 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
Was there a how-to that you followed to set this up, or did you just do a
search and take a little here, and a little there to finally get your setup?
Also, do you manually enter legit e-mail
Message -
From: Donn Bly [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 12:37 PM
Subject: RE: [Declude.Virus] Attack?
Since these all look like they have null originating addresses, to me they
look a lot more like virus bounce messages.
In order
16 matches
Mail list logo