At 10:22 AM -0600 11/1/04, NetHead wrote: >I suspect that somehow the addresses on my mail server have been >compromised. I have been getting a flood of worm-laden messages, many of >them showing "FROM:" addresses on our mail server. I wouldn't think much >of it normally; I'm well aware of the various worms that will hijack the >address book on an infected computer and use those for forge the "FROM:" >header. But today I saw one from a brand new e-mail address that has not >been used yet (at least not to my knowledge). > >If I wanted to scour my mail logs for "harvesting" attempts, what key >words should I use in the filters?
For starters, look for references to the not-yet-used email address. ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
