* This is the vopmailbeta mailing list *
Well, we are not an ISP in the true sense of the word. But web and e-mail hosting a small (very small) client base is part of what we do. So in this case, we don't control the Internet access so I can't cut them off there. I guess Domain Suspension would be the best route to go right now? Block the POP access and that should get them to pay attention. thanks Warren -----Original Message----- From: Yves Lacombe [mailto:[EMAIL PROTECTED]] Sent: October 16, 2002 11:40 AM To: [EMAIL PROTECTED] Subject: [VOPmail Beta] stopping infected user * This is the vopmailbeta mailing list * Well - as an ISP (i assume you're an ISP), if your TOS/AUP clearly stipulate that customers who are sending "problem emails" (ie: SPAM or infected emails) and are unwilling to take measures to stop said problem emails, you are probably within your rights to stop them from using your service. That's probably the best route to adopt. You've already done your "due diligence" ... you detected the problem, you notified them of the problem, you even tried to help them deal with the problem. If they don't want to stop ... you are probably within your rights to remove access. Note that IANAL (I am not a lawyer) but I have seen/read many Terms of Service / Acceptable Use Policies ... -- Yves Lacombe SPAM Fighting Team T4C/BMC Server Support (514) 845-1666 ext. 300 ----- Original Message ----- From: "Warren Sampson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 16, 2002 11:30 AM Subject: [VOPmail Beta] stopping infected user * This is the vopmailbeta mailing list * Hi, I have a customer that we are hosting e-mail for. This is the second time this has happened with this particular user (happened last year on our old mail system). I notice on Sunday that e-mail with a mailfrom of the users account, was attempting to send to various different users at about 1 minute intervals. At first I thought the customer didn't have the "authenticate" for SMTP. Anyway, after seeing some e-mails addressed to "unlikely" receipients (various colorful adjectives), I realized that the user must be infected again. Luckily, we have the requirement of authentication. ---- SMTPRS log entry made at 10/14/2002 00:14:16 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 ---- SMTPRS log entry made at 10/14/2002 00:16:41 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 ---- SMTPRS log entry made at 10/14/2002 00:18:25 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 I tried to help over the phone with an antivirus update (the user had it turned off and last definitions were from October last year). Anyway... the customer is not concerned because the e-mail is working for them and they seem to not care about fixing their system. What can I do to block, stop, etc? The customer is using a dial-up so I can block the IP being used now, but it's gonna change. I very worried that if some gets through, our server will get BL'd. Any ideas? Warren (Sam) Sampson MCSE, CCA KMP Designs Inc. 7145 West Credit Ave Suite 101, Building 2 Mississauga, ON L5N 6J7 Phone: (905)812-5635 Fax: (905)812-5636 E-mail: [EMAIL PROTECTED] ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email. ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email. ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
