On Sun, Aug 31, 2003, Tim Wunder wrote:
>On Sunday 31 August 2003 1:32 pm, someone claiming to be Bill Campbell wrote:
>> On Sun, Aug 31, 2003, Gerry Doris wrote:
>> >I have received several emails infected with Sobig.F supposedly from
>> >the list as well a pile of notices from various list members that they
>> >received infected messages.
>>
>> Most of the e-mail worms that attack the Microsoft virus, Windows forge the
>> headers so they appear to some somebody other than the real sender.
>>
>
>AFAICT, it's only forging the From: address. The "Received From" headers seem
>to be unaffected, unless it's changed since it first came out...
>
>I don't suspect you are infected, but I believe someone who uses an
> smtp server connected to your network is (or was). Case in point an e-mail
>sent to the list on 8/22 containing the subject "RE: Thank You" (one of the
>tell-tail subject lines) had the following in the header:
><header quote>
>Received: from JOJO (grdsl-94.dsl.utk.edu [160.36.224.95])
> by kumerik.celestial.com (Postfix) with ESMTP id 387D828885
> for <[EMAIL PROTECTED]>; Fri, 22 Aug 2003 20:07:10 -0500 (CDT)
></header quote>
That machine is an MX forwarder for linux-sxs-org, and properly receives
mail destined for that domain when the primary MX server isn't available
for whatever reason. The three MX servers for linux-sxs.org are here (the
two servers here have less restrictive anti-spam filters than our main mx1
and mx2 servers which rejected your mail as noted below):
0 hunley.homeip.net
110 mx3.celestial.com
100 mx4.celestial.com
>I tried sending a message directly to you at the time, but recieved a failure
>notice:
> Permanent Failure:
>554_Service_unavailable;_[216.148.227.85]_blocked_using_rbl.celestial.net,_reason:_Blocked_for_spamming_from_IP=216.148.227.85
> Delivery last attempted at Sat, 23 Aug 2003 03:13:11 -0000
That particular address is blocked as the result of spam from that system
(in this case a weight loss and other meds send to a spamtrap address from
a ``millions of clean e-mail address'' CD). Mail to role accounts
{postmaster,abuse,security,[EMAIL PROTECTED] is always accepted before
any RBLs are checked.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``You know the one thing that's wrong with this country? Everyone gets a
chance to have their fair say.''
-Bill Clinton, May 29, 1993, The White House
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
