On Sunday 21 September 2003 04:06 am, Graham Watkins wrote: > > These aren't what I'm concerned about (although I have been getting them > - those are almost certainly virii). What I've been getting are > delivery failure messages with no attachments which make me wonder if > I'm being used as a conduit for someone else's junk mail program and > that these return mail messages are a result of junk mails sent to email > addresses that are no longer in existence.
Bounces go to the stated From attached to the message. That can be forged so trivially that it is considered meaningless (rightfully so) by most admins. No point in trying to contact anyone, most of the knowledgeable people already disregarded that as soon as they got it. If they don't know enough to disregard it, they are probably too busy trying to contact "[EMAIL PROTECTED]" to ever get around to contacting you. > > Having said that, my firewall seems to be secure so far as I can tell. > Stephen suggested that I should have a look at my postfix setup but I > don't use a mailserver as my mail goes to and from my ISP via Mozilla > without any intermediary. If you are really concerned, download a package called, mailstats http://taz.net.au/postfix/mrtg/ and install it. It gives you a daily or weekly summary of your mail log including all messages received, delivered, bounced, sent, etc. If you check the traffic and it does not compare to what you know is going through your system, you can check the logs individually or simply close off all mail ports until you have determined where the vulnerability is. > > I suppose I could take Charlie's advice and filter them out but I'd > still like to get to the bottom of what's going on. Who is sending these > and why? You can attempt to trace the origin back by looking at the headers on the bounce but since most spammers use either open relays or an open proxy to bounce through, you will probably not be able to locate them. If it is a virus, you would track it down to a dummy, compromised machine which would do you even less good than finding an open proxy or relay run by a clueless admin. > As regards the suggestions for a vigilante organisation, I understand > that most of the big time spammers are based in Florida. I suggest we > start drawing up invasion plans :-) > > I'm still completely mystified by this - if I'm not being hacked and > there's no virus attached, then what on earth is the point of these things? If a virus, the bounce will probably not include the attachment but just the headers of the message. A lot of spammers will start a spam run but they have stupidly (because spammers are stupid) misconfigured their spamware and the payload either does not go out at all or goes out hopelessly misconfigured. I get spams all the time that have no message, no advertisement, nothing, just the headers and are proof that some newbie scummer is just getting started on his career and hasn't "figgered out that appication" yet. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
