Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 13:29:21 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: Hi All, Ever since I posted a message to the Smallville newsgroup (yes, I watch that stuff. If you didn't grow up watching Christopher Reeve as Superman and Lynda Carter as Wonder Woman, well, you wouldn't understand), I've been getting a lot of spam mail. As I am on a Linux machine, the attachment (Content type is audio/x-midi; name=henn.exe, but the filename varies, though the EXE extension does not) does nothing. However, it displays an intriguing little grey square in the email message. The message body typically says that a message was undeliverable. The originating and terminating addresses are bogus. I have 2 questions: 1. How do I track down the origin of the mail ? I'm just curious as to what other people do when they want to track down these mails. Just look at the full header. It shows the originating IP right at the top. 2. Does anybody know what the attachment does? Some links to computing resources would help, though I find some of the sites so verbose as to be next to useless. Anything for the lay person? Probably either a virus or XXX-spam. Of course, you have to be stupid enough to run Windoze and Outhouse or Outhouse Distress so the file runs automagcally. Either way it will infect your system with a virus or a non-removable link that will open a porn site and probably send this virus to all your friends so they can see how dumb you are. Ciao, David A. Bandel -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] pgp0.pgp Description: PGP signature ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: [linux-elitists] SCO 8K
On Fri, 2003-10-17 at 16:44, Jonathan Corbet wrote: - - BayStar appears to be the smaller of two investors in this deal. Anybody have any idea why the Royal Bank of Canada would pump $30 million into SCO? - - Microsoft has fed them another $8 million. I can't see Royal Bank doing this for any other reason that on the behest of an investor. I have some mutuals invested with Royal Bank. I think I'll ask. -- burns ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? Regards, pascal chong ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 20:39:20 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? Regards, pascal chong Maybe, maybe not. There's always the possibility that this is the ip address of an already virus infected windows box! -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
Chong Yu Meng wrote: Hi All, Ever since I posted a message to the Smallville newsgroup ... I've been getting a lot of spam mail. As I am on a Linux machine, the attachment (Content type is audio/x-midi; name=henn.exe, but the filename varies, though the EXE extension does not) does nothing. However, it displays an intriguing little grey square in the email message. The message body typically says that a message was undeliverable. Don't feel alone. I get these every day. -- Ken ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
On Sat, 18 Oct 2003 20:39:20 +0800 Chong Yu Meng [EMAIL PROTECTED] wrote: David A. Bandel wrote: Just look at the full header. It shows the originating IP right at the top. Would this be it ? Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) So, assuming that I wanted to follow up on this, do I send an email to the administrator of that block? Would it do any good ? yes. you can try [EMAIL PROTECTED] That address should exist. May or may not do any good. Ciao, David A. Bandel -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] pgp0.pgp Description: PGP signature ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: I need a distro recommendation!
Ken Moffat wrote: Collins Richey wrote: One final shot on this. Leon, I know you have used libranet for a long time. Does libranet get around the debian stable = hopelessly antequated problem pretty well, i.e. relatively current packages are available? I'll second Leon's Libranet recommendation. And Yes, the packages in Libranet 2.8/2.8.1 are quite up to date. They base it on 'testing' now, with many 'unstable' packages included. (Not that they are unstable, just from the unstable branch). And if you get the freebie, 2.7, you can always change the /etc/apt/sources.list file to reflect the testing or unstable branch and go at it, updating the whole thing if you want to. (but careful, you can screw things up totally sometimes) Those who don't like debian should look at Libranet, which has a good install and is up to date, with a bunch of good users on a forum and mailing list. Ken beat me to the draw. I went with Libranet 1.9.0 when I gave up on Corel Linux, which gave up on its users. I do not have wideband, so I am not constantly updating. What I like about Libranet is that I can fire up the installation CD and have a working system up and running in about two hours. That time includes installing WordPerfect 8.1, Applix 5.0. StarOffice 6.0 and some other apps, along with my personal file archives. For me, it makes more sense and costs less cents to buy a copy of the new Libranet rather than pay an extra $400 - $500 a year for cable or DSL. My requirements for Linux, or any OS, are minimal. Just word processing and on-line research and documentation. I do not enjoy spending hours, days, or in the case of WP8.1, months, trying to get an app to run. -- Leon A. Goldstein Powered by Libranet 2.8 Debian Linux System G2 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: I need a distro recommendation!
On Sat, 2003-10-18 at 13:12, Leon Goldstein wrote: snip I went with Libranet 1.9.0 when I gave up on Corel Linux, which gave up on its users. snip Or more correctly: 'Corel Linux, produced by the financially troubled Corel Corp, who coincidentally abandoned the Linux in all their product lines after a sizable (and timely) investment by Microsoft.' -- burns ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Irritating Spam/Worm(?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David A. Bandel wrote: | On Sat, 18 Oct 2003 20:39:20 +0800 | Chong Yu Meng [EMAIL PROTECTED] wrote: | | |David A. Bandel wrote: | | |Just look at the full header. It shows the originating IP right at |the top. | | | |Would this be it ? | |Received: from infomail.es (39038.rad.tsai.es [195.235.39.38]) | | |So, assuming that I wanted to follow up on this, do I send an email to | |the administrator of that block? Would it do any good ? | | | yes. you can try [EMAIL PROTECTED] That address should exist. May or | may not do any good. | | Ciao, | | David A. Bandel | | According to senderbase.org that ip is delegated to tsai.es (maybe a parent). http://www.senderbase.org/search?searchString=195.235.39.38 I've found them to be very useful in determining whether to block an individual ip or an entire netblock, based upon how many addresses in the netblock are known mailers. They're at http://www.senderbase.org - -- Andrew Mathews - - ~ 1:40pm up 17 days, 18:12, 11 users, load average: 1.04, 1.08, 1.14 - - Things will get better despite our efforts to improve them. -- Will Rogers - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQE/kZlvidHQ0m/kEssRAv7MAJ0Uuwblc8RXSRixveHVSAxDsWzDugCfRyym 1myYd5oZRPmuJcopN4HNCjk= =SL2u -END PGP SIGNATURE- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
