Re: [NF] eMail flood on my server
It is possible that your system is being used as relay (i.e. you send email to [EMAIL PROTECTED]@leafe.com and if it is a relay it sends the email on to [EMAIL PROTECTED] but looks to send it from leafe.com to the unwary). You can test your email for this at a number of web sites (just look in google) but be warned, if you do relay they will blacklist you until you get a cleared test which could take you a few hours. (If you use groupwise let me know off list as I may be able to help). -- Michael Hawksworth Visual Fox Solutions [EMAIL PROTECTED] www.foxpro.co.uk ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 22, 2007, at 3:32 AM, Michael Hawksworth wrote: It is possible that your system is being used as relay (i.e. you send email to [EMAIL PROTECTED]@leafe.com and if it is a relay it sends the email on to [EMAIL PROTECTED] but looks to send it from leafe.com to the unwary). Since his system is bouncing those emails, it's not likely. -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 5:30 PM, Kenneth Kixmoeller/fh wrote: It just seems like there are much easier ways to harvest eMail addresses... hardly worth the programming time to do it this way. But I suppose they are just having fun. http://redtape.msnbc.com/2007/01/spam_is_back_an.html -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 22, 2007, at 2:32 AM, Michael Hawksworth wrote: It is possible that your system is being used as relay... Thanks, but no --- I check it at ORDB every once in a while (because I made that mistake once). Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 22, 2007, at 6:37 AM, Ed Leafe wrote: http://redtape.msnbc.com/2007/01/spam_is_back_an.html Good article -- amazing, though, how many of the comments at the bottom completely missed the point. Death to Spammers is useless when *you* are the spammer, infected with a bot. Incidentally, I thought it wouldn't hurt to check my server for being an open relay again, even though I am positive it isn't. I was surprised to find ORDB.org had passed from the mortal coil. http://it.slashdot.org/article.pl?sid=06/12/18/154259from=rss or: http://tinyurl.com/yl7hpt Any still-free alternatives anybody knows (and trusts)? Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
You can try this: http://www.spamcop.net/bl.shtml Kenneth Kixmoeller/fh wrote: Any still-free alternatives anybody knows (and trusts)? -- Richard Kaye Vice President Artfact/RFC Systems Voice: 617.219.1038 Fax: 617.219.1001 For the fastest response time, please send your support queries to: Technical Support - [EMAIL PROTECTED] Australian Support - [EMAIL PROTECTED] Internet Support - [EMAIL PROTECTED] All Other Requests - [EMAIL PROTECTED] - This message has been checked for viruses before sending. - ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 22, 2007, at 4:30 PM, Richard Kaye wrote: You can try this: http://www.spamcop.net/bl.shtml Kenneth Kixmoeller/fh wrote: Any still-free alternatives anybody knows (and trusts)? thanks -- it says I am OK. You know, I am beginning to think that this is the same problem Michael had a while ago. (I am searching the archives right now, but searching posts from Babcock is exhausting all of Ed's processing power!) I think the situation was some spammer spoofed *his* domain as the one originating the posts, so he got all of the bounces. (Still waiting for the archives... Time to cut back on those posts, Michael!) I checked my statistics from the eMail server, and I have rejected over 134,000 messages because of a unknown user account. Holy Smoke! (Still waiting... Ed, is that thing smoking?) Might as well just ask! Michael: Did you find a solution? Did the situation ever resolve itself? How long did it take? Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 22, 2007, at 5:41 PM, Kenneth Kixmoeller/fh wrote: I think the situation was some spammer spoofed *his* domain as the one originating the posts, OK, I finally found it, but it was Alan Lukachko, not Michael. (Fortunately MB responded a few times in the thread, so I found it.) http://leafe.com/archives/showFullThd/324871#0 It looks like there just isn't any solution. I just hope the flood slows to a trickle. expletive deleted Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
Kenneth Kixmoeller/fh wrote: On Jan 22, 2007, at 5:41 PM, Kenneth Kixmoeller/fh wrote: I think the situation was some spammer spoofed *his* domain as the one originating the posts, OK, I finally found it, but it was Alan Lukachko, not Michael. (Fortunately MB responded a few times in the thread, so I found it.) http://leafe.com/archives/showFullThd/324871#0 It looks like there just isn't any solution. I just hope the flood slows to a trickle. Ya know, shotguns aren't just for leaving by the front door when some gorilla comes calling for your baby girl for her first car date Of course, I may have a somewhat more conservative approach to this type of problem than others, so I'd better stop this before the OT police come tapping my phone lines. Whil (Who thinks a vigilante hunting down the top 50 spammers in the country would make a terrific story line.) ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
RE: [NF] eMail flood on my server
Hello Ken, He's an update. I checked with my hosting company Textdrive. They, as many who replied on this list, said that there was not much I could do about the spoofed e-mails. What I did (and this is not necessarily the solution) was to access my e-mail through the Webmail interface on the Textdrive server. I would delete any e-mail that was suspicious. Then I would download the e-mails using the Outlook client. Over the course of a few weeks, the number of 'spoofed' e-mails declined to the point that I now get only one or two a day. I suspect what really happened is that the bot got discovered and was deleted off the sending server or it was just not any more fun for the perpetrator. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kenneth Kixmoeller/fh Sent: Monday, January 22, 2007 8:07 PM To: profox@leafe.com Subject: Re: [NF] eMail flood on my server On Jan 22, 2007, at 5:41 PM, Kenneth Kixmoeller/fh wrote: I think the situation was some spammer spoofed *his* domain as the one originating the posts, OK, I finally found it, but it was Alan Lukachko, not Michael. (Fortunately MB responded a few times in the thread, so I found it.) http://leafe.com/archives/showFullThd/324871#0 It looks like there just isn't any solution. I just hope the flood slows to a trickle. expletive deleted Ken [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
Kenneth Kixmoeller/fh wrote: OK, I finally found it, but it was Alan Lukachko, not Michael. (Fortunately MB responded a few times in the thread, so I found it.) Glad to help (indirectly as it were). g -- Michael J. Babcock, MCP MB Software Solutions, LLC http://mbsoftwaresolutions.com http://fabmate.com Work smarter, not harder, with MBSS custom software solutions! ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 1:12 PM, Kenneth Kixmoeller/fh wrote: I just don't understand what somebody has to gain by flooding my server? It's a spam bot. They keep generating all sorts of combinations, hoping that one or two will be legitimate. A better question would be: what do they have to lose? Most likely this is coming from a zombie that has been infected, so it doesn't even cost them any CPU cycles or bandwidth. -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
Kenneth Kixmoeller/fh wrote: Hey -= == == I'm just curious what's going on I flipped my KVM switch over to my server (for no particular reason), and noticed my eMail server going wild. Somebody is sending mail after mail to my server, to made-up users in my domain. the user names aren't random, they all start with shethang, for example: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] and on and on. All of the from IP's and domains are being spoofed, so I can't blacklist any of it. If you look up the 'from' chain, you'll eventually see the starting point of the email (the 'envelope', so to speak.) Are they all the same (probably likely) or different? Whil ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 1:22 PM, Whil Hentzen (Pro*) wrote: If you look up the 'from' chain, you'll eventually see the starting point of the email (the 'envelope', so to speak.) Are they all the same (probably likely) or different? Al I see on the server is the apparent from and IP. The messages are getting bounced, so can one look up the chain? How? (Or does it vary from mail server to mail server?) Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 12:34 PM, Ed Leafe wrote: A better question would be: what do they have to lose? Most likely this is coming from a zombie that has been infected, so it doesn't even cost them any CPU cycles or bandwidth. It just seems like there are much easier ways to harvest eMail addresses... hardly worth the programming time to do it this way. But I suppose they are just having fun. Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 5:30 PM, Kenneth Kixmoeller/fh wrote: It just seems like there are much easier ways to harvest eMail addresses... hardly worth the programming time to do it this way. But I suppose they are just having fun. No, it's not for fun. This is serious stuff. And as long as there is a huge supply of easily-compromised machines available, this route is much simpler than a centralized harvesting scheme. -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 4:51 PM, Ed Leafe wrote: No, it's not for fun. This is serious stuff. Yeah, I suppose. I wonder when it is going to get bad enough that the powers decide that it is time to fundamentally redesign how eMail works. All of this stuff inhales vigorously. Looking back at my eMail server logs, I see that this particular bug has been hard at work since the 17th. expletive deleted Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 6:14 PM, Kenneth Kixmoeller/fh wrote: I wonder when it is going to get bad enough that the powers decide that it is time to fundamentally redesign how eMail works. All of this stuff inhales vigorously. About the same time that those same powers decide that it is up to the OS to make itself secure, rather than relying on anti-virus, anti- spyware programs that are by their very nature reactive. -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
Kenneth Kixmoeller/fh wrote: On Jan 21, 2007, at 1:22 PM, Whil Hentzen (Pro*) wrote: If you look up the 'from' chain, you'll eventually see the starting point of the email (the 'envelope', so to speak.) Are they all the same (probably likely) or different? Al I see on the server is the apparent from and IP. The messages are getting bounced, so can one look up the chain? How? (Or does it vary from mail server to mail server?) I might be misunderstanding what you're seeing... but I was referring to looking at the headers of an email message. In thunderbird, by selecting the Headers - All' option under View, you can see everything in the envelope: X-Account-Key: account4 X-UIDL: 2048239458739 X-Mozilla-Status: 0011 X-Mozilla-Status2: 000 Received: from [70.86.98.242] by ... Received: from marge.leafe.com... Received: from leafe.com etc. Whil ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 6:08 PM, Whil Hentzen (Pro*) wrote: I might be misunderstanding what you're seeing... but I was referring to looking at the headers of an email message. In thunderbird... OK, Whil, thanks. I'll try to be clearer. Thunderbird is the client. Mine is Mac:Mail. Since all of these spambot messages are to an invalid user name, they are being bounced by my email server software, so they are never making it to any client. I don't know how to see anything more about bounced messages than what shows up in the eMail log. I have half-heartedly been looking up how to create a catch-all email account on my server software, so I can capture some of these mails and look up the chain. I had one at one point, but since it was full o' nothing but spam, I deleted that account. And, really, these things aren't doing much harm. It's just bloating my email logs, and chewing up some server cycles. Nevertheless, I'd like to figure out how to stop it. Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 8:03 PM, Kenneth Kixmoeller/fh wrote: Since all of these spambot messages are to an invalid user name, they are being bounced by my email server software, so they are never making it to any client. I don't know how to see anything more about bounced messages than what shows up in the eMail log. All you can get from a bounced message is the IP address of the server that is trying to send it to you. That could be the originator, or it could be an intermediate that is relaying the mail. -- Ed Leafe -- http://leafe.com -- http://dabodev.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] eMail flood on my server
On Jan 21, 2007, at 7:29 PM, Ed Leafe wrote: All you can get from a bounced message is the IP address of the server that is trying to send it to you. That could be the originator, or it could be an intermediate that is relaying the mail. Thank you. The IP addresses are all different, so I guess I'll try to let a few through and see if I can find the IP of the machine that is really sending all of it. Ken ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.