On Mon, Jan 01, 2001 at 07:25:49PM +0000, Mark Delany wrote:
> badmailfrom won't work on this. See the archives for discussions on
> why not (it checks Return-Path).
>
> Perhaps speak to [EMAIL PROTECTED] as it looks to be originating in there.
>
My mistake, I was unclear. These are coming to us from all over
the net, presumably from legitimate accounts. Looks to me like
they - oemcomputer (AC928F2E.ipt.aol.com) in this case - have a
virus of some sort. But it is not just that one user. Below is
another one just in. Is this just a local "maine" thing or
has anyone else seen it?
Best,
cfm
>From MAILER-DAEMON Mon Jan 01 19:32:31 2001
Return-Path: <>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 6104 invoked from network); 1 Jan 2001 19:32:30 -0000
Received: from gray.maine.com (204.176.0.13)
by sooshi.maine.com with SMTP; 1 Jan 2001 19:32:30 -0000
Received: (qmail 14946 invoked by alias); 1 Jan 2001 19:21:05 -0000
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 14943 invoked from network); 1 Jan 2001 19:20:56 -0000
Received: from 1087-maine-56k.ime.net (HELO pavilion) (209.90.240.137)
by gray.maine.com with SMTP; 1 Jan 2001 19:20:56 -0000
From: Hahaha <[EMAIL PROTECTED]>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE7K1EZWPU3"
Status: RO
Content-Length: 31628
Lines: 421
----VE7K1EZWPU3
Content-Type: text/plain; charset="us-ascii"
Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and
polite with Snowhite. When they go out work at mornign, they promissed a
*huge* surprise. Snowhite was anxious. Suddlently, the door open, and the Seven
Dwarfs enter...
----VE7K1EZWPU3
Content-Type: application/octet-stream; name="sexy virgin.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sexy virgin.scr"
>
> Regards.
>
>
> On Mon, Jan 01, 2001 at 02:21:58PM -0500, [EMAIL PROTECTED] wrote:
> >
> > We're getting dozens of these SPAM now every day just on a single
> > admin account. There is a flood going to user mail boxes too.
> >
> > I've not been successful blocking it with badmailfrom or
> > badmailpatterns. procmail yes, but I'd rather push them
> > back. It's coming from all over the place. We're running
> > qmail-1.03 with the SPAMCONTROL patch. Can anyone help me
> > with this please?
> >
> > Thanks,
> > cfm
> >
> >
> > From MAILER-DAEMON Mon Jan 01 18:30:53 2001
> > Return-Path: <>
> > Delivered-To: [EMAIL PROTECTED]
> > Received: (qmail 6035 invoked from network); 1 Jan 2001 18:30:52 -0000
> > Received: from gray.maine.com (204.176.0.13)
> > by sooshi.maine.com with SMTP; 1 Jan 2001 18:30:52 -0000
> > Received: (qmail 13886 invoked by uid 64010); 1 Jan 2001 18:19:29 -0000
> > Delivered-To: [EMAIL PROTECTED]
> > Received: (qmail 13883 invoked from network); 1 Jan 2001 18:19:28 -0000
> > Received: from rly-ip02.mx.aol.com (152.163.225.160)
> > by gray.maine.com with SMTP; 1 Jan 2001 18:19:28 -0000
> > Received: from tot-tg1-th.proxy.aol.com (tot-tg1-th.proxy.aol.com [152.163.213.3])
> > by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
> > with ESMTP id NAA12608 for <[EMAIL PROTECTED]>;
> > Mon, 1 Jan 2001 13:18:49 -0500 (EST)
> > Received: from oemcomputer (AC928F2E.ipt.aol.com [172.146.143.46])
> > by tot-tg1-th.proxy.aol.com (8.10.0/8.10.0) with SMTP id f01IIR421070
> > for <[EMAIL PROTECTED]>; Mon, 1 Jan 2001 13:18:27 -0500 (EST)
> > Date: Mon, 1 Jan 2001 13:18:27 -0500 (EST)
> > Message-Id: <[EMAIL PROTECTED]>
> > From: Hahaha <[EMAIL PROTECTED]>
> > Subject: Snowhite and the Seven Dwarfs - The REAL story!
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed; boundary="--VER0HE7WPQVW9YB0567WDEZOLYVKLM3S1"
> > X-Apparently-From: [EMAIL PROTECTED]
> >
> > --
> >
> > Jan 1 13:19:28 gray qmail: 978373168.993475 new msg 217092
> > Jan 1 13:19:28 gray qmail: 978373168.995066 info msg 217092: bytes 35410 from <>
>qp 13883 uid 71
> > Jan 1 13:19:29 gray qmail: 978373169.065436 starting delivery 14530: msg 217092
>to local [EMAIL PROTECTED]
> > Jan 1 13:19:29 gray qmail: 978373169.066836 status: local 2/10 remote 0/20
> >
> >
> >
> > --
> >
> > Christopher F. Miller, Publisher [EMAIL PROTECTED]
> > MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
> > 1.207.657.5078 http://www.maine.com/
> > Content management, electronic commerce, internet integration, Debian linux
--
Christopher F. Miller, Publisher [EMAIL PROTECTED]
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Content management, electronic commerce, internet integration, Debian linux
