Maya Muchnik wrote:
> For example, a virus with subjects "www.tomcat.com..." and or "multithreading
> ...", "Problem with Multithreading...". Inside email a text is starting with:
>
Technically, what has been happening is not actually a virus -- but more on that
after a status report.
Current Status: no mail addressed to any apache.org list from the network domain
that is the source of all of these messages is being accepted for delivery to any
apache.org email address or mailing list. In addition, the TAGLIBS-USER list is
being moderated so that we can ensure that the filtering is working correctly.
Because of this, there might be a short delay before your postings to the list are
actually visible.
What appears to be going on is a single perpetrator (who isn't particularly smart,
given the audit trail left in the message headers), who is doing the following:
* Accumulating the addresses of list subscribers (easy to do
if you just look at who has ever posted).
* For each such subscriber, testing the mail server for that
subscriber's access to see if it allows "relaying" -- a common
technique that spam posters use to make other servers do the
broadcasting of such messages.
* For servers that allow relaying, sends forged messages
to the mailing list that appear to be from the victims's mail
address (so that the list will accept them).
If your own email address is listed as the source of one or more of these messages,
I would suggest that you consult the administrators of your mail domain to improve
protection against relaying.
Craig McClanahan
