* This is the vopmailbeta mailing list *
Warren, We have used the spamfilter text file to block a users ability to send email (I think using the "from:" and "mailfrom:" parameters). Stops the user from sending email but still allows them to receive and use any other service you may provide to them. Once they claim to have the virus issue resolved, you can remove your filters and watch the account close to verify all is well. Bill Rakowitz YK Communications > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Warren Sampson > Sent: Wednesday, October 16, 2002 10:46 AM > To: [EMAIL PROTECTED] > Subject: [VOPmail Beta] stopping infected user > > > * This is the vopmailbeta mailing list * > > > Well, we are not an ISP in the true sense of the word. But > web and e-mail hosting a small (very small) client base is > part of what we do. > > So in this case, we don't control the Internet access so I > can't cut them off there. > > I guess Domain Suspension would be the best route to go right > now? Block the POP access and that should get them to pay attention. > > thanks > > Warren > > > > > -----Original Message----- > From: Yves Lacombe [mailto:[EMAIL PROTECTED]] > Sent: October 16, 2002 11:40 AM > To: [EMAIL PROTECTED] > Subject: [VOPmail Beta] stopping infected user > > > * This is the vopmailbeta mailing list * > > > Well - as an ISP (i assume you're an ISP), if your TOS/AUP > clearly stipulate that customers who are sending "problem > emails" (ie: SPAM or infected > emails) and are unwilling to take measures to stop said > problem emails, you are probably within your rights to stop > them from using your service. That's probably the best route > to adopt. You've already done your "due diligence" ... you > detected the problem, you notified them of the problem, you > even tried to help them deal with the problem. If they don't > want to stop ... you are probably within your rights to remove access. > > Note that IANAL (I am not a lawyer) but I have seen/read many > Terms of Service / Acceptable Use Policies ... > > -- > Yves Lacombe > SPAM Fighting Team > T4C/BMC Server Support > (514) 845-1666 ext. 300 > > ----- Original Message ----- > From: "Warren Sampson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 16, 2002 11:30 AM > Subject: [VOPmail Beta] stopping infected user > > > * This is the vopmailbeta mailing list * > > > Hi, > > I have a customer that we are hosting e-mail for. This is the > second time this has happened with this particular user > (happened last year on our old mail system). > > I notice on Sunday that e-mail with a mailfrom of the users > account, was attempting to send to various different users at > about 1 minute intervals. At first I thought the customer > didn't have the "authenticate" for SMTP. > > Anyway, after seeing some e-mails addressed to "unlikely" > receipients (various colorful adjectives), I realized that > the user must be infected again. > > Luckily, we have the requirement of authentication. > > ---- SMTPRS log entry made at 10/14/2002 00:14:16 > SMTP command failed when talking to 142.154.115.21: > >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not > configured to relay mail from <[EMAIL PROTECTED]> to > <[EMAIL PROTECTED]> for 142.154.115.21 > > ---- SMTPRS log entry made at 10/14/2002 00:16:41 > SMTP command failed when talking to 142.154.115.21: > >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not > configured to relay mail from <[EMAIL PROTECTED]> to > <[EMAIL PROTECTED]> for 142.154.115.21 > > ---- SMTPRS log entry made at 10/14/2002 00:18:25 > SMTP command failed when talking to 142.154.115.21: > >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not > configured > to relay mail from <[EMAIL PROTECTED]> to > <[EMAIL PROTECTED]> for 142.154.115.21 > > > I tried to help over the phone with an antivirus update (the > user had it turned off and last definitions were from October > last year). Anyway... the customer is not concerned because > the e-mail is working for them and they seem to not care > about fixing their system. > > What can I do to block, stop, etc? The customer is using a > dial-up so I can block the IP being used now, but it's gonna change. > > I very worried that if some gets through, our server will get BL'd. > > Any ideas? > > > Warren (Sam) Sampson > MCSE, CCA > > KMP Designs Inc. > 7145 West Credit Ave > Suite 101, Building 2 > Mississauga, ON > L5N 6J7 > > Phone: (905)812-5635 > Fax: (905)812-5636 > E-mail: [EMAIL PROTECTED] > > > > ** > To leave this list, send an email to > [EMAIL PROTECTED] and put the word "LEAVE" in > the BODY of the email. > > > > ** > To leave this list, send an email to > [EMAIL PROTECTED] and put the word "LEAVE" in > the BODY of the email. > > ** > To leave this list, send an email to > [EMAIL PROTECTED] and put the word "LEAVE" in > the BODY of the email. > ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
