[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Status

From: Greg Julius <fromRedHatLists outtacyte com>
To: redhat-install-list redhat com
Subject: Re: Status
Date: Mon, 02 Feb 2004 13:21:07 -0600

At 12:46 PM 2/2/2004, you wrote:

Rick Stevens wrote:

John Strunk wrote:

Now rstevens sent another virus with the subject Status. Watch out for any messages from rstevens to this list.

Wait just a minute, John. I never sent a virus. This is the goddamn
John,

My email address has been "borrowed" too. In my case I think from the php-install list. If you look at the "From" headers in any email with the windows virus, you will see that it does not have the usual flow of servers that the email has travelled through. A sure sign that it has been forged. I know Rick ("what is Outlook?") would not do such a thing.

John,

I guess I'll chime in also.

I've been "borrowed" as Chris put it. Heavily.

I must get a hundred real bounces a day from a server that has detected the virus and (rightly) bounces it. The only problem is that I didn't send them. I am horribly paranoid about this. I use windows as my desktop, but have outlook disabled and there are no addresses in it (it's just not safe).

If you follow the chain of Received headers from the email, the lowest one on the list is the first MTA that received it and it will usually say from where it received it (at least by IP). You can do a nameserver lookup on the IP in windows by going to a DOS box and typing nslookup followed by the IP. Among the data returned is the name (if any can be found) belonging to the IP. If that fails, you can use www.arin.net to find out who "owns" the block of addresses you particular IP belongs to. You can then use that information to report the abuse to the abuse mailbox for the owning domain.

I know it is infuriating to put up with the C..p, but there it is.

Try to be nice when you contact the abuse line and give them the headers of the email you received (all of the headers).

For myself, I have created filters that automatically throw "bounces" away that didn't originate from one of my domains.

Regards,
-g

Follow-Ups:
- Re: Status
  - From: Chris Hewitt

References:
- Re: Status
  - From: Rick Stevens
- Re: Status
  - From: Chris Hewitt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]