> Now, right now it happened again like I received an
> email with attachment coming from myself and sent to
> my address also which is infected with this worm
> variant.
I've had 9 emails today of this form.
There's an obvious forgery where the Received:
line shows the sender saying he's on my host.
: From AAAAAAAAAA Fri Jul 30 16:20:45 2004
: Return-Path: <AAAAAAAAAA>
: Delivered-To: slrnc92ute.p4i.elvis_at_notatla.org.uk
: Received: from notatla.org.uk (BBBBBBB [BB.BB.BBB.BB])
: by notatla.org.uk (Postfix) with ESMTP id DF2B78ED
: for <slrnc92ute.p4i.elvis_at_notatla.org.uk>; Fri, 30 Jul 2004 11:20:41 -0400 (EDT)
: From: AAAAAAAAAA
I have my luser_relay to concentrate mis-addressed mail
on a single account where such forgeries are picked out.
Mail like this is easy to detect and clearly misconduct.
What do people think about getting this reported automatically
(in a rate-limited way!) to ISPs known to accept abuse reports ?
--
##############################################################
# Antonomasia ant notatla.org.uk #
# See http://www.notatla.org.uk/ #
##############################################################
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 01 2004
Intro
