We've had `attacks' of the same sort for a while...
--
Alan Thew alan.thew@???
Computing Services,University of Liverpool Fax: +44 151 794-4442
On Thu, 20 Apr 2000 10:14 , Simon Beale <simon.beale@???> said:
>> The symptoms we are getting is just bounced mails from addresses
>> that dont exist. The bounce comes to us because it has a From and
>> Reply-to header of
>> xyz123@??? (or any such similar garbage local part).
>>
>> --------------------------------------------------------------
>> Return-Path: Qm39j9RsR@???
>> From: Qm39j9RsR@???
>...
>> Received: from Uo5P9K8w0 (ppp-45.tnt-2.hou.smartworld.net
>> [64.38.20.205])
>> by mk.intermik.tpnet.pl (8.9.3/8.8.7) with SMTP id WAA13423;
>> Wed, 19 Apr 2000 22:55:46 +0200
>...
>> SUBJECT: COMPLETE ONLINE BUSINESS!!!
>> --------------------------------------------------------------
>> -------------------------
>> I have a suspicion that the spammer is just faking the
>> Reply-to and From
>> headers. Is this right? And if so how do we stop this?
>
>I've just had exactly the same problem with one of my domains, and from the
>information you've provided, random email recipient names, subject and
>original received lines, I would guess it's exactly the same person at
>fault. But yes, you're right, it's a faked from line, and I couldn't see
>anyway of stopping this at my end.
>
>About the only thing to do is send copies of the emails to
>abuse@??? (the original sending ISP) and they'll send back an
>email saying they've deleted the account of the relevant person... and a few
>days later you'll get more bounced messages from the same source (bitter?
>cynical? nah).
>
>Simon
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>