[Exim] Spammer or new virus?

Inizio della pagina
Questo messaggio è parte di questo thread:
M-\il thread completo ordinato per data
M.M 
M\Steve Drees at ->
Delete this message
Reply to this message
Autore: Marc MERLIN
Data:  
To: exim-users
Oggetto: [Exim] Spammer or new virus?
Now that I'm actually watching my logs more closely, I noticed that someone
from two different places (or two different people) keep trying to send mail
through my system as someemail@??? (my dad's Email), and get
rejected because I don't relay (my dad doesn't send mail through my machine)

The "interesting" part is that at least some of the RCPT TOs are actually
Email addresses that my dad could Email (well, some, like the last 3, since
he is a magician).

Right now, my guess is that one or two of his collegues are using outlook (I
made sure he isn't) and they are infected and trying to send mail to their
addressbook in his name
However, that'd be the first time that I see a virus that looks up the MX
for the user and tries connecting through it, and masquerades the envelope
from too (usually it's only the header from)

A spammer would typically probe for an open relay and move on. Here, I keep
getting attempts almost every day.

Has anyone seen that?

mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153 F=<someemail@???> rejected RCPT <lifi@???>: authentication required
mainlog:2002-05-27 10:33:26 H=(Auhfuzj) [212.195.121.225]:1548 F=<someemail@???> rejected RCPT <thewebmonster@???>: authentication required
mainlog:2002-05-27 13:20:04 H=amontsouris-108-1-7-158.abo.wanadoo.fr (Qhzrw) [193.251.188.158]:2118 F=<someemail@???> rejected RCPT <abnormal@???>: authentication required
mainlog:2002-05-27 22:50:48 H=lns07v-7-148.w.club-internet.fr (Rxcwc) [212.194.138.148]:1133 F=<someemail@???> rejected RCPT <lifi@???>: authentication required
mainlog:2002-05-27 22:55:15 H=lns07v-7-148.w.club-internet.fr (Irz) [212.194.138.148]:1215 F=<someemail@???> rejected RCPT <virtuasexmovies@???>: authentication required
mainlog:2002-05-27 23:08:35 H=lns07v-7-148.w.club-internet.fr (Qyocoehm) [212.194.138.148]:1487 F=<someemail@???> rejected RCPT <ahahah@???>: authentication required
mainlog:2002-05-28 05:04:37 H=amontsouris-108-1-9-18.abo.wanadoo.fr (Doxm) [217.128.36.18]:1561 F=<someemail@???> rejected RCPT <Misterieux@???>: authentication required
mainlog:2002-05-28 06:54:43 H=amontsouris-108-1-9-18.abo.wanadoo.fr (Lpuavyg) [217.128.36.18]:3573 F=<someemail@???> rejected RCPT <Lupo4magic@???>: authentication required
mainlog:2002-05-28 08:22:51 H=amontsouris-108-1-9-18.abo.wanadoo.fr (Mcvofevly) [217.128.36.18]:4872 F=<someemail@???> rejected RCPT <webmaster@???>: authentication required 

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key


Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [Exim] mysterious TO: headersRE: [Exim] Spammer or new virus?->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)