Mail Attack

Jessica Zhu jessica at mathforum.org
Wed Aug 24 13:30:27 UTC 2005 


On Tue, 23 Aug 2005, Ed Wilts wrote:

> On Tue, Aug 23, 2005 at 04:47:55PM -0400, Jessica Zhu wrote:
> > Hi Steve,
> > 
> > Below is one. It is from mx.maria.choppy.com.cl, right? I guess I have to 
> > scan all the bounces. It will be really time consuming.
> 
> Somebody claiming to be you sent an email to chingpao at ms28.hinet.net 
> via mx.maria.choppy.com.cl.  That person bounced it back to you. You can
> try to get a hold of the postmaster at mx.maria.choppy.com.cl but it's
> probably too late - the spam has left their system and the bounces are
> already making their way to you.  They could have been queued for hours
> - you don't know.  Spammers move around a lot and they're likely already
> spamming from another system.  You can contact the postmaster of the
> original system and it may help in the future but it's likely already
> too late to help you.
> 

Agree. If someone forges your mail address and sends out tons of spam 
out there during the day in Asia,  we are sleeping in the midnight. When 
we are awaken, it's already too late. 

It remind us how important for us to have the international standard to 
prevent such kind of thing happen in future.

I will consider to get another mail server and get SPF or other effective 
protocol on it. 

Thanks!

Jessica

> 
> > Date: Wed, 24 Aug 2005 03:43:57 +0800 (CST)
> > From: Mail Delivery Subsystem <MAILER-DAEMON at ms28.hinet.net>
> > To: Jessica at mathforum.org
> > Subject: Returned mail: Service unavailable
> > 
> > The original message was received at Wed, 24 Aug 2005 03:43:52 +0800 (CST)
> > from [211.106.177.167]
> > 
> >    ----- The following addresses had permanent fatal errors -----
> > <chingyu7 at ms28.hinet.net>
> > 
> >    ----- Transcript of session follows -----
> > mail.local: /var/mail/c/chingyu7: Disc quota exceeded
> > 554 <chingyu7 at ms28.hinet.net>... Service unavailable
> > 
> >    ----- Original message follows -----
> > 
> > Return-Path: <Jessica at mathforum.org>
> > Received: from 168.95.5.28 ([211.106.177.167])
> >         by ms28.hinet.net (8.8.8/8.8.8) with SMTP id DAA01186;
> >         Wed, 24 Aug 2005 03:43:52 +0800 (CST)
> > Received: from mx.maria.choppy.com.cl (HELO 24-138.F.dial.o-tel-o.net)
> >         by mx.maria.munich.com.cl (Estfix) with ESMTP id F86203BD55
> >         for <Jessica at mathforum.org>; Wed, 24 Aug 2005 01:38:50 +0500
> > Date: Tue, 23 Aug 2005 23:35:50 +0300
> > From: "Deena " <Jessica at mathforum.org>
> > Message-ID: <D004042DECF4D3118A4068600815F449E2DFA7 at lvcoh006>
> > To: chingpao at ms28.hinet.net
> > Subject: This may help
> > X-Mailer: Mew version 3.2 on Emacs 21.3 / Mule 5.4 (SAKAKI)
> > X-Virus-Scanned: by AMaViS perl-13
> > MIME-Version: 1.0
> > Content-Type: text/html; charset="us-ascii"
> > Content-Transfer-Encoding: 7bit
> > 
> > 
> > On Tue, 23 Aug 2005, Steve Phillips wrote:
> > 
> > > On Tue, 23 Aug 2005, Jessica Zhu wrote:
> > > >> The big trick is to find the originator. - If you need help with this
> > > >> them let us know and we can probably track them down for you.
> > > >
> > > > Yes, with the bounce from all the places, it's really difficult for me to
> > > > find out the originator. I really need help on this. What are the steps
> > > > that I should take?
> > > 
> > > You will need to capture one of the messages in its entirety and post it 
> > > will full headers here.
> > > 
> > > the easiest way to do this is to setup a catchall account for a few 
> > > seconds, capture a message then turn off the catchall account.
> > 
> > Do you mean to set up a catchall for all the bounces?
> > 
> > 
> > Jessica
> 
>

More information about the redhat-list mailing list