nanog mailing list archives

Re: Hijacked email

From: Richard Irving <rirving () onecall net>
Date: Wed, 20 Aug 2003 10:40:25 -0500


  Please people, of all the great feedback these joe jobbed
addresses are receiving, from the anti-virus software...

 it really wouldn't hurt to include the -=IP=- (and possibly headers)
of the system that contacted your server.....

 Rather than simply complain, it would allow us to track
down, and triangulate the -=real=- perp, an infected
M$ machine or two (million).

 Thanks in Advance for useful data !

  :D

JMHO.


Omachonu Ogali wrote:

For our Postfix viewers out there...

header_checks:
/^X-MailScanner: Found to be clean$/    REJECT You're infected, but you probably won't see this message anyway.

body_checks:
/X-MailScanner: Found to be clean/      REJECT Please, stop sending me bounces/infection notices for spoofed virus spam.

The last rule is kinda evil as it will block all mail with that line in
the body (both incoming and outgoing), so know what you're doing before
you blindly cut and paste.

Current thread:

Hijacked email Jack.W.Parks (Aug 20)
- Re: Hijacked email Pascal Gloor (Aug 20)
  - Re: Hijacked email jlewis (Aug 20)
    - Re: Hijacked email Omachonu Ogali (Aug 20)
    - Re: Hijacked email Richard Irving (Aug 20)
    - Hey netscalibur! (was: Re: Hijacked email) Christopher Chin (Aug 20)
    - Re: Hey netscalibur! (was: Re: Hijacked email) just me (Aug 20)
    - Message not available
    - Re: Hey netscalibur! (was: Re: Hijacked email) Christopher Chin (Aug 20)
    - Re: Hijacked email Will Yardley (Aug 20)
    - Re: Hijacked email Will Yardley (Aug 20)
- Re: Hijacked email Nathan A. Stratton (Aug 20)
  - Re: Hijacked email Mr. James W. Laferriere (Aug 20)
- Re: Hijacked email Haesu (Aug 20)