[Dshield] victim of spam-trash

Dave Young dave at boldfish.com
Fri Mar 8 18:02:04 GMT 2002


these e-mails aren't traveling through his machine at all, jsut the 
bounces and replies, which are coming from the recipients machines, not 
the person who is sending the mail. Someone is forging the from: address 
to eddiecandy2782 at sse.de, and when the mail bounces, it goes back to 
eddie2782 at sse.de. He could add a mail alias or a block for that user, 
but all that would do is reject the bounces and replies, people are 
still getting spam from what looks like eddie2782 at sse.de.



my previous posts explain this a bit better....



--Dave


On Fri, 8 Mar 
2002, Micheal Patterson wrote:

> If you have access to the logs of mail.webpartner.de you can sort through
> the logs to see what Ip sent the original message to eddiecandy2782 at sse.de
> and /dev/null that Ip at your router/firewall to stop it.
> 
> --
> 
> Micheal Patterson
> Network Administration
> Cancer Care Network
> 405-733-2230
> 
> ----- Original Message -----
> From: "Martin Müller" <mueller at webpartner.de>
> To: <list at dshield.org>
> Sent: Friday, March 08, 2002 8:56 AM
> Subject: [Dshield] victim of spam-trash
> 
> 
> > Hi all,
> >
> > we have the following problem.
> >
> > A spammer is sending tons of emails with the email-adress
> >  as reply-to or mail from in the header.
> > The Domain sse.de belongs to a customer from us. (Which isn't the spammer)
> >
> > We get serveral thousands emails a day from all in the world with
> > errormessages that the mail(spam) isn't delivered because of "unkown user,
> > or something else"
> > I think the maillist from the spammer is very old.
> >
> > In other words, the spammer is sending with our
> > emailadress/domain(eddiecandy2782 at sse.de) to i.e. asdf at yahoo.com and yahoo
> > is sending the mail to me, that the asdf at yahoo.com is i.e. unkown. The
> > yahoo-email-adress is only for example.
> >
> > The only thing is, that i have configured this emailadress to be rejected,
> > but this does not solve the problem, because with this we are rejecting
> the
> > return mails from great companys like yahoo or msn or something else and
> not
> > the spammer himself.
> >
> > Ive got much emails from concerned users because of spamming, but the spam
> > isn't from us.
> >
> > What can i do? Has somebody a great idea?
> > I have viewed much of this spam, but in all mails is no hint, who it could
> > be.
> > In the Internet i have found this text
> > http://archives.neohapsis.com/archives/crypto/2001-q3/0307.html
> > which is one of the contents of the mail(but there are much much more)
> > The Email-Adress at the end is a fake too, i think.
> >
> >
> > Thanks in advance,
> >
> > Martin Mueller
> >
> > ---------------------------------------
> > Webpartner Kommunikationsdienste GmbH
> > Metzstrasse 14b
> > 81667 Muenchen
> >
> >
> > [[ Attachement of type text/html deleted]]
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list