LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Dan Kortschak <dan.kortschak@adelaide.edu.au>
  To  : David Newall <davidn@rebel.net.au>
  Date: Mon, 11 Dec 2000 09:17:08 +1030 (CST)

Re: [OT] tracking spoofing spammer (saga)

Hi David,
        yeah I tried all of that, though not going to the extent of
checking headers the whole way down the line (though given the whole
notion of trust it may have been a good idea). The machine that the
message appeared to have originated from gave only an IP and that IP did
not responsd to any kind of interogation and was not locateable by
traceroute, so my guess is that it was a dynamically assigned address.
In the body there were three URLs which resolved to (doesn't resolve
within 30 hops any longer) the IP of an Argentian subdomain redirection
service (apparently not repsonding to emails - even in Spanish) and a
fourth that resolve to gelo.inova.com.br which seems to be accesable, but
does not receive email because of the rcpthost error I mentioned:

    Recipient: <root@gelo.inova.com.br>
    Reason:    sorry, that domain isn't in my list of allowed rcpthosts
(#5.7.1)

What I'd really like to know is whether that error check can be
circumvented o my machine, or whether it is due to other machines along
the way.
I think that in the meantime I'll contact the Uni ITS and see if they can
do something about adding them to the Uni's filters.

thanks
Dan

On Sat, 9 Dec 2000, David Newall wrote:

> Dan,
> 
> Email is not secure.  When you receive email from j.doe@morgue.gov there is
> only one thing which you can be immediately sure about, and that is that you
> received the email.  You particularly cannot be sure that is was sent by
> j.doe, nor indeed do you know that it was sent from morgue.gov.  You can
> trace backwards to try to find out where the email came from.
> 
> Here are the (relevant) headers of the email message that I received, in
> which you asked what you can do to track the spammer:
> 
> 

[snip]


> David
> 
> 

-- 
_____________________________________________________________   .`.`o     
                                                         o| ,\__ `./`r
  Dan Kortschak                                          <\/    \_O> O    
  Genetics (DMB)          phone :+61 8 8303 4863          "|`...'.\
  Adelaide University     fax   :+61 8 8303 4399           `      :\ 
  Australia 5005          mailto:dan.kortschak@adelaide.edu.au    : \

Employer required disclaimer (sorry for the bandwidth):
If you were not sent this message, please delete and forget it. If you
were, be aware that we don't guarantee it free of virus; the health of
your system is your own responsibility, do what you feel is necessary.

Check out the Munchkins: http://www.geocities.com/yellow_cake_road/



-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page