SPAM-ATTACKE ! Was kann ich tun ?

6 May 2003

      Hallo!

Ich bekomme seit vier Tagen pro Tag mehrere tausend Mails pro Tag in mein 
Postfach.

Die Mails sehen wie folgt aus:

----- The following addresses had permanent fatal errors -----

(reason: 550 5.1.1 ... User unknown)
----- Transcript of session follows -----
... while talking to [192.168.1.51]:
...
...
...
RCPT To:
<<< 550 5.1.1 ... User unknown
550 5.1.1 ... User unknown
Reporting-MTA: dns; afw.squit.de
Received-From-MTA: DNS; localhost
Arrival-Date: Tue, 6 May 2003 14:11:04 +0200
Final-Recipient: RFC822; f17d8c35496@squit.de
Action: failed
Status: 5.1.1
Remote-MTA: DNS; [192.168.1.51]
Diagnostic-Code: SMTP; 550 5.1.1 ... User unknown
Last-Attempt-Date: Tue, 6 May 2003 14:11:04 +0200
Return-Path: <>
Received: from localhost (localhost [127.0.0.1])
by afw.zenit.de (8.11.6/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id h46CB4g31618
for ; Tue, 6 May 2003 14:11:04 +0200
Received: from granddaddy.nexternal.com ([63.108.88.100] [63.108.88.100])
by afw.squit.de (AvMailGate-2.0.1.11) id 31607-2D434C91;
Tue, 06 May 2003 14:11:03 +0200
Received: by granddaddy.nexternal.com with Internet Mail Service (5.5.2656.59)
id <J4JAYCB3>; Tue, 6 May 2003 05:16:13 -0700
Message-ID: 
From: System Administrator 
To: f17d8c35496@squit.de
Subject: Undeliverable: wogfish unchristgan bqm o nko whfkexspx
Date: Tue, 6 May 2003 05:16:13 -0700
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
X-MS-Embedded-Report:
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01C313C9.4918C595"
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.11; AVE: 6.19.0.3; 
VDF: 6.19.0.11; host: afw.squit.de)
Your message
To: lm@chappellet.com
Subject: wogfish unchristgan bqm o nko whfkexspx
Sent: Tue, 6 May 2003 05:26:17 -0700
did not reach the following recipient(s):
LM@CHAPPELLET.COM on Tue, 6 May 2003 05:16:00 -0700
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a= ;p=nexternal
soluti;l=GRANDMA0305061215KBPVKXSR
MSEXCH:IMS:Nexternal Solutions:NEXTERNAL:GRANDMA 0 (000C05A6) Unknown
Recipient
Message-ID: <3-g-7kg-8--srz@pysw.y1.h.twar>
From: Arthur Comer 
To: lm@chappellet.com
Subject: wogfish unchristgan bqm o nko whfkexspx
Date: Tue, 6 May 2003 05:26:17 -0700
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
X-MS-Embedded-Report:
Content-Type: text/plain;
charset="iso-8859-1"
Dear Webmaster,
My name is Steve Warren, and I am the president of an internet development
and marketing company. Due to the state of the economy, several of our long
term contracts have defaulted and I need to rapidly generate some funds to
pay my developers or lose them. If you have any web design, Flash
development, PHP, CGI or database development, C, C++, JAVA, ASP work you
need done; please give us the opportunity to quote you. We can program for
any windows or linux environment. I will bill you just $25 per hour to
offset my employee payroll.
We have the following scripts already developed and ready to install:
*Access Counters
*Banner Ad Rotation System
*Auction Scripts
*bulletin board system
*realtime chat
*live helper support system
*support ticket system
*multi-level affiliate marketing system
*Shopping cart system
*guestbook
*classified ads
*personals/dating system
*survey and voting
*form/order processing
*topsite
*weblinks
*adult websites (turnkey)
*membership rebilling for websites
*realtime credit card processing
... Plus too much more to list
Thank You for your consideration
Steve Warren
CEO NetWizards
1601 NW 97th Ave, SJO3016
Miami, FL 33102
1-305-468-6390
(Leave a message with a brief description of your needs so I can have the
correct person return your call)
------------------------------------------zpkcsz s
ki
phxbzakiv uhnpdmkehrd oqdnzqw fd

Mein Mailserver steht in einer DMZ. Ich habe soweit auch alles überprüft - 
er ist weder gehackt worden noch erlaubt er unbefugtes Relaying. Es sieht 
eher so aus, als versendet jemand mit dem Absender "irgendeinen 
Schwachsinn"@squit.de tausende Mails pro Tag. Der Inhalt ist immer der 
Selbe. Allerdings stehen am Ende der Mail immer verschiedene wirre Zeichen. 
Möchte hier jemand den Sendmail-Bug aus dem März ausnutzen?

Für einen Tip wäre ich sehr dankbar.

Gruß,
Michel

Michael Paarmann

Michael Karges

Michael Paarmann

Bernd Tannenbaum

Michael Paarmann

Adalbert Michelic

Bernd Tannenbaum

Michael Paarmann

Manfred Tremmel

Daniel Zwick

Christian Boltz

Jan Theofel

B.Brodesser＠t-online.de

Jan Theofel

tags

participants (9)