Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
RE: [suse-security] Spamming ...
  • From: "Yarrel" <yarrel@xxxxxxxxxxxxxx>
  • Date: Fri, 1 Mar 2002 09:24:25 +0100
  • Message-id: <ILEFJLAAIMOBDDJCANJLCEJDCBAA.yarrel@xxxxxxxxxxxxxx>


-----Original Message-----
From: Martin Schichl [mailto:mschichl@xxxxxxxxx]
Sent: 1. marts 2002 07:06
To: suse-security@xxxxxxxx
Subject: [suse-security] Spamming ...


Morning!

Since some days I get Returned Mails from unknown mail-users which seems
that someone is spamming from our machine.

But when i analyze the header of the original mail i fin a line:
>> Received: from 210.97.42.1 (HELO scc.co.at) (210.97.42.1) <<
Although the IP of scc.co.at is 193.81.182.39

The IP 210.97.42.1 will change permanently when reading other
similar mails.

My questions:
1) Is it possible that someone beoke into our machine and sent this
mail directly over scc.co.at
2) What can I do to stop those spammers ...

ThanX

Martin



Hi Martin

This is known as a "Joe job". The spammer apparently made referrals to yout
domain in the "reply to" header of the spam-mail.

I haven?t dealt with a similar problm here, but I suggest you consult
"news.admin.net-abuse.email". The regs in there have a great deal of
experience in combatting spam and the notorious "Joe jobs".

Hope this helps

Yarrel

[snipped smamich]


< Previous Next >
References