[60947] in North American Network Operators' Group
Re: Hijacked email
daemon@ATHENA.MIT.EDU (Richard Irving)
Wed Aug 20 11:41:01 2003
Date: Wed, 20 Aug 2003 10:40:25 -0500
From: Richard Irving <rirving@onecall.net>
To: nanog@merit.edu
In-Reply-To: <20030820152827.GB49188@dipole.informationwave.net>
Errors-To: owner-nanog-outgoing@merit.edu
Please people, of all the great feedback these joe jobbed
addresses are receiving, from the anti-virus software...
it really wouldn't hurt to include the -=IP=- (and possibly headers)
of the system that contacted your server.....
Rather than simply complain, it would allow us to track
down, and triangulate the -=real=- perp, an infected
M$ machine or two (million).
Thanks in Advance for useful data !
:D
JMHO.
Omachonu Ogali wrote:
> For our Postfix viewers out there...
>
> header_checks:
> /^X-MailScanner: Found to be clean$/ REJECT You're infected, but you probably won't see this message anyway.
>
> body_checks:
> /X-MailScanner: Found to be clean/ REJECT Please, stop sending me bounces/infection notices for spoofed virus spam.
>
> The last rule is kinda evil as it will block all mail with that line in
> the body (both incoming and outgoing), so know what you're doing before
> you blindly cut and paste.
