From owner-freebsd-questions@FreeBSD.ORG Wed Feb 18 14:09:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C97716A4CE for ; Wed, 18 Feb 2004 14:09:33 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE82643D1D for ; Wed, 18 Feb 2004 14:09:32 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i1IM9RoH057831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Feb 2004 22:09:27 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i1IM9ReR057830; Wed, 18 Feb 2004 22:09:27 GMT (envelope-from matthew) Date: Wed, 18 Feb 2004 22:09:27 +0000 From: Matthew Seaman To: luke@themango.org Message-ID: <20040218220927.GA57070@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , luke@themango.org, freebsd-questions@freebsd.org References: <45614.207.43.195.204.1077067743.squirrel@www.themango.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: <45614.207.43.195.204.1077067743.squirrel@www.themango.org> User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: My fault or just Spam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 22:09:33 -0000 --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 17, 2004 at 07:29:03PM -0600, luke@themango.org wrote: > Anyhow, within the month that I've had my server running I've been > recieving numerous emails that are obviously malicious to Windows users > (i.e. contain an attachment with some random-letters.exe and nonsense > about a patch). In short my concern is not that me or my wife will run > this, sense we don't use Windows, but whether these emails are just spam > or if it is my fault. Not your fault at all. The 'net is being plauged at the moment by a series of Windows worm programs that attempt to spread themselves through e-mail. Once the infect a machine, they send e-mail to addresses listed in uers' address books, and also forge the sender address using the same source. See, eg. http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.b@mm= =2Ehtml This means that you and I, as innocent and uninfected bystanders will be deluged in three types of message as a consequence: i) Messages from the trojan program attempting to propagate itself. ii) Bounce messages from the mailer daemon saying that messages of type (i) couldn't be delivered, sent to the forged sender addresses. iii) Really annoying messages sent by some dim-witted anti-virus software accusing you of sending virus infested e-mails. These are completely pointless, as the sender addresses are forged, and the AV software writers should know that. In fact the huge flood of messages of type (iii) have outnumbered the messages of type (i) in this latest outbreak. AV software writers making themselves part of the problem there, rather than the solution. As FreeBSD users we can, of course, act all smug about this and just set our spam filters and AV software to dump all of the (i), (ii) and (iii) types of message into the bit-bucket. If you want to test your machine to see if it is providing an open relay, go to http://www.abuse.net/relay.html and follow the instructions. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAM+KXdtESqEQa7a0RAkWQAKCKyQ3ztcrF6nkD8p8oBXeRWlAB+ACgi8B9 WXj2K3Lwdk1UqzfX3xbLoys= =7ClP -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--