From owner-freebsd-questions  Wed Mar 24 14:38:52 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from server.intellex.com (server.intellex.com [205.186.137.2])
	by hub.freebsd.org (Postfix) with ESMTP id 0778F14E57
	for <freebsd-questions@freebsd.org>; Wed, 24 Mar 1999 14:38:50 -0800 (PST)
	(envelope-from sal@intellex.com)
Received: from salazar (tahl221.intellex.com [206.214.205.221])
	by server.intellex.com (8.9.0/8.9.0) with SMTP id QAA14949
	for <freebsd-questions@freebsd.org>; Wed, 24 Mar 1999 16:40:11 -0600 (CST)
Message-ID: <004e01be7647$a9f342c0$ddcdd6ce@salazar>
From: "Sal" <sal@intellex.com>
To: <freebsd-questions@freebsd.org>
Subject: IP forging in Emails?
Date: Wed, 24 Mar 1999 16:42:50 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_004B_01BE7615.5B38EA40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_004B_01BE7615.5B38EA40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Help!  I work for an ISP that uses BSD (although this probably has =
nothing to do with the OS).  We have made the appropriate settings to =
sendmail to prevent relaying from anyone outside of our network and our =
policies scream "no spamming!", yet someone is.

The spamming has been going on and on for the past three or four days.  =
No need to say our support Email box has a few hundred angry emails in =
it.  We'd normally approach the abuser and take the appropriate actions, =
but the problem is, we don't know who it is.

The actual mailing process covers a couple of hours and when we match up =
our Portmaster detail files with the IP addresses on the samples of spam =
we've received, it's a different user every time!  The Email's the same, =
but the user is different.  I don't believe we have a coalition of a few =
dozen users doing this.  I think someone is bouncing the spam from these =
innocent users' connections to make it appear as if the spam is coming =
from them.

I'm not just looking for a fix, but a way to catch this guy.  If it's =
any help, our service covers five main towns and all the IP addresses on =
these Email's come from the same city.

I'd love to get any suggestions you have because the sysadmin is pulling =
his hair out over this thing.  My address is sal@intellex.com and feel =
free to ask me for samples of the emails or whatever is needed to get =
this problem solved.  Thanks for your time and brain-power.

Sal

------=_NextPart_000_004B_01BE7615.5B38EA40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>Help!&nbsp; I work for an ISP that =
uses BSD=20
(although this probably has nothing to do with the OS).&nbsp; We have =
made the=20
appropriate settings to sendmail to prevent relaying from anyone outside =
of our=20
network and our policies scream &quot;no spamming!&quot;, yet someone=20
is.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>The spamming has been going on and =
on for the=20
past three or four days.&nbsp; No need to say our support Email box has =
a few=20
hundred angry emails in it.&nbsp; We'd normally approach the abuser and =
take the=20
appropriate actions, but the problem is, we don't know who it =
is.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>The actual mailing process covers a =
couple of=20
hours and when we match up our Portmaster detail files with the IP =
addresses on=20
the samples of spam we've received, it's a different user every =
time!&nbsp; The=20
Email's the same, but the user is different.&nbsp; I don't believe we =
have a=20
coalition of a few dozen users doing this.&nbsp; I think someone is =
bouncing the=20
spam from these innocent users' connections to make it appear as if the =
spam is=20
coming from them.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>I'm not just looking for a fix, but =
a way to=20
catch this guy.&nbsp; If it's any help, our service covers five main =
towns and=20
all the IP addresses on these Email's come from the same =
city.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>I'd love to get any suggestions you =
have because=20
the sysadmin is pulling his hair out over this thing.&nbsp; My address =
is <A=20
href=3D"mailto:sal@intellex.com">sal@intellex.com</A> and feel free to =
ask me for=20
samples of the emails or whatever is needed to get this problem =
solved.&nbsp;=20
Thanks for your time and brain-power.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>Sal</FONT></DIV></BODY></HTML>

------=_NextPart_000_004B_01BE7615.5B38EA40--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message