From owner-freebsd-chat Tue Nov 25 16:51:43 1997 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA23595 for chat-outgoing; Tue, 25 Nov 1997 16:51:43 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA23582 for ; Tue, 25 Nov 1997 16:51:36 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP id QAA11455; Tue, 25 Nov 1997 16:51:29 -0800 (PST) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id QAA19241; Tue, 25 Nov 1997 16:51:28 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id QAA28275; Tue, 25 Nov 1997 16:50:51 -0800 (PST) From: Don Lewis Message-Id: <199711260050.QAA28275@salsa.gv.tsc.tdk.com> Date: Tue, 25 Nov 1997 16:50:50 -0800 In-Reply-To: Terry Lambert "Re: We will mail 4 U" (Nov 25, 11:24pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Terry Lambert , SPAM-L@PEACH.EASE.LSOFT.COM Subject: Re: We will mail 4 U Cc: freebsd-chat@FreeBSD.ORG Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk [Addresses trimmed] On Nov 25, 11:24pm, Terry Lambert wrote: } Subject: Re: We will mail 4 U } It is pretty obvious (to me, anyway) that this is a targetted trojan of } the type that was used to flood ml.org. Yes, this smells like a revenge spam. } Also, you will note that the putative "relay host" is running a highly } hacked version of sendmail (EHLO it). Which relay host? I've seen at least three different ones in different copies of this message. The injection point seems to consistently be an Atlanta MCI dialin port, which makes it unlikely the sender resides in Florida. --- Truck