Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Nov 1997 17:14:10 -0800 (PST)
From:      "Jonathan M. Bresler" <jmb>
To:        tlambert@primenet.com (Terry Lambert)
Cc:        SPAM-L@PEACH.EASE.LSOFT.COM, freebsd-chat@freebsd.org, freebsd-current@freebsd.org, freebsd-doc@freebsd.org, freebsd-emulation@freebsd.org, freebsd-hackers@freebsd.org, freebsd-multimedia@freebsd.org, freebsd-ports@freebsd.org, freebsd-questions@freebsd.org, freebsd-stable@freebsd.org, spamcomplaints@MCI.NET
Subject:   Re: We will mail 4 U
Message-ID:  <199711260114.RAA25617@hub.freebsd.org>
In-Reply-To: <199711252324.QAA02240@usr05.primenet.com> from "Terry Lambert" at Nov 25, 97 11:24:35 pm

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Terry Lambert wrote:
> 
> > From searching several phone directories online, it appears that the person  
> > who sent this spam did so on behalf of:
> > 
> > 	Jack Luke
> > 	39 Panda Av
> > 	Middleburg, FL 32068-4765
> > 	(904) 282-0945
> 
> It is pretty obvious (to me, anyway) that this is a targetted trojan of
> the type that was used to flood ml.org.
> 
> Also, you will note that the putative "relay host" is running a highly
> hacked version of sendmail (EHLO it).
> 

	"hacked version of sendmail"  ?????
	EHLO is standard esmtp.
	this is old stuff already.
	see the rfc's  (rfc1825 perhaps)

	two relay hosts were the ns servers for amgen.com.
	why are nameservers configured to relay mail?  <sigh>
jmb



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199711260114.RAA25617>