Re: Exim mail

To: "Jamie Heilman" <jamie@audible.transient.net>
Cc: <debian-security@lists.debian.org>
Subject: Re: Exim mail
From: "Daniel Rychlik" <daniel@rychlik.ws>
Date: Fri, 14 Dec 2001 18:39:50 -0600
Message-id: <[🔎] 013801c18501$071e6ae0$0700000a@mars>
References: <[🔎] 003b01c184fe$8b613dd0$0700000a@mars> <[🔎] 20011215003313.GM16834@audible.transient.net>

Thanks for the reply on this.  I just found the header info.  It does appear
that he sent it from a remailer.  Thanks again,  Sorry for the stupidity.


Envelope-to: daniel@rychlik.ws
Received: from rly-ip02.mx.aol.com ([152.163.225.160])
 by earth.rychlik.ws with esmtp (Exim 3.12 #1 (Debian))
 id 16Ejkt-0003kp-00
 for <daniel@rychlik.ws>; Thu, 13 Dec 2001 22:15:27 -0600
Received: from logs-tn.proxy.aol.com (logs-tn.proxy.aol.com [152.163.207.5])
   by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
   with ESMTP id XAA01462 for <daniel@rychlik.ws>;
   Thu, 13 Dec 2001 23:06:10 -0500 (EST)
From: root@rychlik.ws
Received: from AC952543.ipt.aol.com (AC952543.ipt.aol.com [172.149.37.67])
 by logs-tn.proxy.aol.com (8.10.0/8.10.0) with SMTP id fBE430X219986
 for daniel@rychlik.ws; Thu, 13 Dec 2001 23:03:29 -0500 (EST)
Date: Thu, 13 Dec 2001 23:03:29 -0500 (EST)
Message-Id: <200112140403.fBE430X219986@logs-tn.proxy.aol.com>
X-Authentication-Warning: logs-tn.proxy.aol.com: AC952543.ipt.aol.com
[172.149.37.67] didn't use HELO protocol
X-Apparently-From: Obzatomic@aol.com
Bcc:
Status:

hehe this wasnt so hard either, i guess that makes me a pimp? lmfao, anyway
learn to call a brotha damnit! and dont act like you dont know who dis be!
foo! hehehe later..


----- Original Message -----
From: "Jamie Heilman" <jamie@audible.transient.net>
To: "Daniel Rychlik" <daniel@rychlik.ws>
Cc: <debian-security@lists.debian.org>
Sent: Friday, December 14, 2001 6:33 PM
Subject: Re: Exim mail


> Daniel Rychlik wrote:
>
> > How do I stop this from happening.  Apparently my bud telented to port
25
> > and somehow sent mail from my root account.  Any suggestions, white
papers
> > or links?  Id would like to block the telnet application all together,
but I
> > dont think thats possible.
>
> He didn't use your root account, he used the nature of SMTP to trick
> you.  http://rfc821.x42.com/  And no, you can't block telnet, unless
> you choose to not run a mail server at all.
>
> --
> Jamie Heilman                   http://audible.transient.net/~jamie/
> "Paranoia is a disease unto itself, and may I add, the person standing
>  next to you may not be who they appear to be, so take precaution."
> -Sathington Willoughby

Reply to:

Follow-Ups:
- Re: Exim mail
  - From: Preben Randhol <randhol@pvv.org>

References:
- Exim mail
  - From: "Daniel Rychlik" <daniel@rychlik.ws>
- Re: Exim mail
  - From: Jamie Heilman <jamie@audible.transient.net>

Prev by Date: RE: Exim mail
Next by Date: Re: Exim mail
Previous by thread: Re: Exim mail
Next by thread: Re: Exim mail
Index(es):
- Date
- Thread