Re: How do I find the source of the spammers?

To: John Foster <johnf@mars.nettrek.net.au>
Cc: debian-user@lists.debian.org
Subject: Re: How do I find the source of the spammers?
From: Paul Wade <paulwade@greenbush.com>
Date: Fri, 20 Jun 1997 08:18:33 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.970620075353.18297B-100000@greenbush.greenbush.lan>
In-reply-to: <[🔎] Pine.LNX.3.95q.970620073953.27220A-100000@mars.nettrek.net.au>

The problem of "relaying" can be solved by restricting access to the local
subnet. However, that would irritate some good customers. Suppose I am
traveling with my laptop and want to read and answer my email. I don't
want to pay for a toll call to the dialup because I can hook up via
ethernet or my brother says 'go ahead and use my local dialup account'.

There is a way to fix this for the ISP who thinks it's worth the trouble.
You could set up a web page that requires a password or have them login
via telnet. This would validate the IP the customer is at and you could
allow in.smtp because you know who to 'counsel' if you get a spam
complaint.

I suppose that you could require the telnet connect to stay active in
order to accept mail for relaying. They would have to switch to the telnet
and hit a key within n(60?) seconds before sending or the connect to smtp
would be refused. Hopping between open telnet and mailer programs is easy
for Windows or Linux users.

The apache approach has several possibilities. Maybe a javascript (ugh)
would be sufficient to tell the server you are still valid from the IP.

If somebody does this, they should share it freely. Most of the spam comes
from 'borrowed' mail servers.

On Fri, 20 Jun 1997, John Foster wrote:

> Hi,
> 
> This post is probably a bit off topic, but maybe one of you can give
> me a pointer in the right direction.
> 
> I'm looking after the servers of an ISP, and someone is using us for
> bulk mailouts.
> 
> I get a lot of mail in postmasters mailbox about it. I can't seem to
> find how it's getting in though!
> 
> Here's a chunk from my logs:
> 
> logfile.3.gz:06/17/1997 06:42:38: [m0wdNiA-000AM5C] Failed
> TO:<hobbes@interlink.no> ERROR:(ERR101) unknown host
> logfile.3.gz:06/17/1997 07:03:12: [m0wdNiA-000AM5C] Failed
> TO:<hobbie@wbb.com> ERROR:(ERR101) unknown host
> logfile.3.gz:06/17/1997 07:03:13: [m0wdNiA-000AM5C] Failed
> TO:<hobbes@pop.compuserve.com> ERROR:(ERR101) unknown host
> logfile.3.gz:06/17/1997 07:03:13: [m0wdNiA-000AM5C] Failed
> TO:<hobbes@mixcom.comoct> ERROR:(ERR101) unknown host
> logfile.3.gz:06/17/1997 07:03:13: [m0wdNiA-000AM5C] Failed
> TO:<hobbes@interlink.no> ERROR:(ERR101) unknown host
> logfile.4.gz:06/16/1997 08:23:55: [m0wdNiA-000AM5C] Received
> FROM:33700558@compuserve.com HOST:203.20.112.1 [199.174.230.27]
> PROTOCOL:smtp PROGRAM:in.smtpd
> ORIG-ID:<95640251452285.GAA01245@compuserve.com> SIZE:6337
> 
> The last entry is the first reference to this piece of mail in my
> logs! Is it possible for someone to use their compuserve account to
> send mail to my daemon that instructs it to run the bulk mailout?
> 
> the host 203.20.112.1 is one of my servers.
> 
> If so, how do I stop it?
> 
> More importantly, how can I find if it's one of the 800 clients who
> has an account on this server, so I can close their account and send
> them elsewhere?
> 
> And then how do I prevent it happening again?
> 
> I guess that if there's a clueful person who knows the answer to this
> one then they'll probably want to email me personally, so that the
> solution is not advertised to the spammers. Then again I guess we'd
> all like to know how to do this.
> 
> I'm using smail from the 1.3 distribution. Perhaps I should be using
> another mail-daeomn. Or is there a way that I can restrict things in
> smail? The documentation for smail is (or was anyway) pretty woeful!
> 
> This is rather urgent as I see it!
> 
> John Foster
> 
> System Administrator (in training!?)
> Net-Trek/Cynergy
> 
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 

+----------------------------------------------------------------------+
+ Paul Wade                         Greenbush Technologies Corporation +
+ mailto:paulwade@greenbush.com              http://www.greenbush.com/ +
+----------------------------------------------------------------------+
+ http://www.greenbush.com/cds.html             Special Linux CD offer +
+----------------------------------------------------------------------+


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: How do I find the source of the spammers?
  - From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>

References:
- How do I find the source of the spammers?
  - From: John Foster <johnf@mars.nettrek.net.au>

Prev by Date: Re: How do i access drives?
Next by Date: Re: What would you do?
Previous by thread: How do I find the source of the spammers?
Next by thread: Re: How do I find the source of the spammers?
Index(es):
- Date
- Thread