[NTLUG:Discuss] spam / email setup help
kbrannen@gte.net
kbrannen at gte.net
Fri Nov 22 13:41:38 CST 2002
I need some help with email! I have a 2-fold problem:
Problem 1:
Someone who is infected with Klez has my email address in their address book;
and it's picked my address to spoof with. (See the Symantec site for a
description of its capabilities.) Anyway, this is becoming very annoying!
The biggest part of the annoyance is that I get a lot of mail with these headers:
From: Mail Administrator <Postmaster at verizon.net>
Subject: Mail System Error - Returned Mail
and every file is over 100K in size, so with 10+ of these at a time, download
time is considerable. In searching thru the headers, I can find nothing
useful, but I do see 204.50.7.195 fairly often on the spam returns. However,
I can't find anything useful about it:
---
$ dig 204.50.7.195
; <<>> DiG 9.1.3 <<>> 204.50.7.195
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10880
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;204.50.7.195. IN A
;; AUTHORITY SECTION:
. 10757 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2002112200 1800 900 604800 86400
;; Query time: 129 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Nov 22 13:10:20 2002
;; MSG SIZE rcvd: 105
---
I see nothing useful here, am I missing something?
Note: I use Linux for all my email, and Klez does not live there. :-) Yes my
system is dual boot, but the Win98 side is not setup for email, does not have
Outlook or OutlookExpress installed, I have scanned if for Klez just in case
and came up empty, and all these email returns suggest that the email was sent
in the last 24 hours or so, and I have not rebooted into Win98 for several days.
Problem 2:
Since I can't find out who has the real problem so I can notify them to clean
it up, I'm left with trying to block/filter all this. I've read several
articles on email filtering and believe I can write a Perl script that can
detect most spam I receive, but I don't understand the email architecture well
enough to know where to put this script.
I use Netscape (Mozilla) Messenger, which currently reads and sends direct
from/to my ISP's POP3 account, with dial-on-demand ISDN. Messenger has no
hooks for me to put scripts in, so I'm going to need to change how I do this;
and surely someone else has already done this. :-)
So can someone clue me into the program/settings needed to do:
ISP -> program to get mail to my machine (the filtering script goes in here
and either moves the spam to a trash mailbox or in the right
circumstances just tells the ISP to delete the email and don't
bother downloading it) (and this program needs to be runnable on
demand)
-> can Messenger read from a local mbox?
Then Messenger sends normally straight to the ISP.
Thanks for any help in understanding all this,
Kevin
More information about the Discuss
mailing list