[NTLUG:Discuss] spam / email setup help
Jay Urish
j at unixwolf.net
Fri Nov 22 16:11:29 CST 2002
do a whois on that ip or a host lookup.
At 01:41 PM 11/22/2002 -0600, you wrote:
>I need some help with email! I have a 2-fold problem:
>
>Problem 1:
>Someone who is infected with Klez has my email address in their address
>book; and it's picked my address to spoof with. (See the Symantec site
>for a description of its capabilities.) Anyway, this is becoming very
>annoying! The biggest part of the annoyance is that I get a lot of mail
>with these headers:
>
>From: Mail Administrator <Postmaster at verizon.net>
>Subject: Mail System Error - Returned Mail
>
>and every file is over 100K in size, so with 10+ of these at a time,
>download time is considerable. In searching thru the headers, I can find
>nothing useful, but I do see 204.50.7.195 fairly often on the spam
>returns. However, I can't find anything useful about it:
>---
>$ dig 204.50.7.195
>
>; <<>> DiG 9.1.3 <<>> 204.50.7.195
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10880
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;204.50.7.195. IN A
>
>;; AUTHORITY SECTION:
>. 10757 IN SOA A.ROOT-SERVERS.NET.
>NSTLD.VERISIGN-GRS.COM. 2002112200 1800 900 604800 86400
>
>;; Query time: 129 msec
>;; SERVER: 192.168.1.1#53(192.168.1.1)
>;; WHEN: Fri Nov 22 13:10:20 2002
>;; MSG SIZE rcvd: 105
>---
>
>I see nothing useful here, am I missing something?
>
>Note: I use Linux for all my email, and Klez does not live there. :-) Yes
>my system is dual boot, but the Win98 side is not setup for email, does
>not have Outlook or OutlookExpress installed, I have scanned if for Klez
>just in case and came up empty, and all these email returns suggest that
>the email was sent in the last 24 hours or so, and I have not rebooted
>into Win98 for several days.
>
>Problem 2:
>Since I can't find out who has the real problem so I can notify them to
>clean it up, I'm left with trying to block/filter all this. I've read
>several articles on email filtering and believe I can write a Perl script
>that can detect most spam I receive, but I don't understand the email
>architecture well enough to know where to put this script.
>
>I use Netscape (Mozilla) Messenger, which currently reads and sends direct
>from/to my ISP's POP3 account, with dial-on-demand ISDN. Messenger has no
>hooks for me to put scripts in, so I'm going to need to change how I do
>this; and surely someone else has already done this. :-)
>
>So can someone clue me into the program/settings needed to do:
>
>ISP -> program to get mail to my machine (the filtering script goes in here
> and either moves the spam to a trash mailbox or in the right
> circumstances just tells the ISP to delete the email and don't
> bother downloading it) (and this program needs to be runnable on
> demand)
> -> can Messenger read from a local mbox?
>
>Then Messenger sends normally straight to the ISP.
>
>Thanks for any help in understanding all this,
>Kevin
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list