hehe half the ones i am getting are spoofing dell.com addresses. _________________________________ Michael Boggan Network Engineer/Citrix Admin Virtual Desktop Inc. Dallas, Texas Ph: (972) 960-6400 Fax: (972) 960-6445 email: mboggan@xxxxxxxxxxx http://www.virtualdesktopinc.com _________________________________ For Technical Support during business hours please send email to support@xxxxxxxxxxx or call the above toll free number for afterhours support. -----Original Message----- From: Magnus [mailto:magnus@xxxxxxxx] Sent: Wednesday, August 20, 2003 2:06 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: viruses spoofing my e-mail addy Most of the mail that I have see has been coming from "known" Open Relay mail servers. We implemented a RBL and blacklist lookup program (on a linux machine) to query the RBL and blacklist/blackhole databases if it is in the list the mail gets refused / deleted . If it is not on the list we wrote a custom perl script to check if it is an open relay if so submit it to RBL and Blackhole to have them added to the database. It cut down on aboput 80% of our SPAM and infected emails. Magnus -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Henry Sieff Sent: Wednesday, August 20, 2003 12:56 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: OT: viruses spoofing my e-mail addy Oh yeah, welcome to the brave new world. Since Monday, we are seeing a 100 fold increase in spoofing massmailer emails. Opening up the headers and examining the path of servers the email took to its destination is the only way to identify the originating machine or mail server (SOBIG.F has its own SMTP server, so mostly it just contacts the destination mail server directly). The problem is that there isn't a single mail server AV product out there 'smart' enough to interpret these headers, and most people who run mail servers don't understand that. So, they happily let the AV software read the (easily forged) From: header and direct its alerts to whoever is listed in there. The amount of fun this can cause is amazing, as mail servers take one mail message and multiply it by two (the alerts) or three (what happens when the From: doesn't exist but the domain does?) or more (the various permutations are limited only by your imagination). Basically, the only moral thing to do is turn off emailed autoalerts on mail server AV software until it gets better. Henry > -----Original Message----- > From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx] > Sent: Wednesday, August 20, 2003 11:06 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] OT: viruses spoofing my e-mail addy > > > Just wondering if anyone else is getting messages from other people > gateways saying they got a virus attachment from your mail box addy. > > I have gotten several this am and the exchange server, > MetaFrame boxes I > am using all show as clean. Which leads me to believe that since my > address is out there so much on the internet that it is being > spoofed as > the reply to: > > Comments? > > Ron Oglesby > Senior Technical Architect > > RapidApp > Office 312.372.7188 > Mobile 815.325.7618 > email roglesby@xxxxxxxxxxxx > > ******************************************************** > This Week's Sponsor: RES PowerFuse, The Management Framework > for Windows > Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs > Manage, Control, and Secure an Entire Windows environment > with Ease, including Real-time Reporting and Documenting Components > Validate a Meaningful ROI on All of your IT Investments with > RES PowerFuse. > http://www.respowerfuse.com/ > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thethin.net/links.cfm > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** This Week's Sponsor: RES PowerFuse, The Management Framework for Windows Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs Manage, Control, and Secure an Entire Windows environment with Ease, including Real-time Reporting and Documenting Components Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse. http://www.respowerfuse.com/ ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor: RES PowerFuse, The Management Framework for Windows Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs Manage, Control, and Secure an Entire Windows environment with Ease, including Real-time Reporting and Documenting Components Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse. http://www.respowerfuse.com/ ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor: RES PowerFuse, The Management Framework for Windows Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs Manage, Control, and Secure an Entire Windows environment with Ease, including Real-time Reporting and Documenting Components Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse. http://www.respowerfuse.com/ ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm