From owner-freebsd-ports  Thu Feb 14  0: 7:17 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9153B37B405; Thu, 14 Feb 2002 00:07:14 -0800 (PST)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id C4B9C2B74A; Thu, 14 Feb 2002 09:07:10 +0100 (CET)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id 297C3324; Thu, 14 Feb 2002 19:07:06 +1100 (EST)
Date: Thu, 14 Feb 2002 19:07:06 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: ports@FreeBSD.org
Cc: postmaster <postmaster@FreeBSD.org>
Subject: Re: Undeliverable mail--"SpyLOG  "
Message-ID: <20020214190706.B490@k7.mavetju.org>
References: <E16bGHN-0000ZE-00@mx1.mail.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <E16bGHN-0000ZE-00@mx1.mail.ru>; from postmaster@FreeBSD.org on Thu, Feb 14, 2002 at 10:26:06AM +0300
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Please keep in mind that this attachment is an executable (probably
a worm/virus/whatever) and that it isn't coming from postmaster@freebsd.org
but from somebody at 217.23.85.81. I don't know what it is doing,
but based on the output of strings: There are some SMTP commands
and references to dummy.exe and e:\windows\SyStem32\dLlcache\ddd.exe.


Postmaster, maybe it could be possible to reject email coming in
with a from-address as mailing-list names, administrative names
(postmaster, webmaster etc) @ freebsd.org?

Edwin

Received: from mx1.mail.ru (mx1.mail.ru [194.67.57.11])
        by hub.freebsd.org (Postfix) with ESMTP id 1C5F337B416
        for <ports@freebsd.org>; Wed, 13 Feb 2002 23:26:23 -0800 (PST)
Received: from [217.23.85.81] (helo=Ovzxitgmq)
        by mx1.mail.ru with smtp (Exim 3.14 #1)
        id 16bGHN-0000ZE-00
        for ports@FreeBSD.org; Thu, 14 Feb 2002 10:26:06 +0300


On Thu, Feb 14, 2002 at 10:26:06AM +0300, postmaster wrote:
> Content-Type: application/octet-stream;
> 	name=telecom_04[1].jpg
> Content-Transfer-Encoding: base64
> Content-ID: <Qj098o0l>
> 
> /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAMgAA/+4ADkFkb2JlAGTAAAAA
> Af/bAIQACAYGBgYGCAYGCAwIBwgMDgoICAoOEA0NDg0NEBEMDg0NDgwRDxITFBMSDxgYGhoY
> GCMiIiIjJycnJycnJycnJwEJCAgJCgkLCQkLDgsNCw4RDg4ODhETDQ0ODQ0TGBEPDw8PERgW
> FxQUFBcWGhoYGBoaISEgISEnJycnJycnJycn/8AAEQgAfQCkAwEiAAIRAQMRAf/EAIAAAAIC
> AwEAAAAAAAAAAAAAAAUGAwQAAgcBAQEBAAAAAAAAAAAAAAAAAAAAARAAAgEDAwEFBQUGBgMA
//deleted//

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message