Site Navigation

Date:      Thu, 14 Feb 2002 19:07:06 +1100
From:      Edwin Groothuis <edwin@mavetju.org>
To:        ports@FreeBSD.org
Cc:        postmaster <postmaster@FreeBSD.org>
Subject:   Re: Undeliverable mail--"SpyLOG  "
Message-ID:  <20020214190706.B490@k7.mavetju.org>
In-Reply-To: <E16bGHN-0000ZE-00@mx1.mail.ru>; from postmaster@FreeBSD.org on Thu, Feb 14, 2002 at 10:26:06AM %2B0300
References:  <E16bGHN-0000ZE-00@mx1.mail.ru>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Please keep in mind that this attachment is an executable (probably
a worm/virus/whatever) and that it isn't coming from postmaster@freebsd.org
but from somebody at 217.23.85.81. I don't know what it is doing,
but based on the output of strings: There are some SMTP commands
and references to dummy.exe and e:\windows\SyStem32\dLlcache\ddd.exe.


Postmaster, maybe it could be possible to reject email coming in
with a from-address as mailing-list names, administrative names
(postmaster, webmaster etc) @ freebsd.org?

Edwin

Received: from mx1.mail.ru (mx1.mail.ru [194.67.57.11])
        by hub.freebsd.org (Postfix) with ESMTP id 1C5F337B416
        for <ports@freebsd.org>; Wed, 13 Feb 2002 23:26:23 -0800 (PST)
Received: from [217.23.85.81] (helo=Ovzxitgmq)
        by mx1.mail.ru with smtp (Exim 3.14 #1)
        id 16bGHN-0000ZE-00
        for ports@FreeBSD.org; Thu, 14 Feb 2002 10:26:06 +0300


On Thu, Feb 14, 2002 at 10:26:06AM +0300, postmaster wrote:
> Content-Type: application/octet-stream;
> 	name=telecom_04[1].jpg
> Content-Transfer-Encoding: base64
> Content-ID: <Qj098o0l>
> 
> /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAMgAA/+4ADkFkb2JlAGTAAAAA
> Af/bAIQACAYGBgYGCAYGCAwIBwgMDgoICAoOEA0NDg0NEBEMDg0NDgwRDxITFBMSDxgYGhoY
> GCMiIiIjJycnJycnJycnJwEJCAgJCgkLCQkLDgsNCw4RDg4ODhETDQ0ODQ0TGBEPDw8PERgW
> FxQUFBcWGhoYGBoaISEgISEnJycnJycnJycn/8AAEQgAfQCkAwEiAAIRAQMRAf/EAIAAAAIC
> AwEAAAAAAAAAAAAAAAUGAwQAAgcBAQEBAAAAAAAAAAAAAAAAAAAAARAAAgEDAwEFBQUGBgMA
//deleted//

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214190706.B490>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact