Date: Wed, 24 Mar 1999 16:42:50 -0600 From: "Sal" <sal@intellex.com> To: <freebsd-questions@freebsd.org> Subject: IP forging in Emails? Message-ID: <004e01be7647$a9f342c0$ddcdd6ce@salazar>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Help! I work for an ISP that uses BSD (although this probably has nothing to do with the OS). We have made the appropriate settings to sendmail to prevent relaying from anyone outside of our network and our policies scream "no spamming!", yet someone is. The spamming has been going on and on for the past three or four days. No need to say our support Email box has a few hundred angry emails in it. We'd normally approach the abuser and take the appropriate actions, but the problem is, we don't know who it is. The actual mailing process covers a couple of hours and when we match up our Portmaster detail files with the IP addresses on the samples of spam we've received, it's a different user every time! The Email's the same, but the user is different. I don't believe we have a coalition of a few dozen users doing this. I think someone is bouncing the spam from these innocent users' connections to make it appear as if the spam is coming from them. I'm not just looking for a fix, but a way to catch this guy. If it's any help, our service covers five main towns and all the IP addresses on these Email's come from the same city. I'd love to get any suggestions you have because the sysadmin is pulling his hair out over this thing. My address is sal@intellex.com and feel free to ask me for samples of the emails or whatever is needed to get this problem solved. Thanks for your time and brain-power. Sal [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=text/html;charset=iso-8859-1 http-equiv=Content-Type> <META content='"MSHTML 4.72.3110.7"' name=GENERATOR> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT color=#000000 size=2>Help! I work for an ISP that uses BSD (although this probably has nothing to do with the OS). We have made the appropriate settings to sendmail to prevent relaying from anyone outside of our network and our policies scream "no spamming!", yet someone is.</FONT></DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2>The spamming has been going on and on for the past three or four days. No need to say our support Email box has a few hundred angry emails in it. We'd normally approach the abuser and take the appropriate actions, but the problem is, we don't know who it is.</FONT></DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2>The actual mailing process covers a couple of hours and when we match up our Portmaster detail files with the IP addresses on the samples of spam we've received, it's a different user every time! The Email's the same, but the user is different. I don't believe we have a coalition of a few dozen users doing this. I think someone is bouncing the spam from these innocent users' connections to make it appear as if the spam is coming from them.</FONT></DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2>I'm not just looking for a fix, but a way to catch this guy. If it's any help, our service covers five main towns and all the IP addresses on these Email's come from the same city.</FONT></DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2>I'd love to get any suggestions you have because the sysadmin is pulling his hair out over this thing. My address is <A href="mailto:sal@intellex.com">sal@intellex.com</A> and feel free to ask me for samples of the emails or whatever is needed to get this problem solved. Thanks for your time and brain-power.</FONT></DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2>Sal</FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004e01be7647$a9f342c0$ddcdd6ce>