From owner-freebsd-current  Wed Sep 10 19:35:21 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id TAA17068
          for current-outgoing; Wed, 10 Sep 1997 19:35:21 -0700 (PDT)
Received: from usr05.primenet.com (tlambert@usr05.primenet.com [206.165.6.205])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA17053
          for <current@FreeBSD.ORG>; Wed, 10 Sep 1997 19:35:17 -0700 (PDT)
Received: (from tlambert@localhost)
	by usr05.primenet.com (8.8.5/8.8.5) id TAA23585;
	Wed, 10 Sep 1997 19:35:15 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199709110235.TAA23585@usr05.primenet.com>
Subject: Re: ml.org updaters have problem with 3.0-current
To: mcdougall@ameritech.net (Adam McDougall)
Date: Thu, 11 Sep 1997 02:35:15 +0000 (GMT)
Cc: current@FreeBSD.ORG
In-Reply-To: <34162D5C.91A9A393@ameritech.net> from "Adam McDougall" at Sep 10, 97 01:17:17 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Hello, I seem to be having a problem with ml.org entry updaters under
> 3.0-current.  One such client shows this:
> 
> MLDDC 3.1.8 STD Copyright 1997 Artur Skawina <skawina@usa.net>
> DNS error (gethostbyname): Connection timed out
> 
> also with a different ml.org updater,
> 
> DYN 2.0 by Jon Klippenstein <random@ocii.com>
> Copyright (C) 1997
> Mods (2.x) by Method <method@arena.cwnet.com>
> Host:   bsdx.dyn.ml.org
> IP:     35.9.9.227
> USERNAME:       wnman1
> MX:     mx
> gethostbyname: Transport endpoint is not connected
> 
> Any ideas? All other internet apps work fine.

A SPAMmer on the Isle Of Man in the UK forged SPAM from ml.org and
gave a bunch of ml.org accounts as "contact us here!".

It was a "fake SPAM", ie: it's sole purpose seems to have been
to disrupt ml.org.

Apparently, they used the FreeBSD list archives in order to harvest
addresses.

This is apparently a very targetted attack.

I have provided full trace interpretation to them for them to give
to the FBI, and their lawyers, both of whom are apparently invloved
in investigating the incident.

I will have my sendmail signed key exchange RFC ready in a month or so,
after which the authority can refuse to sign keys for spammers, as part
of their contractual obligations.


					Regards,
					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.