From owner-freebsd-hackers Tue Nov 25 17:14:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA25721 for hackers-outgoing; Tue, 25 Nov 1997 17:14:42 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: (from jmb@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA25617; Tue, 25 Nov 1997 17:14:10 -0800 (PST) (envelope-from jmb) From: "Jonathan M. Bresler" Message-Id: <199711260114.RAA25617@hub.freebsd.org> Subject: Re: We will mail 4 U To: tlambert@primenet.com (Terry Lambert) Date: Tue, 25 Nov 1997 17:14:10 -0800 (PST) Cc: SPAM-L@PEACH.EASE.LSOFT.COM, freebsd-chat@freebsd.org, freebsd-current@freebsd.org, freebsd-doc@freebsd.org, freebsd-emulation@freebsd.org, freebsd-hackers@freebsd.org, freebsd-multimedia@freebsd.org, freebsd-ports@freebsd.org, freebsd-questions@freebsd.org, freebsd-stable@freebsd.org, spamcomplaints@MCI.NET In-Reply-To: <199711252324.QAA02240@usr05.primenet.com> from "Terry Lambert" at Nov 25, 97 11:24:35 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Terry Lambert wrote: > > > From searching several phone directories online, it appears that the person > > who sent this spam did so on behalf of: > > > > Jack Luke > > 39 Panda Av > > Middleburg, FL 32068-4765 > > (904) 282-0945 > > It is pretty obvious (to me, anyway) that this is a targetted trojan of > the type that was used to flood ml.org. > > Also, you will note that the putative "relay host" is running a highly > hacked version of sendmail (EHLO it). > "hacked version of sendmail" ????? EHLO is standard esmtp. this is old stuff already. see the rfc's (rfc1825 perhaps) two relay hosts were the ns servers for amgen.com. why are nameservers configured to relay mail? jmb