From owner-freebsd-questions Tue Nov 5 4:25: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8F9037B401 for ; Tue, 5 Nov 2002 04:25:03 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E2C143E42 for ; Tue, 5 Nov 2002 04:25:02 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gA5COqMO099075 for ; Tue, 5 Nov 2002 12:24:52 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gA5COkI9099070 for questions@FreeBSD.ORG; Tue, 5 Nov 2002 12:24:46 GMT Date: Tue, 5 Nov 2002 12:24:46 +0000 From: Matthew Seaman To: FreeBSD List Subject: Re: Mysterious emails Message-ID: <20021105122446.GA98973@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , FreeBSD List References: <20021105115907.GA1234@raggedclown.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021105115907.GA1234@raggedclown.net> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-14.1 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_01_02, USER_AGENT,USER_AGENT_MUTT version=2.41 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Nov 05, 2002 at 12:59:07PM +0100, Cliff Sarginson wrote: > I wonder if anyone can throw some light on this. > I get a *lot* of emails addressed to non-existant users > on my domain "raggedclown.net". They all follow a pattern > > A single alphabetic character followed by 3 numbers. > e.g. a1025, b3471 > > Now why is is anyone doing this ? These are very unlikely names, > and non of the normal aliases are tried. I don't think it is a DoS > either, since although they come in bursts they are usually in groups of > up to 7 or so...and not every day..which is not going to grind me to a halt. These are almost definitely the result of incompetent spammers trying to harvest e-mail addresses from mail archives on the web or some such. They would seem to be completely unable to distinguish between an e-mail address and a message ID --- eg. the mesage I'm replying to has the ID number: 20021105115907.GA1234@raggedclown.net You can see where the bogus addresses come from... A true BOFH would of course simply use the sendmail LUSER_RELAY facility to pipe the bogus messages straight into 'spamassassin -r' Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message