Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Matts (1087)

Matts
  (email not shown publicly)
I work for MessageLabs [messagelabs.com] in Toronto, ON, Canada. I write spam filters, MTA software, high performance network software, string matching algorithms, and other cool stuff mostly in Perl and C.

Journal of Matts (1087)

Saturday March 02, 2002
04:31 AM

Mail attack

[ #3240 ]

Yuck - yesterday I ended up being a part of an attack on someone's mail server. I got over 100 emails in my spam trap box (because none were addressed to me directly), from someone's hacked mail server at lusopeople.com. A portugese (I think) web site where they've now put up an apology on the site. Very frustrating. But it does make me wonder if the site is a spammer themselves, because it was all coming to one of my trap emails that I never use.

The humourous thing was that some of the emails actually came from where I work, telling me I tried to send a virus, which of course I had no hand in. Intruiging - I'm going to have to talk to the admins about this one, because there's been a few problems in the past with sending our "You tried to send a virus" to mailing lists, rather than to the original author - which gets us into deep shit (understandably, of course - very bad juju to do that).


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Mail attack 4 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Since the same thing happened to me yesterday. Lots of bounce mail, subscription confirmation requests, and some "You sent us a virus" mail, all apparently originating from their webmaster account.

    Wonder if someone's using CPAN e-mail addresses or something.
    • Nope. Mine were to modperl @ sergeant.org, whereas my CPAN stuff comes direct to matt @ sergeant.org. I've never used modperl in direct mailings, so it must have been picked up by some crawler. Maybe the site deserved the attack, but I (and everyone else) certainly didn't.

      Intruigingly there's an article at the top of Slashdot right now talking about a very similar incident, but not the same.
    • For a few weeks, I've been getting occasional messages "from" perl5-porters-subscribe, Tim Bunce, and others in the Perl community that really aren't from them at all, but from mail servers in Poland and Russia, often containing viruses. I've even gotten a few bounces (and stories from other people) of messages I've apparently "sent" to others, showing similar characteristics.
  • I added this to my .procmailrc:

    :0
    * lusoglobal
      IN/spam

    That caught it. Yesterday was a bad day for email for me too--tchrist fixed a config bug on one of his training machines that caused it to finally be able to deliver about 9 months of 6-hourly cron messages on CPAN updates. I filtered those from my mailbox after 250ish and then added another procmail entry to shitcan the rest.

    I love procmail. Between procmail and spamassassin, I'm a happy bunny boy.

    --Nat

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.