Mailer abuse incident on last Thursday
Good day!
I am the postmaster of finlandia.infodrom.north.de which was misused
for abuse mail.
On Thursday, 02/06/97 in the morning hours (4am to 11am local time)
someone misused our mail server to send junk mail through the
internet. The guy came from *.UU.NET. He nearly sent 1000
mails. At about 11am I was informed. I have firewalled that
particular site to stop it and informed abuse@uu.net.
All the mails came from:
Name: Cust12.Max13.San-Francisco.CA.MS.UU.NET
Address: 153.35.239.140
The originator was faked and equal to the recipant. The guy who did
this claimed to be very clever, but wasn't. Unfortunately I was
sleeping when he did his bad joke.
The mail was delivered to finlandia.infodrom.north.de and went out to
the receipant through gimli.Informatik.Uni-Oldenburg.DE. It's
postmaster is informed as well.
The first was this one:
02/06/97 04:39:21: [m0vsKg6-001ZGPC] received
| from: xxxxxxxx
| host: fuck.com [153.35.239.140]
| protocol: smtp
| program: smail
| size: 125 bytes
02/06/97 04:39:26: [m0vsKg6-001ZGPC] delivered
| via: gimli.Informatik.Uni-Oldenburg.DE
| to: xxxxxxxx@hipcrime.com
| orig-to: xxxxxxxx@hipcrime.com
| router: smart_host
| transport: smtp
02/06/97 04:39:26: [m0vsKg6-001ZGPC] Completed.
And the last one is this one:
02/06/97 11:07:59: [m0vsQkI-001ZGsC] received
| from: xxxxxxxx@mbox.queen.it
| host: mbox.queen.it [153.35.239.140]
| protocol: smtp
| program: smail
| size: 1264 bytes
02/06/97 11:08:06: [m0vsQkI-001ZGsC] delivered
| via: gimli.Informatik.Uni-Oldenburg.DE
| to: xxxxxxxx@mbox.queen.it
| orig-to: xxxxxxxx@mbox.queen.it
| router: smart_host
| transport: smtp
02/06/97 11:08:06: [m0vsQkI-001ZGsC] Completed.
At that time I was informed and have firewalled them. No such mail
was received here after this action.
Regards
Joey
--
/ Martin Schulze * joey@infodrom.north.de * 26129 Oldenburg /
/ Germany.Net ist vergleichbar mit einem Telefon /
/ ohne Waehlscheibe und Klingel... -- Lutz Donnerhacke /