[OT] Pilot Email Question

Adam Pitcher aceap@aceap.com
Thu, 22 Mar 2001 21:02:53 -0500


My father had that virus.  I knew he had the virus before he did.  Since he
has email off my domain, I received a bounced message.  It was from sexyfun
but came from his IP.  I found that when he opened his email, it tried sending
itself out to others thru my smtp.  It always failed because it was making
garbled emails and failed everytime.
So yes it is a virus.  And suprisingly, he uses netscape email and it still
managed to send itself out.

Adam


Don Chorman wrote:

> I'm not sure but I looked at the IP address in the header.
> Message header:
>
> Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127])
>         by pilot04.cl.msu.edu (8.10.2/8.10.2) with ESMTP id f2MKkt050274;
>         Thu, 22 Mar 2001 15:46:55 -0500
> Received: from pilot07.cl.msu.edu (pilot07.cl.msu.edu [35.9.5.27])
>         by egr.msu.edu (8.11.1/8.11.1) with ESMTP id f2MKkqc09523
>         for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:52 -0500 (EST)
>
> Received: from c1016883-a (pm283-15.dialip.mich.net [35.9.9.240])
>         by pilot07.cl.msu.edu (8.10.2/8.10.2) with SMTP id f2MKkaI13548
>         for <ece360all@egr.msu.edu>; Thu, 22 Mar 2001 15:46:41 -0500
> Date: Thu, 22 Mar 2001 15:46:41 -0500
> Message-Id: <200103222046.f2MKkaI13548@pilot07.cl.msu.edu>
> From: Hahaha <hahaha@sexyfun.net>
>
> I'm not sure but I think it came from (pm283-15.dialip.mich.net
> [35.9.9.240]).
> What do you think?
>
> Ben Pfaff wrote:
>
> > Don Chorman <chormand@pilot.msu.edu> writes:
> >
> > [spam]
> >
> > > Thanks Ben. I did call CIC, and email them the header if thats worth
> > > anything. It looked like the email originated from campus.
> >
> > I cannot speak as to your particular spam, since I haven't seen
> > it, but beware of depending on From: lines, etc., for domain of
> > origination.  For such things, spammers often just use a
> > "username" without any domain at all, and lots of MTAs (all?)
> > will then append their own domain.  So the spammer sends an email
> > through Pilot that has a From: line like:
> >         From: imbecile
> > and after it goes through Pilot, it looks like
> >         From: imbecile@msu.edu
> > which, if you don't read the Received: headers, makes it look
> > like it originated locally.
> >
>
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user