[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spam on CIS: sendmail exploit used commercially ?
On Mon, 25 Aug 1997, Peter Lorand Peres wrote:
>
> Following the mail 'accident' I have caused a few days ago, I have noticed
> that on my CIS account I sometimes get spam with weird headers. CIS uses
> BSD machines as gateways (at least for telnet) on the Internet side.
>
> The headers appeared to be sentby the spammer to hmiself ! I have no idea
> how such a message got into my mailbox on CIS. It was not the only one
> however. The From: header was the spammer, the To: too and the
> Distribution also. I tried to send myself mail and the From: was myself
> obviously (100310.2360@compuserve.com).
>
> I have no idea what mailer they are using but I think they should take a
> look at it...
(max)/system/asher>telnet mx1.compuserve.com 25
Trying...
Connected to mx1.compuserve.com.
Escape character is '^]'.
220 arl-img-2.compuserve.com ESMTP Sendmail 8.8.6/8.8.6/2.5; Mon, 25 Aug
1997 14:18:35 -0400 (EDT)
looks like plain sendmail to me.
my guess would be that the spammer is using some kinky scripts that
f*ck with the headers.
+--------------------------------------------------------------------+
| Asher Frenkel Unix System Administrator |
| Fax : +972-3-6978115 Phone: +972-3-6978263|
| E-Mail:asher@ibm.net.il +972-3-6978687|
+--------------------------------------------------------------------+
IBM Israel
2, Weizmann St.
Tel Aviv 61336 ====== ======= === ===
http://www.ibm.net.il/ ====== ======== ==== ====
Dialup registration: 177-022-3993 == == == ==== ====
Company services: 03-6978663 == ====== == === ==
Internet sales fax: 03-6978115 == == === == = ==
Enquiries: info@ibm.net.il ====== ======== === ===
Technical support: noc@ibm.net.il ====== ======= === ===
----------------------------------------------------------------------