[ale] Apparently used in spam or virus distribution

John Mills johnmills at speakeasy.net
Tue Aug 19 11:24:35 EDT 2003


James, Fletch, Pete, attriel -

Thanks for the comments and suggestions. I have tried to keep my system
reasonably tight (though not 'bulletproof', I'm sure!) and am not aware of
allowing open relaying, but I do have a newer version of 'sendmail' to
build (since I found no 'rpm' for RH-7.3) and install. A bit lazy there.

I use 'fetchmail' to collect from a couple of pop-servers, and 'sendmail'
to spool it locally. I don't _think_ sendmail is even set to forward
outbound mail - Pine normally hits my ISP's SMTP server directly. It would
thus be necessary that an exploit use my 'sendmail' to hit a suitable
server.

Meanwhile my mail to the spam recipients seems to be blocked. (Not a bad 
idea for them, I admit.)

The return address is actually a forwarding pointer - my 'Reply-To:'.

On Tue, 19 Aug 2003, attriel wrote:

> > This morning I received two notices from UK recipients to the effect that
> > mail from me contained suspect attachments, identified in one case as a
> > PIF file.
> >
> > As I am not aware of sending any mail to these recipients and do not have
> > copies of the suspect mail, I can't tell whether they represent a
> > compromise of my Linux-2.4.20 system, the Pine newsreader, fetchmail,
> > sendmail, or some other link of the chain.
> >
> > Any suggestions for learning if this is really my problem?
> 
> Most likely you sent mail to someone who got infected and it's spoofing
> the From:
> 
> virus writers figured out how to do that a year or two back and it's
> become quite popular since it completely botches the trace path :/
> 
> --attriel
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 

-- 
 John Mills
 john.m.mills at alum.mit.edu

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list