[Samba] Re: Please check if your are sending offending emails

ravi varma gue_st at hotmail.com
Thu Sep 25 15:12:58 GMT 2003 

Hi Ron,

YES

you are correct i am getting tons a day and opend a ticket at microsoft site 
but didnt get any reply upto now.

Recent days i got an email from RAV antivirus   domain name ends with "br"  
saying that one of their server caught the email has antivirus and my email 
id is in the list too as i know i donno any single member of bunch of email 
adddress, some are "online.microsoft.com" domain related might be spoofed .
my hotmail account is daily filling up with exactly copies of 144KB or 156 
KB or 157KB files.

as a univ Tech consultant can you open a ticket for Microsoft/hotmail and 
catch up the culprit?

thanx in advance.


>From: "Ron Liu" <rliu at email.sjsu.edu>
>Reply-To: <rliu at email.sjsu.edu>
>To: <samba at lists.samba.org>
>CC: <openldap-software at OpenLDAP.org>
>Subject: Please check if your are sending offending emails
>Date: Thu, 25 Sep 2003 07:35:00 -0700
>
>Hi, There
>Last few weeks I've received tons of these "Microsoft Security updates"
>emails with Virus attachment. These email must be from samba or ldap 
>mailing
>list. Following I listes some sender's source IP address and host names.
>This only very small part of list. If I have time, I will be sending more
>offending hosts list to you. Please take a look if your machine happened to
>be one of the offending hosts, please try to clean it up. You can find more
>information about clean up the infected machine from
>http://securityresponse.symantec.com/
>
>Offending hosts list (part 1)
>********************************************************
>from in.menzolit-fibron.sk ([217.118.110.162])
>
>Received: from empcorreo.onolab.com (smtp.onored.com [62.42.230.27])
>
>from cobalt.eux.nl (213-132-174-148.multikabel.nl [213.132.174.148])
>
>Received: from smtp04.wxs.nl (smtp04.wxs.nl [195.121.6.59])
>
>Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206])
>Received: from fxdmfn (80.182.241.123) by vsmtp12.tin.it (7.0.019)
>
>Received: from mail.chariot.net.au (mail.chariot.net.au [203.87.95.38])
>Received: from clbnqpl (ppp-080.cust203-87-121.ghr.chariot.net.au
>[203.87.121.80])
>	by mail.chariot.net.au (Postfix) with SMTP
>
>Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [144.135.24.156])
>Received: from qngjcj ([144.135.24.72]) by mta06bw.email.bigpond.com
>  (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
>  with SMTP id <0HLR00B9XQZUWA at mta06bw.email.bigpond.com> for
>
>Received: from poczta.xtra.pl (poczta.xtra.pl [212.14.56.8])
>Received: from zpvcvl (em21313623232.teleton.pl [213.136.232.32])
>	by poczta.xtra.pl (Postfix) with SMTP
>	id 6C1591AEBC; Thu, 25 Sep 2003 14:13:05 +0200 (CEST)
>
>Received: from mail0.ewetel.de (mail0-96.ewetel.de [212.6.122.96])
>Received: from pjcsj (dialin-79153.ewetel.net [212.6.79.153])
>	by mail0.ewetel.de (8.12.1/8.12.9) with SMTP id h8PC77jB029732;
>	Thu, 25 Sep 2003 14:07:08 +0200 (MEST)
>
>Received: from imf21aec.mail.bellsouth.net (imf21aec.mail.bellsouth.net
>[205.152.59.69])
>Received: from lqocotba ([68.209.11.2]) by imf21aec.mail.bellsouth.net
>           (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
>           id 
><20030925114941.WHHO1847.imf21aec.mail.bellsouth.net at lqocotba>;
>           Thu, 25 Sep 2003 07:49:41 -0400
>
>Received: from torvals1.ciudadglobal.com.ar (200.69.145.126.techtelnet.net
>[200.69.145.126] (may be forged))
>Received: from jdnhorq (asterix-nat1.ciudadglobal.com.ar [200.69.145.124]
>(may be forged))
>	by torvals1.ciudadglobal.com.ar (8.12.8/8.12.8) with SMTP id
>h8PEHlAB028358;
>	Thu, 25 Sep 2003 11:17:48 -0300
>
>Received: from mail.d-net.cz (mail.d-net.cz [194.213.244.98])
>Received: from server.menu.cz (swuniv.d-net.cz [195.128.197.117] (may be
>forged))
>	by mail.d-net.cz (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8PE3qLm001832;
>
>Received: from webserver.pmp.pr.gov.br ([200.163.242.234])
>Received: from ywqwyrl (unknown [192.168.1.140])
>	by webserver.pmp.pr.gov.br (Postfix) with SMTP
>	id A5403D81E9; Thu, 25 Sep 2003 07:59:37 -0300 (BRT)
>***********************************************************************
>
>Thank you for your help
>
>Ron Liu
>Information Technology Consultant
>Biology Department
>San Jose State University
>408-924-4860
>rliu at email.sjsu.edu
>
>

_________________________________________________________________
Instant message with integrated webcam using MSN Messenger 6.0. Try it now 
FREE!  http://msnmessenger-download.com

More information about the samba mailing list