Hi, folks, between yesterday and today I've been suffering DOS attacks using messages like the one I've attached.
Many times I've received messages of such this style, but they were merely "decoys" sent by the spammers to see if the destination address was real and working. But since yesterday, the number of this messages scaled to 300 and up an hour!
And the worst part is this:

[EMAIL PROTECTED] /root]# spamassassin -t </home/internet/spam
From [EMAIL PROTECTED] Tue Jul 22 11:29:00 2003
Return-Path: <[EMAIL PROTECTED]>
Received: from anubis.unlp.edu.ar (anubis.unlp.edu.ar [163.10.0.65])
by nahuel.biol.unlp.edu.ar (8.12.9/8.12.5) with ESMTP id h6MERk5l001593
for <[EMAIL PROTECTED]>; Tue, 22 Jul 2003 11:27:46 -0300
Received: from mail.alternativagratis.com ([64.116.231.110])
by anubis.unlp.edu.ar (8.11.6/8.11.2) with ESMTP id h6MEPcK25403
for <[EMAIL PROTECTED]>; Tue, 22 Jul 2003 11:25:52 -0300
Received: from antivirus.alternativagratis.com (64.116.231.111) by mail.alternativagratis.com (6.5.024)
id 3ED26A4B00417D5A for [EMAIL PROTECTED]; Tue, 22 Jul 2003 09:45:16 -0300
Received: from microsoft.com (ppp-68-198-28.alternativagratis.com [200.68.198.28] (may be forged))
by antivirus.alternativagratis.com (8.11.6/8.11.6) with SMTP id h6MCST308336
for <[EMAIL PROTECTED]>; Tue, 22 Jul 2003 09:28:30 -0300
Date: Tue, 22 Jul 2003 09:28:30 -0300
Message-Id: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
From: "ht" <[EMAIL PROTECTED]>
To: "fefrfrewfewf" <[EMAIL PROTECTED]>
X-MailScanner: El mensaje está limpio
X-AntiVirus: checked by AntiVir Milter 1.0.1; AVE 6.20.0.1; VDF 6.20.0.44
Status: RO
X-Status:
X-Keywords:
X-Spam-DCC: SdV: nahuel.biol.unlp.edu.ar 1179; Body=64 Fuz1=64
X-Spam-Checker-Version: SpamAssassin 2.60-cvs (1.195-2003-06-30-exp) on
nahuel.biol.unlp.edu.ar
X-Spam-Level: ****
X-Spam-Status: No, hits=4.9 required=5.0 tests=BAYES_99,FORGED_JUNO_RCVD,
FORGED_RCVD_HELO,LARGE_HEX autolearn=no version=2.60-cvs
X-Spam-Report: * 0.4 LARGE_HEX BODY: Contains a large block of hexadecimal code
* 3.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.0 FORGED_RCVD_HELO Received: contains a forged HELO
* 1.5 FORGED_JUNO_RCVD 'From' juno.com does not match 'Received' headers

nvdfjfdhjhjkhdjfhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
rddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
ńjhjklhggggggggggggggggggggggggggggggggggggggggg


------------- Comienzo de los resultados de SpamAssassin --------------- Este correo probablemente es spam. El mensaje original ha sido alterado para que pueda reconocer o bloquear en el futuro correo no solicitado, usando las capacidades de filtrado que incorpora su lector de correo.

Detalles del análisis:   (4.9 puntos, 5.0 requeridos)
0.4 LARGE_HEX              BODY: Contains a large block of hexadecimal code
3.0 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                           [score: 1.0000]
0.0 FORGED_RCVD_HELO       Received: contains a forged HELO
1.5 FORGED_JUNO_RCVD       'From' juno.com does not match 'Received' headers

---------------- Fin de los resultados de SpamAssassin -----------------

So, as you see, it didn't pass the five-poit-barrier. I'm getting tired of adding new lines to the /etc/mail/access...

Any ideas, will be well received.

                   Luis Hernán Otegui
                 Administrador de Red
            Facultad de Ciencias Exactas
                             UNLP
----------------------------------------------------
GNU-GPL: "May The Source Be With You..."
----------------------------------------------------

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: http://messenger.yupimsn.com/

Attachment: spam
Description: Binary data



Reply via email to