OT: pirated email

Matthew Weier OPhinney matthew-lists at weierophinney.net
Fri Sep 19 22:15:44 CEST 2003

-- Olivier Fourdan <fourdan at xfce.org> wrote
(on Friday, 19 September 2003, 06:37 PM +0200):
> On Fri, 2003-09-19 at 17:14, edscott wilson garcia wrote:
> >   It seems some #$#$%&%$ is spoofing my email address to send junk mail,
> > probably to get past mail servers which bounce mail which come from
> > fictitious source accounts. Anybody have similar problem? What to do?
> Yes, I keep receiving delivery errors on mails I've never sent (and the
> mail agent shows it's been sent with Outlook!!!)
> There is not much you can do, AFAIK, just wait for Microsoft and its
> unsecure tools to disappear from the surface of this planet :)

Actually, the behaviour you're seeing is likely from the SoBig.F virus
-- it goes through all the mail headers in an Outlook mail store and
both sends to each and tries to mail as each in order to spread itself.
Since it happens on the client end, often the server it's using for
outgoing mail will be configured to accept any mail from any address on
the internal LAN... which means *you* get the bounceback, even though it
came from someone else's machine. Yuck.

I started analyzing the subject lines from the bounce backs, and set up
some procmail filters to nuke them before they reach my inbox. Since
they all include the virus as an attachment, you can also look for that.

Ah, the joys of email... ;-)

Matthew Weier O'Phinney

More information about the Xfce4-dev mailing list