[CLUE-Tech] Mail Delivery (failure clue-tech@clue.denver.co.us)
Roy J. Tellason
rtellason at blazenet.net
Thu Jul 8 12:54:22 MDT 2004
On Thursday 08 July 2004 02:23 pm, Jed S. Baer wrote:
> > Was that in fact a virus?
> Well, my ISP identified it as NetSky.
Hmm.
> > Any thoughts about how I might trace where in fact these are coming
> > from? And what might be done about them?
> Well, from an end-user on a list point of view, I don't know. You can
> always examine the full headers, and check the earliest Received: entries.
> Then do a whois lookup to see whom to complain to. In this case:
> Received: from clue.denver.co.us (proxy-sabata-ejp.powernet.cz
> [193.109.183.94])
> by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id FAA14151
> for <clue-tech at clue.denver.co.us>; Thu, 8 Jul 2004 05:28:50 -0600
>
> $ whois 193.109.183.94 at whois.ripe.net
> inetnum: 193.109.176.0 - 193.109.183.255
> netname: POWERNET-CZ
> descr: EN-DATA a.s.
> descr: Czech republic
> country: CZ
> [snip]
> no abuse address listed.
It figures.
> > Or better yet some way to automate dealing with them? It'd be neat if
> > kmail saw something like this coming in and could just forward it to
> > abuse at wherever from the _real_ source address, but I don't think my
> > simple attempts to deal with filtering just now are quite up to that
> > task just yet.
> I don't know about KMail. One could do various things using fetchpop and
> procmail, I suppose. Or formail if your MUA uses mbox format (or even if
> not? I don't know). Piping incoming e-mail through a Perl script to
> examine the envelope, etc. might be useful (which you could do using
> procmail). But I wouldn't want it totally automated. Yeah, it'd be great
> to have an MUA which provided a "process using command" capability for any
> message.
I was starting out with the idea that I was going to have to set up a whole
bunch of different programs to get email going here, once I started out on
that task -- sendmail, procmail, fetchmail, etc. Then I discovered how easy
it was to get kmail to do most of what I wanted, and sort of just dropped
that project. I may end up picking it up again at some point as this LAN
gets a little bigger and other users start to get involved in the picture.
Just in the past few days I've started doing this from a workstation (the
actual mail itself still lives on a server) using nfs, but there are some
glitches there to work out yet, and some loose ends.
> FWIW, I've had a considerable lack of success reporting e-mail abuse.
> Regrettable, but true. Since this is a virus, maybe the ISP would be
> willing to do something about the user? Or, maybe already has.
It's interesting how so many ISPs seem to view keeping you from _downloading_
spam or viruses to be a "good thing" (I guess it is from a marketing point of
view) but they don't seem to bother with any consideration whatever about
people _upoading_ the damn things. At least not that I've heard. This is
such an issue that my previous provider screwed up communications for me with
both individual parties (one person could NOT reach me by email, good thing
we had other channels) and with yahoo, which at the time I was using for a
single list. As of today I've got 67 lists from there going, and wouldn't
want them screwed up, though yahoo seems to be taking that into their own
hands at this point.
Since an email-propagated virus would have multiple points of arrival from
each point of departure, this approach would seem to be a lot more efficient
on the face of it. I wonder if *any* ISP is trying something like this?
More information about the clue-tech
mailing list