[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: Re: [Dshield] [Fwd: new mail problem
From: Scott Fendley <scottf () uark ! edu>
Date: 2003-08-27 17:11:38
[Download RAW message or body]
Woops...sorry that we hadn't replied earlier. I will look into it
further, but suspect that this may be partly due to Osirusoft's demise
this week as an RBL. Hopefully we will get that fixed asap so that your
posts won't be as likely to get spam tagged. Sorry about that.
Scott Fendley
co-moderator
On Mon, 25 Aug 2003, Kenneth Coney wrote:
> My last two submissions bounced back to me with the below message. :)
>
> -------- Original Message --------
> Subject: Re: Your last message to me was rejected.
> Date: Sun, 24 Aug 2003 14:28:20 -0500
> From: postmaster@temmc.com
> To: Kenneth Coney <superc@visuallink.com>
>
>
> Your mail with Subject: Re: [Dshield] SoBig varient
>
>
>
> would appear to be unsolicited mail.
>
> Your message was sent to: list@dshield.org
> If you intended to contact that person for legitmate reasons then our
> apologies.
>
> Please would you resend to the same address
> but add real- to the e-mail address, and it will bypass the filters.
>
> For example, bobm@example.com would become real-bobm@example.com. Thank you.
>
> Postmaster
>
> Here is the messageID for postmaster reference: 19r0X9-0007lQ-8z:
>
> ------ This is a copy of the message, including all the headers. ------
>
> Received: from root by spamkill with spam-scanned (Exim 4.20)
> id 19r0X9-0007lQ-8z
> for jlinscot@temmc.com; Sun, 24 Aug 2003 14:28:20 -0500
> Received: from localhost [127.0.0.1] by spamkill.temmc.com
> with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp);
> Sun, 24 Aug 2003 14:28:20 -0500
> From: Kenneth Coney <superc@visuallink.com>
> To: list@dshield.org
> Subject: Re: [Dshield] SoBig varient
> Date: Sun, 24 Aug 2003 14:19:38 -0400
> Message-Id: <3F4901BA.1030605@visuallink.com>
> X-Spam-Flag: YES
> X-Spam-Status: Yes, hits=7.3 required=5.0
> tests=BANG_MONEY,IN_REP_TO,RCVD_IN_OSIRUSOFT_COM,REFERENCES,
> USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG,X_OSIRU_OPEN_RELAY
> version=2.55
> X-Spam-Level: *******
> X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------=_3F4911D4.D75F30F3"
>
> This is a multi-part message in MIME format.
>
> ------------=_3F4911D4.D75F30F3
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> ---- Start SpamAssassin results
> 7.30 points, 5 required;
> * 0.0 -- User-Agent header indicates a non-spam MUA (Mozilla)
> * -0.5 -- Has a In-Reply-To header
> * -0.1 -- Has a X-Accept-Language header
> * -0.5 -- Has a valid-looking References header
> * 0.7 -- BODY: Talks about money with an exclamation!
> * 2.0 -- RBL: Received via a relay in relays.osirusoft.com
> [RBL check: found 179.68.151.206.relays.osirusoft.com.]
> * 5.7 -- RBL: DNSBL: sender is Confirmed Open Relay
>
> ---- End of SpamAssassin results
>
>
>
> ------------=_3F4911D4.D75F30F3
> Content-Type: message/rfc822; x-spam-type=original
> Content-Description: original message before SpamAssassin
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> Received: from [170.200.92.65] (helo=chihub1.truenorth.com)
> by spamkill with esmtp (Exim 4.20)
> id 19r0X9-0007lN-2P
> for jlinscot@temmc.com; Sun, 24 Aug 2003 14:28:15 -0500
> Received: from chi-mx.truenorth.com ([127.0.0.1]) by
> chihub1.truenorth.com (Netscape Messaging Server 4.15) with
> ESMTP id HK524701.QR7 for <jlinscot@temmc.com>; Sun, 24 Aug 2003
> 14:28:55 -0500
> Received: from iceman.incidents.org (mail2.giac.net [63.100.47.43])
> by chi-mx.truenorth.com (8.11.6/8.11.6) with SMTP id h7OJZ9V96949
> for <jlinscot@temmc.com>; Sun, 24 Aug 2003 14:35:09 -0500 (CDT)
> Received: (qmail 10269 invoked from network); 24 Aug 2003 19:28:48 -0000
> Received: from chipper2-int (HELO viper.incidents.org) (10.36.0.2)
> by 0 with SMTP; 24 Aug 2003 19:28:48 -0000
> Received: from localhost.localdomain (chipper2 [127.0.0.1])
> by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJShH05823;
> Sun, 24 Aug 2003 15:28:44 -0400
> Received: from dshield.org (charlie [10.51.0.11])
> by viper.incidents.org (8.11.6/8.11.6) with ESMTP id h7OJ2gH32729
> for <list@viper.uunet>; Sun, 24 Aug 2003 15:02:42 -0400
> Received: (qmail 8651 invoked from network); 24 Aug 2003 18:29:30 -0000
> Received: from smtp.visuallink.com (HELO mx3.visuallink.com) (206.151.68.179)
> by 0 with SMTP; 24 Aug 2003 18:29:30 -0000
> Received: from visuallink.com ([66.84.80.0])
> by mx3.visuallink.com (8.12.8/8.12.8) with ESMTP id h7OIePFf012117
> for <list@dshield.org>; Sun, 24 Aug 2003 14:40:33 -0400
> Message-ID: <3F4901BA.1030605@visuallink.com>
> Date: Sun, 24 Aug 2003 14:19:38 -0400
> From: Kenneth Coney <superc@visuallink.com>
> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US;
> rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: list@dshield.org
> Subject: Re: [Dshield] SoBig varient
> References: <200308241600.h7OG0QH23943@viper.incidents.org>
> In-Reply-To: <200308241600.h7OG0QH23943@viper.incidents.org>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> Content-Transfer-Encoding: 7bit
> X-MailScanner: Found to be clean
> Old-X-Envelope-To: list@dshield.org
> X-Envelope-To: UNKNOWN
> X-Mailman-Approved-At: Sun, 24 Aug 2003 15:20:47 -0400
> X-BeenThere: list@dshield.org
> X-Mailman-Version: 2.1
> Precedence: list
> Reply-To: General DShield Discussion List <list@dshield.org>
> List-Id: General DShield Discussion List <list.dshield.org>
> List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
> <mailto:list-request@dshield.org?subject=unsubscribe>
> List-Archive: <http://www.dshield.org/pipermail/list>
> List-Post: <mailto:list@dshield.org>
> List-Help: <mailto:list-request@dshield.org?subject=help>
> List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
> <mailto:list-request@dshield.org?subject=subscribe>
> Sender: list-bounces@dshield.org
> Errors-To: list-bounces@dshield.org
>
> They can't until the law is changed. RICO requires the criminal enterprise
> include systematic acts of violence (i.e., murder, kidnapping, arson, etc.)
> as a part of the enterprise. The law was written to hit drug
> pushers/sugglers, loan sharks and slavers. It isn't really usable against
> rings of pick pockets, shoplifting gangs, or high school kids writing
> viruses to shut down a website for giggles.
>
>
> Subject:
> Re: [Dshield] SoBig varient
> From:
> "Jon R. Kibler" <Jon.Kibler@aset.com>
> Date:
> Sun, 24 Aug 2003 11:36:18 -0400
> To:
> General DShield Discussion List <list@dshield.org>
>
> Milo wrote:
>
> >>
> >> Trend is reporting the following
> >>
> http://www.trendmicro.com/vinfo/virusencyclo/default5.aspVName=WORM_SOBIG.F.DAM
> >> Maybe so kiddies got a hold of the code and tried to alter it? I will
> say I
> >> have seen an increase in spam in the last 24hrs, not a huge amount but
> more
> >> than the last few days.
>
>
> I have to think that this is not a script kiddies virus. It is a virus
that
> facilitates spam. Do you see a lot of scanning looking for infected
> systems? We don't. Spam in on the increase. Spammers clearly know what
> systems are infected. Connect the dots.
>
> After all, let's face it: Most spam originates from the criminal hijacking
> of computers and forcing the hijacked computers to send spam. Connect the
> dots. Doesn't that make spammer's criminals?
>
> Why would someone write and spread a virus that benefits someone else?
> Someone else's criminal enterprise. It just doesn't add up.
>
> So, why wouldn't spammers be in the forefront of virus writing technology?
> After all, the writing and spreading of such viruses only benefits their
> criminal enterprise. What's one more criminal act going to cost them?
> Actually, it will probably make them a lot of money!
>
> When you connect all the dots, it sounds like a good target for a Federal
> RICO prosecution. I just wish the Feds saw it that way.
>
> At least that's my $0.005's worth!
>
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC USA
>
> P.S. For the non-Americans on this list, RICO (Racketeering and Corrupt
> Influences Organization -- yes, the initials are out of order; I guess our
> politicians just can't read/spell.) is a law that makes a bunch of rather
> minor crimes into a major criminal offense with LOTS of hard time and BIG
> financial penalties.
>
>
> >>
> >> Thanx, Paul
> >>
> >> ___________________________________
>
>
> _______________________________________________
> list mailing list
> list@dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> ------------=_3F4911D4.D75F30F3--
>
>
>
> _______________________________________________
> list mailing list
> list@dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>
>
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic