Do you have a copy of the spam itself with full headers? I keep a lot of notes about these crooks and could cross-check. -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 On May 5, 1997 at 13:01 dhudes@graphnet.com (Dana Hudes) wrote:
Folks, Over the weekend someone decided to use our (Graphnet/globalis.net) mail server for sending spam. We are in the process of dealing with this and some internal network outages all at once. FYI, our mail server is running the very latest Solaris 2.5.1 + patches but the software is Netscape Mail server which replaces Sendmail with its very own. I thought they claimed it could not be used for transit mail but apparently either the claim was false or I misunderstood.
Our small staff is strained to capacity working on these issues this monday morning. Please, stop sending mail to postmaster@graphnet.com and attacking us You are making the problem worse by flooding us with mail. Please do not blackhole us we have never been a problem before with this and thought we had taken preventative measures. Obviously these measures failed but we are working with Netscape to understand why their sendmail version allowed this to happen.
Don't shoot me, I'm one of the good guys.... We want to take action with law enforcement to find and prosecute the spammer for denial of service attacks and theft of services. Pointers to appropriate law enforcement agencies appreciated, also tips on tracking the source down. Ditto applicable NJ and US statutes. I assume not every spam comes from cyberpromo using one's server for transit mail.
Dana Hudes Senior Network Engineer Graphnet