[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Please check if your are sending offending emails

Hi Ron,


you are correct i am getting tons a day and opend a ticket at microsoft site but didnt get any reply upto now.

Recent days i got an email from RAV antivirus domain name ends with "br" saying that one of their server caught the email has antivirus and my email id is in the list too as i know i donno any single member of bunch of email adddress, some are "online.microsoft.com" domain related might be spoofed .
my hotmail account is daily filling up with exactly copies of 144KB or 156 KB or 157KB files.

as a univ Tech consultant can you open a ticket for Microsoft/hotmail and catch up the culprit?

thanx in advance.

From: "Ron Liu" <rliu@email.sjsu.edu>
Reply-To: <rliu@email.sjsu.edu>
To: <samba@lists.samba.org>
CC: <openldap-software@OpenLDAP.org>
Subject: Please check if your are sending offending emails
Date: Thu, 25 Sep 2003 07:35:00 -0700

Hi, There
Last few weeks I've received tons of these "Microsoft Security updates"
emails with Virus attachment. These email must be from samba or ldap mailing
list. Following I listes some sender's source IP address and host names.
This only very small part of list. If I have time, I will be sending more
offending hosts list to you. Please take a look if your machine happened to
be one of the offending hosts, please try to clean it up. You can find more
information about clean up the infected machine from

Offending hosts list (part 1)
from in.menzolit-fibron.sk ([])

Received: from empcorreo.onolab.com (smtp.onored.com [])

from cobalt.eux.nl (213-132-174-148.multikabel.nl [])

Received: from smtp04.wxs.nl (smtp04.wxs.nl [])

Received: from vsmtp12.tin.it (vsmtp12.tin.it [])
Received: from fxdmfn ( by vsmtp12.tin.it (7.0.019)

Received: from mail.chariot.net.au (mail.chariot.net.au [])
Received: from clbnqpl (ppp-080.cust203-87-121.ghr.chariot.net.au
	by mail.chariot.net.au (Postfix) with SMTP

Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [])
Received: from qngjcj ([]) by mta06bw.email.bigpond.com
 (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
 with SMTP id <0HLR00B9XQZUWA@mta06bw.email.bigpond.com> for

Received: from poczta.xtra.pl (poczta.xtra.pl [])
Received: from zpvcvl (em21313623232.teleton.pl [])
	by poczta.xtra.pl (Postfix) with SMTP
	id 6C1591AEBC; Thu, 25 Sep 2003 14:13:05 +0200 (CEST)

Received: from mail0.ewetel.de (mail0-96.ewetel.de [])
Received: from pjcsj (dialin-79153.ewetel.net [])
	by mail0.ewetel.de (8.12.1/8.12.9) with SMTP id h8PC77jB029732;
	Thu, 25 Sep 2003 14:07:08 +0200 (MEST)

Received: from imf21aec.mail.bellsouth.net (imf21aec.mail.bellsouth.net
Received: from lqocotba ([]) by imf21aec.mail.bellsouth.net
(InterMail vM. 201-253-122-126-127-20021220) with SMTP
id <20030925114941.WHHO1847.imf21aec.mail.bellsouth.net@lqocotba>;
Thu, 25 Sep 2003 07:49:41 -0400

Received: from torvals1.ciudadglobal.com.ar (
[] (may be forged))
Received: from jdnhorq (asterix-nat1.ciudadglobal.com.ar []
(may be forged))
	by torvals1.ciudadglobal.com.ar (8.12.8/8.12.8) with SMTP id
	Thu, 25 Sep 2003 11:17:48 -0300

Received: from mail.d-net.cz (mail.d-net.cz [])
Received: from server.menu.cz (swuniv.d-net.cz [] (may be
	by mail.d-net.cz (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8PE3qLm001832;

Received: from webserver.pmp.pr.gov.br ([])
Received: from ywqwyrl (unknown [])
	by webserver.pmp.pr.gov.br (Postfix) with SMTP
	id A5403D81E9; Thu, 25 Sep 2003 07:59:37 -0300 (BRT)

Thank you for your help

Ron Liu
Information Technology Consultant
Biology Department
San Jose State University

Instant message with integrated webcam using MSN Messenger 6.0. Try it now FREE! http://msnmessenger-download.com