Tons of 1.txt messages

Drew Marshall drew at THEMARSHALLS.CO.UK
Fri Jul 22 21:33:24 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michael Baird wrote:

>Seeing the here as well
>
>Regards
>Michael Baird
>
>  
>
>>We are suddenly (within the past hour) seeing dozens of reports from
>>users about messages coming in with an attachment 1.txt (wich is 80b
>>and empty).  There is always a 1 in the body and nothing else.  The
>>source address is always forged and most of them seem to be coming
>>from large ISP user IP pools.  
>>
>>Here is a sample header:
>>
>>Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by
>>x.americanhm.com with SMTP (x) 
>>        id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 
>>Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net
>>[217.185.106.150]) 
>>        by x.americanhm.com (8.12.10/8.12.10) with SMTP id
>>j6MHmr22028595 
>>        for <mg at americanhm.com>; Fri, 22 Jul 2005 13:48:55 -0400 
>>Date: Fri, 22 Jul 2005 19:59:41 +0100 
>>To: "Mg" <mg at americanhm.com> 
>>From: "Mg" <mg at ales.com.ec> 
>>Subject: 1 
>>Message-ID: <tmzgclxpkjdscxevsvp at americanhm.com> 
>>MIME-Version: 1.0 
>>Content-Type: multipart/mixed; 
>>        boundary="--------elrddgzjoshelqmabgkc" 
>>X-SAMS-Information: Please contact the ISP for more information 
>>X-SAMS: Found to be clean 
>>X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, 
>>        BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) 
>>X-MailScanner-From: mg at ales.com.ec
>>
>>----------elrddgzjoshelqmabgkc 
>>Content-Type: text/html; charset="us-ascii" 
>>Content-Transfer-Encoding: 7bit
>>
>>----------elrddgzjoshelqmabgkc 
>>Content-Type: application/octet-stream; name="1.txt" 
>>Content-Transfer-Encoding: base64 
>>Content-Disposition: attachment; filename="1.txt"
>>
>>----------elrddgzjoshelqmabgkc--
>>    
>>
Wonder if the front end to the list server is fighting them off too:

Jul 22 21:30:38 cro-mx1 postfix/smtp[97720]: 06B3833C4C: host 
kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk 
space; try again later (in reply to MAIL FROM command)

Oops! :-(

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list