Tons of 1.txt messages
[ISO-8859-1] João Gouveia
jgouveia at gmail.com
Fri Jul 22 23:32:05 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
^1\.txt$ should be fine.
JG
On 7/22/05, Alex Neuman van der Hans <alex at nkpanama.com> wrote:
> Drew Marshall wrote:
>
> > Michael Baird wrote:
> >
> >> Seeing the here as well
> >>
> >> Regards
> >> Michael Baird
> >>
> >>
> >>
> >>> We are suddenly (within the past hour) seeing dozens of reports from
> >>> users about messages coming in with an attachment 1.txt (wich is 80b
> >>> and empty). There is always a 1 in the body and nothing else. The
> >>> source address is always forged and most of them seem to be coming
> >>> from large ISP user IP pools.
> >>> Here is a sample header:
> >>>
> >>> Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by
> >>> x.americanhm.com with SMTP (x) id PKVMXV6N; Fri, 22 Jul 2005
> >>> 13:53:18 -0400 Received: from betru.net
> >>> (frnk-d9b96a96.pool.mediaWays.net
> >>> [217.185.106.150]) by x.americanhm.com (8.12.10/8.12.10) with
> >>> SMTP id
> >>> j6MHmr22028595 for <mg at americanhm.com>; Fri, 22 Jul 2005
> >>> 13:48:55 -0400 Date: Fri, 22 Jul 2005 19:59:41 +0100 To: "Mg"
> >>> <mg at americanhm.com> From: "Mg" <mg at ales.com.ec> Subject: 1
> >>> Message-ID: <tmzgclxpkjdscxevsvp at americanhm.com> MIME-Version: 1.0
> >>> Content-Type: multipart/mixed;
> >>> boundary="--------elrddgzjoshelqmabgkc" X-SAMS-Information: Please
> >>> contact the ISP for more information X-SAMS: Found to be clean
> >>> X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4,
> >>> BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32)
> >>> X-MailScanner-From: mg at ales.com.ec
> >>>
> >>> ----------elrddgzjoshelqmabgkc Content-Type: text/html;
> >>> charset="us-ascii" Content-Transfer-Encoding: 7bit
> >>>
> >>> ----------elrddgzjoshelqmabgkc Content-Type:
> >>> application/octet-stream; name="1.txt" Content-Transfer-Encoding:
> >>> base64 Content-Disposition: attachment; filename="1.txt"
> >>>
> >>> ----------elrddgzjoshelqmabgkc--
> >>>
> >>
> > Wonder if the front end to the list server is fighting them off too:
> >
> > Jul 22 21:30:38 cro-mx1 postfix/smtp[97720]: 06B3833C4C: host
> > kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk
> > space; try again later (in reply to MAIL FROM command)
> >
> > Oops! :-(
> >
> > Drew
> >
> What would be the proper regexp on filename.rules.conf to stop it? I'm
> guessing \1.txt$ would kill any file that "ends with" 1.txt, and 1.txt
> would stop any file "which contains" 1.txt in the filename. Would it be
> correct to say then, just 1.txt$ instead?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list