Thread: I need some help

  1. #1
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412

    I need some help

    Some of you guys and gals are really smart. I am at a loss at the moment.

    There is a guy in Ney York that is pounding me with 200+ emails a day due to the Sircam worm. Norton cleans each email and I have outlook send emails from him straight to the trash can... still you can imagine the download time at 200K+ per atachment. I emailed him several times to let him know... and he does nothing about it, nor does he reply.

    If it was my normal email, I would just close the account and open a new username. (Not tough on a cable modem.) But it is one of my webpages that I am webmaster for and it is the webmster email address ([email protected]). My webspace provider has email filtering, but only by name... i.e. [email protected] would go to a specific adress or be blocked etc. It cannot filter outside sender addresses.

    Here is what I know. His email address is [email protected]. He is on a Time Warner Cable Modem address. The header of his emails are as follows (but it doesn't give his direct IP... just the mail server's IP)...

    Return-Path: <[email protected]>
    Received: from nyc.rr.com (nycsmtp3fa.rdc-nyc.rr.com [24.29.99.79])
    by addr18.addr.com (8.11.6/8.9.1) with ESMTP id f8M28aV01843
    for <[email protected]>; Fri, 21 Sep 2001 19:08:37 -0700 (PDT)
    (envelope-from [email protected])
    Received: from Default.nyc.rr.com ([66.108.66.165]) by nyc.rr.com with Microsoft SMTPSVC(5.5.1877.357.35);
    Fri, 21 Sep 2001 22:08:18 -0400
    From: "James Tinagero"<[email protected]>
    To: [email protected]
    Subject: Que hora es
    date: Fri, 21 Sep 2001 22:05:06 -0400
    MIME-Version: 1.0
    X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
    X-Mailer: Microsoft Outlook Express 5.50.4133.2400
    Content-Type: multipart/mixed; boundary="----21299146_Outlook_Express_message_boundary"
    Content-Disposition: Multipart message
    Message-ID: <[email protected]>
    Status:

    I am assuming his realname is James Tinagero because that is the send name on the emails, but that can always be modified. I have contacted [email protected] and nothing has happened as of yet, and this has been going on for four days now. I also called Time Warner Road Runner Cable in NY and they said they would look into it.... but the emails keep flooding in.

    I can't figure a way to pull his direct IP from his email address. If I could find it, I might be able to exploit the SMTP that SIRCAM runs. I doubt it though. I want this guys link down... any ideas?

    ~Betazep

  2. #2
    aurė entuluva! mithrandir's Avatar
    Join Date
    Aug 2001
    Posts
    1,209
    Can't you block his email address or doesn't your account allow you to?

  3. #3
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    no go on the block... that is what I was saying about the webspace provider. It doesn't filter sender email adresses only the email addresses in the "TO" line. I could block all emails "TO" [email protected] but that would be shooting myself in the foot. I get quite a few emails a day from it.

    I can have outlook block it... but it has to be downloaded from the server first... so what would be the point.

    Keep the ideas coming tho... thank you.

    ~Betazep
    Blue

  4. #4
    aurė entuluva! mithrandir's Avatar
    Join Date
    Aug 2001
    Posts
    1,209
    Hmm...well that's pretty bad then isn't it? Gimme some time I might be able to work it out. Anyone else got any idea's?

  5. #5
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    In the absense of being able to stop the sender - consider a spam blocker
    http://download.cnet.com/
    and enter "email filter" into the search field.

    For example, there is
    Spam Buster 1.9
    Eliminate obnoxious spam before it gets to your mailbox.
    OS: Windows 95/98/NT/2000
    I've used something similar in the past.

    They download just the header (a necessary first step), and can delete messages without downloading them. Hopefully one of them will allow you to filter out this sender automatically.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  6. #6
    aurė entuluva! mithrandir's Avatar
    Join Date
    Aug 2001
    Posts
    1,209
    I know that if you could get in contact with your site host, they may be able to block the IP through their servers, but then the person wouldn't be able to access your site at all, or email you. It can be done if they use NT/2000 quite easily, and no doubt UNIX/Apache as well. hth.

  7. #7
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    Yeah... that is a good idea. Only... we do not know the IP of the individual user as it is masked by the SMTP server. If I block that smtp sever, then all email from cable modems in New York City will be unable to reach me.

    The spam thing seems to work well. It is a bit of a hassle though. I am working through the details now. Like you said, it deletes the mail on the server before it is downloaded. That is pretty handy.

    ~Betazep
    Blue

  8. #8
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    Ok let me rephrase that...

    I set up the spam eliminator program to only delete the emails from that guy. I ran it... it checked for messages... found nine emails from him and one contest entry. I clicked on delete and it deleted all of his entries, opened my email program and downloaded only the contest entry.

    That is pretty awesome. I think that this will suffice nicely until [email protected] disables the user. Thanks for the help Salem and stealth.

    My problem is solved... but I still wonder how to generate an IP from the email. You would think there would be tracking on that... it isn't in the header tho...
    Blue

  9. #9
    Registered User rick barclay's Avatar
    Join Date
    Aug 2001
    Posts
    835
    Call Time Warner, tell them your being spammed by this
    guy and you want it stopped. There are laws against that
    sort of thing (I think).

    I find it pretty amazing you can't block him. Even Outlook
    Express has that feature. If your webhost can't block him,
    I'd say it's time to get a new webhost who can.

    rick barclay
    No. Wait. Don't hang up!

    This is America calling!

  10. #10
    Hamster without a wheel iain's Avatar
    Join Date
    Aug 2001
    Posts
    1,385
    I would not class this as spam, if i understand the virus is forcing the emails to be sent not the user, therefore it is not spam. I can only agree that consider using a spam blocker program. I find it very difficult to belive your email client doesnt provide you with an address blocker, check again. Also if you have filters or redirectors you can direct it straight to the trash folder.
    Monday - what a way to spend a seventh of your life

Popular pages Recent additions subscribe to a feed