Some of you guys and gals are really smart. I am at a loss at the moment.
There is a guy in Ney York that is pounding me with 200+ emails a day due to the Sircam worm. Norton cleans each email and I have outlook send emails from him straight to the trash can... still you can imagine the download time at 200K+ per atachment. I emailed him several times to let him know... and he does nothing about it, nor does he reply.
If it was my normal email, I would just close the account and open a new username. (Not tough on a cable modem.) But it is one of my webpages that I am webmaster for and it is the webmster email address ([email protected]). My webspace provider has email filtering, but only by name... i.e. [email protected] would go to a specific adress or be blocked etc. It cannot filter outside sender addresses.
Here is what I know. His email address is [email protected]. He is on a Time Warner Cable Modem address. The header of his emails are as follows (but it doesn't give his direct IP... just the mail server's IP)...
Return-Path: <[email protected]>
Received: from nyc.rr.com (nycsmtp3fa.rdc-nyc.rr.com [24.29.99.79])
by addr18.addr.com (8.11.6/8.9.1) with ESMTP id f8M28aV01843
for <[email protected]>; Fri, 21 Sep 2001 19:08:37 -0700 (PDT)
(envelope-from [email protected])
Received: from Default.nyc.rr.com ([66.108.66.165]) by nyc.rr.com with Microsoft SMTPSVC(5.5.1877.357.35);
Fri, 21 Sep 2001 22:08:18 -0400
From: "James Tinagero"<[email protected]>
To: [email protected]
Subject: Que hora es
date: Fri, 21 Sep 2001 22:05:06 -0400
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed; boundary="----21299146_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <[email protected]>
Status:
I am assuming his realname is James Tinagero because that is the send name on the emails, but that can always be modified. I have contacted [email protected] and nothing has happened as of yet, and this has been going on for four days now. I also called Time Warner Road Runner Cable in NY and they said they would look into it.... but the emails keep flooding in.
I can't figure a way to pull his direct IP from his email address. If I could find it, I might be able to exploit the SMTP that SIRCAM runs. I doubt it though. I want this guys link down... any ideas?
~Betazep