View Full Version : I need some help

09-22-2001, 12:43 AM
Some of you guys and gals are really smart. I am at a loss at the moment.

There is a guy in Ney York that is pounding me with 200+ emails a day due to the Sircam worm. Norton cleans each email and I have outlook send emails from him straight to the trash can... still you can imagine the download time at 200K+ per atachment. I emailed him several times to let him know... and he does nothing about it, nor does he reply.

If it was my normal email, I would just close the account and open a new username. (Not tough on a cable modem.) But it is one of my webpages that I am webmaster for and it is the webmster email address (webmaster@leafpaintings.com). My webspace provider has email filtering, but only by name... i.e. sales@leafpaintings.com would go to a specific adress or be blocked etc. It cannot filter outside sender addresses.

Here is what I know. His email address is jtinagero@nyc.rr.com. He is on a Time Warner Cable Modem address. The header of his emails are as follows (but it doesn't give his direct IP... just the mail server's IP)...

Return-Path: <jtinagero@nyc.rr.com>
Received: from nyc.rr.com (nycsmtp3fa.rdc-nyc.rr.com [])
by addr18.addr.com (8.11.6/8.9.1) with ESMTP id f8M28aV01843
for <webmaster@leafpaintings.com>; Fri, 21 Sep 2001 19:08:37 -0700 (PDT)
(envelope-from jtinagero@nyc.rr.com)
Received: from Default.nyc.rr.com ([]) by nyc.rr.com with Microsoft SMTPSVC(5.5.1877.357.35);
Fri, 21 Sep 2001 22:08:18 -0400
From: "James Tinagero"<jtinagero@nyc.rr.com>
To: webmaster@leafpaintings.com
Subject: Que hora es
date: Fri, 21 Sep 2001 22:05:06 -0400
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed; boundary="----21299146_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Message-ID: <009691808021691NYCSMTP3@nyc.rr.com>

I am assuming his realname is James Tinagero because that is the send name on the emails, but that can always be modified. I have contacted abuse@rr.com and nothing has happened as of yet, and this has been going on for four days now. I also called Time Warner Road Runner Cable in NY and they said they would look into it.... but the emails keep flooding in.

I can't figure a way to pull his direct IP from his email address. If I could find it, I might be able to exploit the SMTP that SIRCAM runs. I doubt it though. I want this guys link down... any ideas?


09-22-2001, 12:48 AM
Can't you block his email address or doesn't your account allow you to?

09-22-2001, 12:51 AM
no go on the block... that is what I was saying about the webspace provider. It doesn't filter sender email adresses only the email addresses in the "TO" line. I could block all emails "TO" webmaster@leafpaintings.com but that would be shooting myself in the foot. I get quite a few emails a day from it.

I can have outlook block it... but it has to be downloaded from the server first... so what would be the point.

Keep the ideas coming tho... thank you.


09-22-2001, 12:54 AM
Hmm...well that's pretty bad then isn't it? Gimme some time I might be able to work it out. Anyone else got any idea's?

09-22-2001, 01:02 AM
In the absense of being able to stop the sender - consider a spam blocker
and enter "email filter" into the search field.

For example, there is

Spam Buster 1.9
Eliminate obnoxious spam before it gets to your mailbox.
OS: Windows 95/98/NT/2000

I've used something similar in the past.

They download just the header (a necessary first step), and can delete messages without downloading them. Hopefully one of them will allow you to filter out this sender automatically.

09-22-2001, 01:57 AM
I know that if you could get in contact with your site host, they may be able to block the IP through their servers, but then the person wouldn't be able to access your site at all, or email you. It can be done if they use NT/2000 quite easily, and no doubt UNIX/Apache as well. hth.

09-22-2001, 02:50 AM
Yeah... that is a good idea. Only... we do not know the IP of the individual user as it is masked by the SMTP server. If I block that smtp sever, then all email from cable modems in New York City will be unable to reach me.

The spam thing seems to work well. It is a bit of a hassle though. I am working through the details now. Like you said, it deletes the mail on the server before it is downloaded. That is pretty handy.


09-22-2001, 02:58 AM
Ok let me rephrase that...

I set up the spam eliminator program to only delete the emails from that guy. I ran it... it checked for messages... found nine emails from him and one contest entry. I clicked on delete and it deleted all of his entries, opened my email program and downloaded only the contest entry.

That is pretty awesome. I think that this will suffice nicely until abuse@rr.com disables the user. Thanks for the help Salem and stealth.

My problem is solved... but I still wonder how to generate an IP from the email. You would think there would be tracking on that... it isn't in the header tho...

rick barclay
09-22-2001, 06:01 AM
Call Time Warner, tell them your being spammed by this
guy and you want it stopped. There are laws against that
sort of thing (I think).

I find it pretty amazing you can't block him. Even Outlook
Express has that feature. If your webhost can't block him,
I'd say it's time to get a new webhost who can.

rick barclay

09-22-2001, 08:13 AM
I would not class this as spam, if i understand the virus is forcing the emails to be sent not the user, therefore it is not spam. I can only agree that consider using a spam blocker program. I find it very difficult to belive your email client doesnt provide you with an address blocker, check again. Also if you have filters or redirectors you can direct it straight to the trash folder.