On Fri, 16 May 1997, Louis T. Chmielewski wrote:
> Hello all,
> I'm relatively new to the security game, but I'm learning. We recently
> had someone 'mail bomb' us with about 500 messages. I'd like to track it
> down, but it looks like the sender used an Anonymous mailer. Can someone
> tell me how to look at the header of the messages and determine where it
> came from, and who really sent it?
If it came from an anonymous remailer, chances are pretty slim.
(Remailers can be chained. Unless you can get warrents for the system
logs on all the remailers in that chain, you are pretty much SOL.)
> Also, how can I avoid this 'situation' in the future?
You can filter out mail from anonymous remailers. Or you can use procmail
to eliminate duplicate messages. (Forcing them to send 500 unique
messges. Not hard, but more work.)
Putting limits on incoming mail is not hard. Preventing damage from a
determined individual is alot harder.