On Fri, 16 May 1997, Louis T. Chmielewski wrote:
> Hello all,
> I'm relatively new to the security game, but I'm learning. We recently
> had someone 'mail bomb' us with about 500 messages. I'd like to track it
> down, but it looks like the sender used an Anonymous mailer. Can someone
> tell me how to look at the header of the messages and determine where it
> came from, and who really sent it?
> Also, how can I avoid this 'situation' in the future?
In the mail header you should see something like that:
Received: from HOSTNAME (root @
localhost) by HOSTNAME
(8.6.12/8.6.9) with SMTP id WAA00532 for <Internel USER @
Fri, 9May 1997 22:36:49 +0300 Date: Fri, 9 May 1997 22:36:49 +0300 (EET DST)
For this the best is to save the message first in a file. Because Either
PINE or mail in Unix or Microsoft Exchange reduces the size of the header.
With pine then edit the saved file if you use something like MS Excahange
after opening message do File/Properties/Internet shows the header. You
can alternatively save this message and later open it with notepad or so..
You can install a mail filter program identifies those 'mail bombs' and
denies mails from this destination.. I am not aware how can u find this
kind of sofware.
KEre ERSOY / Sibernet / kerem @
TIA, > Lou
> Louis T. Chmielewski
> Franchise World Heaquarters
> (203)877-4281 x1128