Mailing List Message #14797
From: NetHead <>
Subject: Suspect addresses compromised
Date: Mon, 1 Nov 2004 10:22:39 -0600
To: SIMS List <>
X-Mailer: Claris Emailer 2.0v3, January 22, 1998
I suspect that somehow the addresses on my mail server have been
compromised. I have been getting a flood of worm-laden messages, many of
them showing "FROM:" addresses on our mail server. I wouldn't think much
of it normally; I'm well aware of the various worms that will hijack the
address book on an infected computer and use those for forge the "FROM:"
header. But today I saw one from a brand new e-mail address that has not
been used yet (at least not to my knowledge).

If I wanted to scour my mail logs for "harvesting" attempts, what key
words should I use in the filters?

Any other suggestions?


|     Doug Starkey                             |
|     Network Administrator                    |
|     Pecan Deluxe Candy Company               |
|     2570 Lone Star Drive                     |
|     Dallas, TX 75212-6308                    |
|     e-mail:          |
|     voice: 214-631-3669 Ext. 108             |
|     fax: 214-631-5833                        |

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster