[Tfug] {Disarmed} Re: Tracking down a miscreant

James Daniel jdaniel at skylinelab.com
Mon Jun 2 16:05:26 MST 2008 

Wow that IP looks familiar.. oh wait, it ours!

I'm not sure where San Jose came from... the machine is colo'd here in 
Tucson.

John, I'll contact you off list.

James Daniel
Account Manager
Skyline Assayers & Laboratories
----- Original Message ----- 
From: "John Gruenenfelder" <johng at as.arizona.edu>
To: "Tucson Free Unix Group" <tfug at tfug.org>
Sent: Saturday, May 31, 2008 11:33 PM
Subject: Re: [Tfug] {Disarmed} Re: Tracking down a miscreant


> On Sat, May 31, 2008 at 06:37:46PM -0700, Choprboy wrote:
>>> Neither have I.  I guess I should give it a shot.  I know IPs work in 
>>> most
>>> contexts... maybe with SMTP, too?
>>
>>Well.... 206.169.90.30 seems to be a colo'd machine in San Jose. It does 
>>have
>>a SMTP server running, as well as HTTP. The machine identifies itself as
>>running Debian.. though doesn;t give it's hostname in headers anywhere.
>
> I'm guessing the box is named 'foxstar' like mine is since the local cron
> errors are going to root at foxstar.  Somehow, though, the local Exim is 
> treating
> that at root at foxstar.merseine.nu and then off the messages go towards my 
> box.
>
> Having the same hostname I can imagine, but the odds seem pretty tiny that 
> the
> other box would also have the same FQDN.  Maybe something else is 
> occuring,
> but I can't think of another way that would confuse Exim into sending 
> those
> mails to my machine instead.
>
>>You could try sending to the IP address... though the mail software may
>>refuse
>>it as not being a local domain. If you are comfortable with telnet'ing 
>>SMTP,
>>I would manually connect and send an email to root at localhost.
>>
>>Adrian
>
> Tried it with my own mailer and Mutt, but Exim 4.69 rejected it as 
> unroutable
> before it even left the machine.
>
> So, as you suggested, I've sent the same mail to root at localhost after
> telnet'ing to port 25 on his machine.  It hasn't been delivered to me yet, 
> so
> that's a good sign.  :)  Hopefully, he/she actually checks root's mail (or
> whatever account it is forwarded to).
>
>
> -- 
> --John Gruenenfelder    Research Assistant, UMass Amherst student
>                        Systems Manager, MKS Imaging Technology, LLC.
> Try Weasel Reader for PalmOS  --  http://weaselreader.org
> "This is the most fun I've had without being drenched in the blood
> of my enemies!"
>        --Sam of Sam & Max
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

More information about the tfug mailing list