spam alias

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From - Thu Jan 13 06:36:56 2000
Xref: world comp.unix.sco.misc:113874
Path: world!newsfeed.mathworks.com!cyclone.swbell.net!nnrp2-w.snfc21.pbi.net.POSTED!not-for-mail
From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: SPAMMERS LOOKING AT MY ALIAS FILE
Organization: Committee to Maintain an Independent Xenix
Reply-To: jeffl@comix.santa-cruz.ca.us
Message-ID: <8dqq7sg7st2cpakbevsolqu0dejl7ql1kv@4ax.com> 
References: <387c0c07.0@news.isdn.net> <1b7o7sgdl2701gbnv1uj9mr20esiki7k0d@4ax.com> <85jjg8$bfb@shady.shady.com> 
X-Newsreader: Forte Agent 1.7/32.534
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 98
Date: Wed, 12 Jan 2000 22:28:38 -0800
NNTP-Posting-Host: 63.198.98.51
X-Complaints-To: abuse@pacbell.net
X-Trace: nnrp2-w.snfc21.pbi.net 947744498 63.198.98.51 (Wed, 12 Jan 2000 22:21:38 PST)
NNTP-Posting-Date: Wed, 12 Jan 2000 22:21:38 PST
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000

On 12 Jan 2000 23:15:03 -0500, kbs=cusm@shady.com (Kevin Smith) wrote:

>Chances are they were just guessing unless you have 'public' on the
>ALIAS line in mmdftailor for alias-n.  The 'public' keyword allows
>someone connecting (as in Jeff's example) to see what the alias will
>expand to.  I.e.
>    ALIAS table=alias-n, nobypass, public

Oh, so that's how that works.  I never could figure out what that
"public" actually did.  I hope it's not the default.  I changed my
mmdftailor file to include public aliases and ran the following.  I
deleted some of my accomplises names to avoid spammers.

telnet comix.santa-cruz.ca.us 25
220 comix.comix.santa-cruz.ca.us Server SMTP (Complaints/bugs to:
postmaster)
expn bozos
250-Jeff Liebermann <jeffl@comix.comix.santa-cruz.ca.us>
250-(deleted...)
250-(deleted...)
250-(deleted...)
250-(deleted...)
expn postmaster
250 Jeff Liebermann <jeffl@comix.comix.santa-cruz.ca.us>
quit

Besides EXPN, there's VRFY (verify) which can be tested from a
shopping list of possible guesses.

vrfy jeffl
250 Nice address <jeffl@comix.comix.santa-cruz.ca.us>
vrfy xxxx
250 Nice address <xxxx@comix.comix.santa-cruz.ca.us>    

Unfortunately, MMDF seems to like any address I throw at it, probably
because I'm using both the badusers and badhosts channel to deal with
creative addressing.  Yep.  Turning off the badusers channel, I get:

vrfy jeffl
250 Nice address <jeffl@comix.comix.santa-cruz.ca.us>
vrfy zzzz
550 (USER) Unknown user name in "zzzz"
vrfy root
250 Nice address <root@comix.comix.santa-cruz.ca.us> 

There's a few other interesting and fun things to do.  If you're
running DNS (don't know service), nslookup or the more more convenient
"host" command can excavate some interesting stuff.  It won't reveal
user names, but will give a wider selection of machines worth
attacking.  Note that in 3.2v4.2, the "host" binary is
/usr/mmdf/bin/host.

# host www.jpr.com
www.jpr.com is a nickname for jpr.com
jpr.com has address 198.207.210.2
jpr.com mail is handled by truth.murphy.com
jpr.com mail is handled by jpr.com
jpr.com mail is handled by etrn1.veriomail.com

# host -l jpr.com
jpr.com NS ns1.new-york.net
jpr.com NS ns2.new-york.net
jpr.com NS ns3.new-york.net
jpr.com has address 198.207.210.2
localhost.jpr.com has address 127.0.0.1

Oh well, no local DNS server at jpr.com.

Try the "host -l xxxx.com" command on some of the larger ISP's for a
nice shopping list.  My favorite pastime is to discover obvious
printers and print cute messages to them.

# host -l redhat.com
redhat.com NS ns.redhat.com
redhat.com NS ns2.redhat.com
redhat.com NS ns3.redhat.com
redhat.com NS speedy.redhat.com
redhat.com has address 207.175.42.154
gribble.redhat.com has address 199.183.24.203
charlotte.redhat.com has address 199.183.24.253
scot.redhat.com NS odo.scot.redhat.com
odo.scot.redhat.com has address 195.89.149.241
scot.redhat.com NS speedy.redhat.com
scot.redhat.com NS ns.redhat.com
court.redhat.com has address 199.183.24.85
    (about 700 machines deleted)
test.redhat.com NS peggy.test.redhat.com
peggy.test.redhat.com has address 207.175.44.2
test.redhat.com NS frodo.meridian.redhat.com
frodo.meridian.redhat.com has address 207.175.42.33
old-porkchop.redhat.com has address 207.175.42.165
gonzales.redhat.com has address 199.183.24.227


Oh well.  Back to pulling dimes out of drives and putting humpty
dumpty back together again.

Buy Take Control of Sharing Files in Snow Leopard

Buy Take Control of Exploring & Customizing Snow Leopard

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.