dico
05-02-2002, 08:10 PM
Hi there,
I've got one user who's pop account is being bombarded by emails... with attachments... obviously a virus.... i didn't really know what to do so I just deleted that users pop account and now the mail doesn't have anywhere to go. Should I have handled this differently?
Here is an example of an email (each email has a different "from"):
Thanks in advance,
-dr
------------------------------------
The original message was received at Thu, 2 May 2002 20:47:19 -0300
from bridge3.itas.net [142.176.17.242]
with id g42NlJD18095
----- The following addresses had permanent fatal errors -----
<tami@mydomain.com>
(reason: can't create (user) output file)
----- Transcript of session follows -----
procmail: Quota exceeded while writing "/var/spool/mail/murphy"
550 5.0.0 <tami@mydomain.com>... Can't create output
Reporting-MTA: dns; hop.myserver.com
Received-From-MTA: DNS; bridge3.itas.net
Arrival-Date: Thu, 2 May 2002 20:47:19 -0300
Final-Recipient: RFC822; tami@mydomain.com
Action: failed
Status: 5.3.0
Diagnostic-Code: X-Unix; 73
Last-Attempt-Date: Thu, 2 May 2002 20:47:20 -0300
Return-Path: <>
Received: from bridge3.itas.net (bridge3.itas.net [142.176.17.242])
by hop.myserver.com (8.10.2/8.10.2) with ESMTP id g42NlJD18095
for <tami@mydomain.com>; Thu, 2 May 2002 20:47:19 -0300
Received: from localhost (localhost)
by bridge3.itas.net (8.9.3+Sun/8.9.3) with internal id XAA06908;
Thu, 2 May 2002 23:47:22 GMT
Date: Thu, 2 May 2002 23:47:22 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON@bridge3.itas.net>
Message-Id: <200205022347.XAA06908@bridge3.itas.net>
To: <tami@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="XAA06908.1020383242/bridge3.itas.net"
Subject: Returned mail: Service unavailable
Auto-Submitted: auto-generated (failure)
The original message was received at Thu, 2 May 2002 23:47:15 GMT
from ip142177191105.islandtelecom.com [142.177.191.105]
----- The following addresses had permanent fatal errors -----
<rjcaissie@hotmail.com>
----- Transcript of session follows -----
... while talking to mx09.hotmail.com.:
>>> RCPT To:<rjcaissie@hotmail.com>
<<< 552 Requested mail action aborted: exceeded storage allocation
554 <rjcaissie@hotmail.com>... Service unavailable
Reporting-MTA: dns; bridge3.itas.net
Received-From-MTA: DNS; ip142177191105.islandtelecom.com
Arrival-Date: Thu, 2 May 2002 23:47:15 GMT
Final-Recipient: RFC822; rjcaissie@hotmail.com
Action: failed
Status: 5.5.0
Remote-MTA: DNS; mx09.hotmail.com
Diagnostic-Code: SMTP; 552 Requested mail action aborted: exceeded storage allocation
Last-Attempt-Date: Thu, 2 May 2002 23:47:21 GMT
Return-Path: <tami@mydomain.com>
Received: from Jxyti (ip142177191105.islandtelecom.com [142.177.191.105])
by bridge3.itas.net (8.9.3+Sun/8.9.3) with SMTP id XAA06906
for <rjcaissie@hotmail.com>; Thu, 2 May 2002 23:47:15 GMT
Date: Thu, 2 May 2002 23:47:15 GMT
Message-Id: <200205022347.XAA06906@bridge3.itas.net>
From: Publicover_Keith <Publicover_Keith@timhortons.com>
To: rjcaissie@hotmail.com
Subject: W32.Elkern removal tools
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=V7E6917827N
Content-Type: text/html;
W32.Elkern is a special dangerous virus that can infect on Win98/Me/2000/XP.
F-Secure give you the special W32.Elkern removal tools
For more information,please visit http://www.F-Secure.com
setup3.exe (attachment)
I've got one user who's pop account is being bombarded by emails... with attachments... obviously a virus.... i didn't really know what to do so I just deleted that users pop account and now the mail doesn't have anywhere to go. Should I have handled this differently?
Here is an example of an email (each email has a different "from"):
Thanks in advance,
-dr
------------------------------------
The original message was received at Thu, 2 May 2002 20:47:19 -0300
from bridge3.itas.net [142.176.17.242]
with id g42NlJD18095
----- The following addresses had permanent fatal errors -----
<tami@mydomain.com>
(reason: can't create (user) output file)
----- Transcript of session follows -----
procmail: Quota exceeded while writing "/var/spool/mail/murphy"
550 5.0.0 <tami@mydomain.com>... Can't create output
Reporting-MTA: dns; hop.myserver.com
Received-From-MTA: DNS; bridge3.itas.net
Arrival-Date: Thu, 2 May 2002 20:47:19 -0300
Final-Recipient: RFC822; tami@mydomain.com
Action: failed
Status: 5.3.0
Diagnostic-Code: X-Unix; 73
Last-Attempt-Date: Thu, 2 May 2002 20:47:20 -0300
Return-Path: <>
Received: from bridge3.itas.net (bridge3.itas.net [142.176.17.242])
by hop.myserver.com (8.10.2/8.10.2) with ESMTP id g42NlJD18095
for <tami@mydomain.com>; Thu, 2 May 2002 20:47:19 -0300
Received: from localhost (localhost)
by bridge3.itas.net (8.9.3+Sun/8.9.3) with internal id XAA06908;
Thu, 2 May 2002 23:47:22 GMT
Date: Thu, 2 May 2002 23:47:22 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON@bridge3.itas.net>
Message-Id: <200205022347.XAA06908@bridge3.itas.net>
To: <tami@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="XAA06908.1020383242/bridge3.itas.net"
Subject: Returned mail: Service unavailable
Auto-Submitted: auto-generated (failure)
The original message was received at Thu, 2 May 2002 23:47:15 GMT
from ip142177191105.islandtelecom.com [142.177.191.105]
----- The following addresses had permanent fatal errors -----
<rjcaissie@hotmail.com>
----- Transcript of session follows -----
... while talking to mx09.hotmail.com.:
>>> RCPT To:<rjcaissie@hotmail.com>
<<< 552 Requested mail action aborted: exceeded storage allocation
554 <rjcaissie@hotmail.com>... Service unavailable
Reporting-MTA: dns; bridge3.itas.net
Received-From-MTA: DNS; ip142177191105.islandtelecom.com
Arrival-Date: Thu, 2 May 2002 23:47:15 GMT
Final-Recipient: RFC822; rjcaissie@hotmail.com
Action: failed
Status: 5.5.0
Remote-MTA: DNS; mx09.hotmail.com
Diagnostic-Code: SMTP; 552 Requested mail action aborted: exceeded storage allocation
Last-Attempt-Date: Thu, 2 May 2002 23:47:21 GMT
Return-Path: <tami@mydomain.com>
Received: from Jxyti (ip142177191105.islandtelecom.com [142.177.191.105])
by bridge3.itas.net (8.9.3+Sun/8.9.3) with SMTP id XAA06906
for <rjcaissie@hotmail.com>; Thu, 2 May 2002 23:47:15 GMT
Date: Thu, 2 May 2002 23:47:15 GMT
Message-Id: <200205022347.XAA06906@bridge3.itas.net>
From: Publicover_Keith <Publicover_Keith@timhortons.com>
To: rjcaissie@hotmail.com
Subject: W32.Elkern removal tools
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=V7E6917827N
Content-Type: text/html;
W32.Elkern is a special dangerous virus that can infect on Win98/Me/2000/XP.
F-Secure give you the special W32.Elkern removal tools
For more information,please visit http://www.F-Secure.com
setup3.exe (attachment)