We've been hit by the spammers, please have mercy

Over the weekend someone decided to use our (Graphnet/globalis.net)
mail server for sending spam. We are in the process of dealing with
this and some internal network outages all at once. FYI, our mail server
is running the very latest Solaris 2.5.1 + patches but the software
is Netscape Mail server which replaces Sendmail with its very own. I
thought they claimed it could not be used for transit mail but
apparently either the claim was false or I misunderstood.

Our small staff is strained to capacity working on these issues this
monday morning. Please, stop sending mail to postmaster@graphnet.com and
attacking us
You are making the problem worse by flooding us with mail.
Please do not blackhole us we have never been a problem before with
this and thought we had taken preventative measures. Obviously these
measures failed but we are working with Netscape to understand why their
sendmail version allowed this to happen.

Don't shoot me, I'm one of the good guys....
We want to take action with law enforcement to find and prosecute the
spammer for denial of service attacks and theft of services. Pointers
to appropriate law enforcement agencies appreciated, also tips on
tracking the source down. Ditto applicable NJ and US statutes. I assume
not every spam comes from cyberpromo using one's server for transit

Dana Hudes
Senior Network Engineer

Do you have a copy of the spam itself with full headers?

I keep a lot of notes about these crooks and could cross-check.

        -Barry Shein

Software Tool & Die | bzs@world.std.com | http://www.std.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989

A technical correction: The netra, which resolves to graphnet.com,
was the victim even though we have an MX record pointing elsewhere.
I have locked the doors, it won't happen again on that machine --
its a firewall and I put in a rule to prevent off-campus smtp
connections. The spammer kept hitting us while my attention was
drawn to an unrelated outage with a major customer. Eventually
he stopped hitting us and moved on.

Meanwhile our real public mail server is vulnerable because
it runs Netscape mail (netra runs solaris 2.4 until SunSoft
gets our copy of 2.5.1 application server off back order;
ditto an old sendmail). We consulted Netscape server support,
they said their version of sendmail is vulnerable even in the
very latest version of Messaging Server (which replaces mail server).
Netscape has a nice web interface for mail but we will have to
put a real sendmail machine in front or get rid of Netscape mail.
Any opinions on whether this warrants a CERT advisory ?
Someoone should post to bugtraq or something so the world knows
-- and puts pressure on Netscape.

Dana Hudes
p.s. Thanks to all who offered to help and/or e-mailed various
statute citations. This seems a bit beyond the Teaneck police,
does it go to FBI? Secret Service? Postal Inspectors? FCC? State
Police? Interpol? Who has jurisdiction?