Urgent! - Can't trace spammer!

grep E1BoplI-0003Nj-Iv /var/log/exim_*

will take some time, but should provide a few clues

 

This sounds like a great solution, you wanna share with us how you implemented this new anti fraud solution ?

 

This is not a great solution for people who are deaf.. FYI.

Brenden

 

That's true, but then if they are deaf, wouldn't they either have a phone specially made for the deaf? Or not have a phone?

I like the idea. Wanna share it with us?

 

Heh..

Yeah but they would still have problems hearing what it is saying.. push 1 or 2. I am talking about those who were born deaf and did not acquire language with sound. Therefore they would not be able to understand anything on the phone. Calling back would cause them to be on the "discard" list.

Brenden

 

But how would they know to pick up the phone if they couldn't hear it ringing?

 

Yeah the deaf wouldnt be able to hear the ring tone !
Anyway I guess its a great way to double check the automatic set up process and if nobody is home or the are deaf or have the music playing to loud to hear anything or are still on dial up and what ever other reasons , the system , as I understood it, wouldnt automatically setup the account on the server , but hopefully you could still do this manually after double checking the order. Either way , I guess its a great concept ! :D
So lets hear the ins and outs from the inventor !

 

I'm just being fecetious. I do think it's a good idea. I do hope that it does not cancel the order if the phone is not answered or if the person is deaf or if the number is accidentally typed wrong or whatever. Also, what happens if the number is in a different country? Still okay?

 

This is entirely untrue. Deaf people have a callcenter they get called up from via telex or something else, maybe internet by now. In other words, The system speaks to an operator, the operator writes to the deaf person and he tells her what to do.

My two cents.

Br,

Daniel

 

Deafness issues

Most of you seem to have some very strange concepts of what happens as far as deaf persons and telephony. I am deaf and have been since the age of six years old.

To clear some things up:

1.) Phone ringing

There are systems available for the deaf and hearing impaired that can cover an individual device or cover the entire home. Basically when the the phone rings it sends a signal to a transmitter which causes a light (or several lights) to flash or for a bed shaker or pager to go off.

2.) Relay calls/callcenter

This scencario would NOT work because while there are voice to text and text to voice relays the automated system would be calling the client directly. In order to use the relay system the caller must first call the relay number and then have them call the deaf/hearing impaired person. Yes, there are internet based relay services now, hoewver these still require contacting relay before contacting the other person, its simply an IP phone direct to the relay center.

3.) Phone devices

Thanks to modern technology there are several very advanced TDD (Telecommunication Devices for the Deaf) out there. They range from somewhat heavy units that look like a condensed typewriter, to a lightweight, flip open screen and keyboard type device. Many of them have advanced features you would expect to find in a pda or scaled down computer.

In general, automated systems are a hardship for persons who are deaf or hard of hearing period. Basically there is no way for an automated system to verify with a truly deaf person live time. You would have to put a notice on the site with the number that would be calling to verify and instructions to push 1 or 2 in writing when the phone rings. While not a perfect solution that should work as most do have caller ID in this day and age, or would be expecting the call immediately after signup.

Hope this clears up some issues.

Tom

 

good stuff, Tom !

 

Very good info ftc_tom. Thanks for clarifying the telephony information. This type of info is great to get out. My wife is an interpreter for the deaf, and has been doing this approx. 10 years. She had also worked in a relay service as well for several years, before she started interpreting.

Although this won't help in the automated phone scenario, almost all of the people my wife deals with now uses some sort of mobile Instant messanger/text messenger system. So they are communicating via text, just as hearing people do on cell phones.

Just an additional FYI.

 

Didn't work for me!

I followed the steps of:

grep kunlebadmose@yahoo.com /var/log/exim_*

but it only comes up with:

/var/log/exim_mainlog:2004-09-29 02:08:22 1CCXdT-0008K6-Vy <= kunlebadmose@yahoo.com U=nobody P=local S=1736

Does anybody know of any other techniques to track or find who is relaying into my system?

Thanks!

 

Now search your logs for the message ID 1CCXdT-0008K6-Vy.

The U=nobody makes it appear to be sent from the "nobody" user which Apache tends to run as (if you aren't using phpSuExec and suExec). You'll have to check your Apache logs at /usr/locala/apache/domlogs around that time period. I'd try:

grep kunlebadmose /usr/local/apache/domlogs/*

to see if you can find anything "obvious". If not, try:

grep "[29/Sep/2004:02:0]" /usr/local/apache/domlogs/* > /root/tempgrep
grep "POST" /root/tempgrep > /root/doublechecktheseresults

which may bring up some "interesting scripts" to double check (webmail.php , formmail.pl etc etc)

 

Here is some info i grabbed from webhostingtalk.com unfortunately i did not cut and paste the links when i cut and paste the text into notepad the other day to implement on my own server. Hope nobody kills me for not crediting them.

Option A:

Code:

iptables -A OUTPUT --protocol tcp --destination-port 25 -j ACCEPT --match owner --uid-owner 0
iptables -A OUTPUT --protocol tcp --destination-port 25 -j REJECT 

to UNDO the above (if it messes something up for you)

iptables -D OUTPUT --protocol tcp --destination-port 25 -j ACCEPT --match owner --uid-owner 0
iptables -D OUTPUT --protocol tcp --destination-port 25 -j REJECT

Option B:

Code:

# * * * * * netstat -pan | grep -v 216.180.252.225 | grep -E ":25 [ ]*EST" 2> /dev/null > /root/netstat2.out && ps -wwwwwef >> /root/netstat2.out && cat /root/netstat2.out | mail -s "outgoing port 25 caught" admin@yourdomain.com

# * * * * * sleep 30 ; netstat -pan | grep -v 216.180.252.225 | grep -E ":25 [ ]*EST" 2> /dev/null > /root/netstat2.out && ps -wwwwwef >> /root/netstat2.out && cat /root/netstat2.out | mail -s "outgoing port 25 caught" admin@yourdomain.com

We have a mail-relay, the server is supposed to send all outgoing email to this relay, then the relay does all the spooling. So open port 25 connections NOT to the relay (grep -v removes the relay from the results) is a dead giveaway something is up, so "if found open port 25 outgoing not to relay" "send results and a ps -wwwef to admin"

 

We already post a notice that ALL ORDERS ARE PHONE VERIFIED. Just add on a simple tag line to that so that a deaf client could give a valid number to a hearing person to verify the account. Hassle yes, do-able? yes