I have received hundreds of emails from a single IP address with forged
names since yesterday. The subject is usually something like "Re: Approved"
or "That Movie", etc. Initially there was an approx. 100K attachment (what
is a PIF file anyway?) but now they refer to an attachment that isn't there.

First, my set up:
Firewall: MultiTech RF550VPN with only port 25 open
Mail Server: UnixWare 7.1.0 with ptf7130e installed
(I had to use my old sendmail.cf file as the new one
would not allow inbound mail and I don't speak sendmail.)

The domains are sometimes those of companies I have received mail from in
the past with bogus user names, e.g., bogus@supplier.com. While I do have a
M$ system on my LAN, it is never allowed to touch email; that is entirely
done from my UW7 and OSR5 systems. I do occasionally use it for browsing
when IE is required due to backwards web sites I must sometimes access;
otherwise I use Mozilla from SCO Linux or M$.

I have successfully put a stop to the messages showing up by adding a
Received: line in my .maildelivery file with the single IP address.

Question: Is this a fluke and I am the "winner" chosen to receive this ilk
or is this a coordinated attack? (The messages are not "normal" spam in that
they do not attempt to sell anything or lead me to their web site; it just
slows my systems down processing the trash.)

I also have a much smaller number of delivery failed messages where it uses
my return address in the From: line with the same bogus email addresses in
the
To: line. (This bothers me more than the in bound garbage; I do not want my
system used to inundate any one else' system. Perhaps low bandwidth does
have its benefits!)

Thank you,
Lucky

Lucky Leavell Phone: (800) 481-2393 (US/Canada)
UniXpress - Your Source for SCO OR: (812) 366-4066
1560 Zoar Church Road NE FAX: (812) 366-3618
Corydon, IN 47112-7374 Email: lucky@UniXpress.com
WWW Home Page: http://www.UniXpress.com