13 February 2007

Less Interesting, More Troubling

Merrily was I traveling over to lunch today, planning on a quick pit stop to assist someone with accessing their e-mail remotely, when just in passing that person mentioned that they had received a delivery failure on a message they had just sent.

*heart sinking*

Uh-oh. About, nay, precisely, two weeks ago we found ourselves listed on spamhaus.org. At the time, acting on a tip, I made an assumption that the problem was originating from a student computer. So I began a series of treks over to the apartments to sit myself physically at each computer and run a spyware scan. Subsequently I disabled automatic e-mail forwarding (what comes to the student server stays there unless a student manually forwards a message), tightened the firewall to allow only traffic from a legit server through, and added some logging to the firewall so I could see from whence rejected packets came. Surely, thought I, this should greatly reduce our chances of sending spam. So by Monday last (Feb 5) I had petitioned to have us removed from spamhaus.org. Yea and verily, all seemed well. Until ...

Apparently we were re-listed this morning at 7:15AM (+/- 30 minutes). At this point I know that wherever the spam is coming from, it is being sent via a legitimate server. It struck me about mid-afternoon that today is Tuesday. January 30 was also a Tuesday. Hmmm...

So now I think it likely that the culprit computer likely belongs to a commuter who arrives on campus perhaps as early as Monday evening, connects to the network, fires up the bugger, and proceeds to send spam. Presumably unawares. Feh.

Seems like tomorrow may be another looooooooooong day. Or perhaps the problem will magically resolve itself overnight. Until next Tuesday, perhaps.

1 comment:

John David said...

Offer free spyware/virus screening for commuters using laptops and see what you find. Of course, he probably got that spammy machine from downloading porn so he won't likely bring it in.