Re: [Declude.JunkMail] Fw: Help, I have been blacklisted

[R. Scott Perry]

My log files have trippled in size the last 3 days.
Quick action is key to hijacking.  The spammer has already gotten his 
money's worth from your service.  Three days of spamming before getting 
kicked off is excellent for a spammer.  They are happy with 12 hours if 
they can get it.

Entering your IP in the Spam Database Lookup tool at 
http://www.DNSstuff.com shows the PSBL listing, which lists this evidence:

        From [EMAIL PROTECTED] Tue Sep 07 15:20:34 2004
        Delivery-date: Tue, 07 Sep 2004 15:20:34 -0400
        Received: from [65.240.164.10] (helo=ethixs.com)
        by mail.victim.example with esmtp (Exim 4.41)
        id 1C4lW6-0003Ru-1O
        for [EMAIL PROTECTED]; Tue, 07 Sep 2004 15:20:34 -0400
        Received: from scooping [201.129.134.20] by ethixs.com with ESMTP
        (SMTPD32-7.11) id A85B449A025C; Tue, 07 Sep 2004 15:13:31 -0400
        From: "Moira Shori"<[EMAIL PROTECTED]>
        To: [EMAIL PROTECTED]
        Subject: FDA APPROVED PRESCRl|PT|0N MEDI1CATlONS.
        Mime-Version: 1.0
        Date: Tue, 7 Sep 2004 15:14:03 -0400
Removing all but the Received: headers brings it down to:
        Received: from [65.240.164.10] (helo=ethixs.com)
                by mail.victim.example with esmtp (Exim 4.41)
                id 1C4lW6-0003Ru-1O
                for [EMAIL PROTECTED]; Tue, 07 Sep 2004 15:20:34 
-0400
        Received: from scooping [201.129.134.20] by ethixs.com with ESMTP
                (SMTPD32-7.11) id A85B449A025C; Tue, 07 Sep 2004 15:13:31 
-0400

The first Received: header is from the mailserver that actually received 
the spam.  The second one is the one that it apparently from your 
mailserver.  And guess what?  It matches the IMail Received: header format 
perfectly.  Guess what else?  You can cross-reference that with your IMail 
log files to prove that IMail did indeed send the E-mail.  And you can 
check to see if the IP 201.129.134.20 is allowed to relay.  And you can 
check to see if any funky stuff went on to get the E-mail sent out (such as 
authentication or a deprecated routing format using '%' or '!').

                                                   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.