Can someone help me explain this. Why does Imail/Declude report YAHOO as
the receiving server when SPAMCOP ignores Yahoo as the receiving server? We
add a negative weight from Yahoo REVDNS. Should SPAMCOP also "abuse" to
Yahoo? Or do I not fully understand? Imail log DOES show 66.163.175.81 as
the connecting server (Yahoo). Shouldn't the abuse really be sent to Yahoo
since it come from their server (from our logs)?
Erik
EMAIL HEADERS:
------------------------------------------------------------
Received: from smtp004.bizmail.sc5.yahoo.com [66.163.175.81] by
mail.montananetwork.net
(SMTPD-8.20) id A5E40300; Wed, 20 Jul 2005 21:26:28 -0600
Received: (qmail 37210 invoked from network); 21 Jul 2005 03:26:27 -0000
Received: from unknown (HELO User) ([EMAIL PROTECTED]@70.245.85.9 with
login)
by smtp004.bizmail.sc5.yahoo.com with SMTP; 21 Jul 2005 03:26:26 -0000
Reply-To: <[EMAIL PROTECTED]>
From: "PayPal"<[EMAIL PROTECTED]>
Subject: Unauthorized access to your PayPal account !
Date: Wed, 20 Jul 2005 22:26:16 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: MN-WHITELIST: Message failed MN-WHITELIST test (line 21,
weight -50)
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected.
X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[c400120a].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[c400120a].
X-RBL-Warning: SPAMDOMAINS: Spamdomain '@paypal.com' found: Address of
[EMAIL PROTECTED] sent from invalid smtp004.bizmail.sc5.yahoo.com.
X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 10.
X-MN: ============================================
X-MN: Scanned for viruses and weighted for SPAM
X-MN: Scan Time: 21:26:33 on 20 Jul 2005
X-MN: Spool File: D15E401AD0000093A.SMD
X-MN: ============================================
X-MN: Failed Tests:
X-MN: MN-WHITELIST, NOLEGITCONTENT, NOABUSE, BADHEADERS, SPAMHEADERS,
SPAMDOMAINS, SPAMCHK
X-MN: ============================================
X-MN: Receiving Server: mail.montananetwork.net
X-MN: Spam Score: 57
X-MN: SMTP Sender: [EMAIL PROTECTED]
X-MN: Recipients: X
X-MN: Country Chain: UNITED STATES->destination
X-MN: Sent from: smtp004.bizmail.sc5.yahoo.com ([66.163.175.81])
X-MN: ============================================
Status: R
X-UIDL: 419936643
X-IMail-ThreadID: 15e401ad0000093a
SPAMCOP REPORTS:
-------------------------------------------------------------------
Received: from smtp004.bizmail.sc5.yahoo.com [66.163.175.81] by
mail.montananetwork.net (SMTPD-8.20) id A5E40300; Wed, 20 Jul 2005 21:26:28
-0600
66.163.175.81 found
host 66.163.175.81 = smtp004.bizmail.sc5.yahoo.com (cached)
smtp004.bizmail.sc5.yahoo.com is 66.163.175.81
Possible spammer: 66.163.175.81
Received line accepted
Relay trusted (66.163.175.81 bizmail.sc5.yahoo.com)
Received: (qmail 37210 invoked from network); 21 Jul 2005 03:26:27 -0000
Ignored
Received: from unknown (HELO User) ([EMAIL PROTECTED]@70.245.85.9 with
login) by smtp004.bizmail.sc5.yahoo.com with SMTP; 21 Jul 2005 03:26:26
-0000
70.245.85.9 found
host 70.245.85.9 = adsl-70-245-85-9.dsl.hstntx.swbell.net (cached)
adsl-70-245-85-9.dsl.hstntx.swbell.net is 70.245.85.9
Possible spammer: 70.245.85.9
Possible relay: 66.163.175.81
66.163.175.81 not listed in relays.ordb.org.
66.163.175.81 has already been sent to relay testers
Received line accepted
Tracking message source: 70.245.85.9:
Routing details for 70.245.85.9
[refresh/show] Cached whois for 70.245.85.9 : [EMAIL PROTECTED]
Using abuse net on [EMAIL PROTECTED]
abuse net sbcglobal.net = [EMAIL PROTECTED]
Using best contacts [EMAIL PROTECTED]
Yum, this spam is fresh!
Message is 0 hours old
70.245.85.9 not listed in dnsbl.njabl.org
70.245.85.9 not listed in dnsbl.njabl.org
70.245.85.9 not listed in cbl.abuseat.org
70.245.85.9 not listed in dnsbl.sorbs.net
70.245.85.9 not listed in relays.ordb.org.
70.245.85.9 not listed in accredit.habeas.com
70.245.85.9 not listed in plus.bondedsender.org
70.245.85.9 not listed in iadb.isipp.com
Finding links in message body
Parsing HTML part
Resolving link obfuscation
http://larry.clsnp.edu.hk/~larry/uit/.ssls/user_data_login_account_secure_en
cryption_ssl_user_signin_online_login/index.htm
host larry.clsnp.edu.hk (checking ip) = 210.0.178.155
host 210.0.178.155 (getting name) no name
Tracking link:
http://larry.clsnp.edu.hk/~larry/uit/.ssls/user_data_login_account_secure_en
cryption_ssl_user_signin_online_login/index.htm
[report history]
Resolves to 210.0.178.155
Routing details for 210.0.178.155
[refresh/show] Cached whois for 210.0.178.155 : [EMAIL PROTECTED]
[EMAIL PROTECTED]
Using abuse net on [EMAIL PROTECTED]
abuse net hgc.com.hk = [EMAIL PROTECTED]
Using abuse net on [EMAIL PROTECTED]
abuse net hgcbroadband.com = [EMAIL PROTECTED]
Using best contacts [EMAIL PROTECTED]
Reports regarding this spam have already been sent:
Re: 70.245.85.9 (Silent report about source of mail)
Reportid: 1472550866 To: [EMAIL PROTECTED]
Re:
http://larry.clsnp.edu.hk/~larry/uit/.ssls/user_data_login_account_secure_en
cryption_ssl_user_signin_online_login/index.htm (Silent report about
spamvertisement)
Reportid: 1472550873 To: [EMAIL PROTECTED]
If reported today, reports would be sent to:
Re: 70.245.85.9 (Administrator of network where email originates)
[EMAIL PROTECTED]
Re: 70.245.85.9 (Third party interested in email source)
[EMAIL PROTECTED]
Re: http://larry.clsnp.edu.hk/~larry/uit/.ssls/user... (Administrator of
network hosting website referenced in spam)
[EMAIL PROTECTED]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
