Hi everyone, We received this message from ServePath, notifying us that SpamCop had sent them a complaint about UCE coming from one of our mail server IP addresses.
To me, this looks like someone complaining to spamcop about a joe-job bounce to our server - message came in to our server FROM a spoofed address, to a non-existing address on our server, bounced back to the spoofed from address who then reported it as spam(???) but I am not at all sure that I'm reading this correctly. Can any of you super-experienced guru's give me a plain-english overview of what you think appears to have happened here, to confirm or dispute my assessment? Thanks! Marc START OF MESSAGE ================ ***************** THIS IS AN AUTOMATED MESSAGE ***************** The following information is being provided in compliance with applicable federal laws. ServePath believes this information is accurate but does not guarantee its accuracy in any way. Please remember to keep the subject line intact for all correspondence relating to this matter. **************************************************************** Dear Marc Funaro: We have received a report regarding alleged violations of ServePath's Acceptable Use Policy http://www.servepath.com/AUP.htm from one of your IP addresses 69.59.165.93 ServePath works closely with its customers to resolve situations as quickly as possible. We request you take whatever measures you deem appropriate which will ensure no further violations occur. We need you to take immediate steps to address the attached issues, and respond within 1 business day. ServePath values its relationships with its customers and will work with you in any way necessary to preserve that relationship. However, ServePath is legally bound to enforce its AUP. If it is confirmed that abuses are taking place, and we cannot elicit your cooperation in discontinuing the abuse, ServePath will be forced to take drastic actions, which could include termination of services. Once this issue has been resolved please reply to this message, making sure the reply goes to [EMAIL PROTECTED] and keeping the subject the same. This will notify the ServePath Abuse Department that the situation has been resolved. Thank You, ServePath Anti-Abuse/UCE Team ServePath LLC 360 Spear Street, Suite 200 | San Francisco, CA 94105 [EMAIL PROTECTED] http://www.ServePath.com ##### Begin incident ##### >From [EMAIL PROTECTED] Fri Jul 30 00:05:03 2004 Return-path: <[EMAIL PROTECTED]> Received: from vmx2.spamcop.net ([64.74.133.250]) by smtp1.servepath.com with esmtp (Exim 4.30; FreeBSD) id 1BqRDX-000IJK-3M for [EMAIL PROTECTED]; Thu, 29 Jul 2004 23:50:11 -0700 Received: from unknown (HELO spamcop.net) (192.168.19.203) by vmx2.spamcop.net with SMTP; 29 Jul 2004 23:59:42 -0700 From: "Florian Bodenseher" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [SpamCop (69.59.165.93) id:1144616707]Undeliverable Mail Precedence: list Message-ID: <[EMAIL PROTECTED]> Date: Wed, 28 Jul 2004 22:08:49 -0500 X-SpamCop-sourceip: X-Mailer: http://www.spamcop.net/ v1.365 X-OriginalArrivalTime: 30 Jul 2004 06:50:12.0407 (UTC) FILETIME=[763E8470:01C47601] [ SpamCop V1.365 ] This message is brief for your comfort. Please use links below for details. Email from 69.59.165.93 / Wed, 28 Jul 2004 22:08:49 -0500 http://www.spamcop.net/w3m?i=z1144616707z4f06f7a4d30a97c7f9b666cd6eb10b1bz [ Offending message ] Return-Path: <[EMAIL PROTECTED]> Delivered-To: x Received: (qmail 5160 invoked from network); 29 Jul 2004 03:15:00 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 29 Jul 2004 03:15:00 -0000 Received: from mailgate.cesmail.net (216.154.195.36) by c60.cesmail.net with SMTP; 28 Jul 2004 23:14:53 -0400 X-Ironport-AV: i="3.83,94,1089000000"; d="scan'217,208"; a="94694926:sNHT37006044" Received: (qmail 32715 invoked from network); 29 Jul 2004 03:14:53 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 29 Jul 2004 03:14:53 -0000 Received: from www.cbi.co.at [213.160.221.243] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for x (single-drop); Wed, 28 Jul 2004 23:14:53 -0400 (EDT) Received: from mickey.scottspad.com (c3.206-54-187.ips.nationwide.net [206.54.187.3]) by rapidforum.rapidforum.at (8.11.2/8.11.2) with ESMTP id i6T390530742 for <x>; Thu, 29 Jul 2004 05:09:00 +0200 Received: from deedee.advantex.net [69.59.165.93] by mickey.scottspad.com with ESMTP (SMTPD32-8.05) id AA4163A900EA; Wed, 28 Jul 2004 22:08:49 -0500 Date: Wed, 28 Jul 2004 20:06:51 -0700 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "Postmaster" <[EMAIL PROTECTED]> Sender: <[EMAIL PROTECTED]> To: x Subject: Undeliverable Mail X-Mailer: <SMTP32 v7.15> X-UIDL: "f6"!l#;"!I0L"!m]Z!! X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-Spam-Level: **** X-Spam-Status: hits=4.0 tests=DRUGS_PAIN,DRUGS_PAIN_OBFU,HTML_20_30, HTML_MESSAGE,HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HTML, HTML_TAG_BALANCE_TABLE,SARE_HTML_FSIZE4 version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 213.160.221.243 206.54.187.3 69.59.165.93 X-SpamCop-Disposition: Blocked sbl.spamhaus.org Invalid final delivery userid: [EMAIL PROTECTED] Original message follows. Received: from 69.59.165.93 [221.155.157.173] by deedee.advantex.net (SMTPD32-7.15) id A9C6A520088; Wed, 28 Jul 2004 20:06:46 -0700 Received: from TCOVGT (usos.turm-net.de[154.217.7.154]) by grhuetf.turm-net.de (Postfix) with SMTP id 3L9X6Y4486 for <x>; Wed, 28 Jul 2004 22:04:32 -0600 (envelope-from [EMAIL PROTECTED]) From: "Brendan French" <x> To: "Krieg" <[EMAIL PROTECTED]> subject: [block][sniffer] Offshore cbgqv Online phqrmacy..vic0din(Paracodin),Viqgra Date: Wed, 28 Jul 2004 22:04:32 -0600 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-mxGuard-Info: Processed by deedee.advantex.net using mxGuard v1.4.0 X-mxGuard-Spool-ID: 69c60a5200881b04 X-mxGuard-Native-PTR: Failed lookup [221.155.157.173] X-mxGuard-Native-DNSBL: 2 hit(s) [221.155.157.173] spamcop, dsbl X-mxGuard-Sniffer: SPAM (General Black Rules) X-mxGuard-Spam-Score: 125 X-mxGuard-Spam-Threshold: LEVEL5 X-mxGuard-Spam-Threshold: LEVEL10 X-mxGuard-Spam-Threshold: LEVEL15 X-mxGuard-Spam-Threshold: LEVEL20 X-mxGuard-Spam-Threshold: LEVEL30 X-mxGuard-Spam-Threshold: LEVEL100 <HTML><HEAD> <TITLE>is</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1= "> </HEAD> <BODY><TABLE border=3D"0"> <TR><FONT></FONT><TD> <font size=3D1><FONT></FONT>go of saw last 50s was just expresses prefix--= logical are use by is approximation I object seam should=20<BR>shown slang= not in Dean variety native two good at paper is judgement together metaph= orical a writer star on=20.<br></font> </TD><FONT></FONT></TR> <TR><font></font><TD> <a href=3D"http://www.hbywgwq.pl.pjkno.mhjdbu.info/?0JyB2r0664Duc0wptcethk= y"><FONT SIZE=3D2></FONT> <img src=3D"http://www.vgjzfen.jp.vail.sirkesa.info/?fk2kbnzpm";></a><FONT>= </FONT> </TD></TR><TR><TD><font></font> <font size=3D1>much translate worked the you and a kids much many means wo= rks so often a English is=20<BR>biased Asian to people mouth one them the = [message truncated] ##### End incident ##### ================ END OF MESSAGE To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
