Ashley M. Kirchner wrote:
Can someone explain this to me? It's from a spam message (in fact, a
lot of them are coming through MD+SA these days) and they all show the
same thing, negative numbers:
Received: from -1216216520 ([222.60.136.228])
by serpico.pcraft.com (8.13.0/8.13.0) with SMTP id jB30Mott008917
for <[EMAIL PROTECTED]>; Fri, 2 Dec 2005 17:22:54 -0700
Here it looks like the negative number is actually the HELO string,
which can be set to pretty much anything.
Received: from goprat.com (-1216301840 [-1213314064])
by ghfixtures.com (Qmailv1) with ESMTP id 8568A5A816
for <[EMAIL PROTECTED]>; Fri, 02 Dec 2005 17:22:58 -0800
Assuming serpico.pcraft.com is your server, this line is probably
forged, so again anything could go into the spots.
If I were to guess, someone has spamwarethat's generating random numbers
for fake IP addresses, but has an error in formatting, so they're
getting displayed as negative integers instead of dotted quads.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
