Many thanks.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
Andrew
Sent: Friday, March 16, 2007 11:02 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Bounce / Spoof Analysis Help Please
You're safe, Robert.
I've seen this part in spam sent to my domain for about a year:
> Received: from 208.100.26.91 (HELO smtp.igive.com)
> by hoffman.army.mil with esmtp (9(A'R/,ZVN :36=Q+)
> id JLM3A5-)G'4.A-M/
The gibberish in the received block is a definite "spam signature" and
is entirely fake. The army isn't going to be breaking down your door
and making you eat this spam.
Andrew 8)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Robert Grosshandler
> Sent: Friday, March 16, 2007 7:39 AM
> To: declude.junkmail@declude.com
> Subject: [Declude.JunkMail] Bounce / Spoof Analysis Help Please
>
> Hi
>
> We're seeing bounce messages similar to the following. I
> don't think our server has been compromised, but I want to be
> sure. We legitimately send mail from 208.100.26.91, but I
> think (hope) its appearance in the following is spoofed.
>
>
>
> --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil
> The-original-message-was-received-at-Fri,-16-Mar-2007-08:
> 55:31 -0400 (EDT)
>
>- The following addresses had permanent fatal errors
> - <[EMAIL PROTECTED]>
> (reason: 550 5.7.1 Unable to relay for [EMAIL PROTECTED])
>- Transcript of session follows - ... when talking
> to ahrc00bh0106287.nae.ds.army.mil. while trying to contact
> hrcmail.hoffman.army.mil.:
> >>> DATA
> <<< 550 5.7.1 Unable to relay for [EMAIL PROTECTED] 550
> 5.1.1 <[EMAIL PROTECTED]>... User unknown <<< 554 5.5.2
> No valid recipients
>
> --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; hrcpro21.hoffman.army.mil
> Arrival-Date: Fri, 16 Mar 2007 08:55:31 -0400 (EDT)
>
> Final-Recipient: RFC822; [EMAIL PROTECTED]
> Action: failed
> Status: 5.7.1
> Remote-MTA: DNS; hrcmail.hoffman.army.mil
> Diagnostic-Code: SMTP; 550 5.7.1 Unable to relay for
> [EMAIL PROTECTED]
> Last-Attempt-Date: Fri, 16 Mar 2007 08:55:34 -0400 (EDT)
>
>
> --l2GCtYMS006458.1174049734/hrcpro21.hoffman.army.mil
> Content-Type: message/rfc822
>
> Return-Path: <[EMAIL PROTECTED]>
> Received: from cbs-6rhxyt1d3ub.chello.pl (chello089078068055.chello.pl
> [89.78.68.55])
> by hrcpro21.hoffman.army.mil with ESMTP id l2GCtQV4006425;
> Fri, 16 Mar 2007 08:55:31 -0400 (EDT)
> Received: from 208.100.26.91 (HELO smtp.igive.com)
> by hoffman.army.mil with esmtp (9(A'R/,ZVN :36=Q+)
> id JLM3A5-)G'4.A-M/
> for [EMAIL PROTECTED]; Fri, 16 Mar 2007 12:55:33 -0060
> From: "Effie Drummond"
> To: <[EMAIL PROTECTED]>
> Subject: Choosing Online Pharmacy.
> Date: Fri, 16 Mar 2007 12:55:33 -0060
> Message-ID: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="=_NextPart_000_000E_01C767D2.C434B490"
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
> Importance: Normal
> X-Antivirus: avast! (VPS 000724-0, 2007-03-15), Outbound message
> X-Antivirus-Status: Clean
> x-scc-prev-hop: 89.78.68.55
>
>
>
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be
> found at http://www.mail-archive.com.
>
>
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
