It is rumored that on or about 2002-07-08 7:42 PM -0700, Matthew Hill
wrote as follows:
>Here's another one for good measure! I dont see these going out
>from anywhere!
>From: upxHel <[EMAIL PROTECTED]>
>From: [EMAIL PROTECTED]
>Date: Mon Jul 08, 2002 07:34:34 PM US/Pacific
>To: upxHel <[EMAIL PROTECTED]>
>Cc:
>Subject: DELIVERY FAILURE: User mjohnston
>([EMAIL PROTECTED]) not listed in public Name & Address
>Book
>Return-Path: <>
>X-Mirrored-By: [EMAIL PROTECTED]
>Received: from fw251.intermet.com ([204.146.63.251] verified) by
>milepost1.com (Stalker SMTP Server 1.8b8) with SMTP id S.0001112311
>for <[EMAIL PROTECTED]>; Mon, 08 Jul 2002 19:37:33 -0700
Matthew,
Here, for what it is worth, is a Spamcop analysis of the headers from
the last example you provided. Note that this is the analysis which
[EMAIL PROTECTED] should have done before sending a bounce to
your (apparently forged) address.
===================
Parsing header:
Received: from fw251.intermet.com ([204.146.63.251] verified) by
milepost1.com (Stalker SMTP Server 1.8b8) with SMTP id S.0001112311
for <[EMAIL PROTECTED]>; Mon, 08 Jul 2002 19:37:33 -0700
Possible spammer: 204.146.63.251
host fw251.intermet.com (checking ip) ip = 204.146.63.251
Taking name from IP...
host 204.146.63.251 (getting name) 204.146.63.251 = fw251.intermet.com.
host fw251.intermet.com. (checking ip) ip = 204.146.63.251
Received line accepted
Received: from hstgw031.intermet.com by fw251.intermet.com via smtpd
(for user-vc8fec8.biz.mindspring.com [216.135.185.136]) with SMTP; 9
Jul 2002 02:37:30 UT
Ignoring "(for user-vc8fec8.biz.mindspring.com [216.135.185.136])"
Received: from hstgw031.intermet.com by fw251.intermet.com via smtpd
with SMTP; 9 Jul 2002 02:37:30 UT
no ip found in received line
Ignored
host 204.146.63.251 (getting name) 204.146.63.251 = fw251.intermet.com.
Received: from firewall.intermet.com ([10.250.0.2]) by
hstgw031.intermet.com (Lotus Domino Release 5.0.4) with SMTP id
2002070822331807:6974 ; Mon, 8 Jul 2002 22:33:18 -0400
Untrusted:(Lotus Domino Release 5.0
Removing possible fake IP from header:[10.250.0.2]
Received: from firewall.intermet.com ( x ) by hstgw031.intermet.com
(Lotus Domino Release 5.0.4) with SMTP id 2002070822331807:6974 ;
Mon, 8 Jul 2002 22:33:18 -0400
no ip found in received line
Ignored
host 204.146.63.251 (getting name) 204.146.63.251 = fw251.intermet.com.
Received: from h162-040-098-242.adsl.navix.net ([162.40.98.242]) by
firewall.intermet.com via smtpd (for hstgw031.intermet.com
[10.1.0.31]) with SMTP; 9 Jul 2002 02:37:10 UT
Ignoring "(for hstgw031.intermet.com [10.1.0.31])"
Received: from h162-040-098-242.adsl.navix.net ([162.40.98.242]) by
firewall.intermet.com via smtpd with SMTP; 9 Jul 2002 02:37:10 UT
host 204.146.63.251 (getting name) 204.146.63.251 = fw251.intermet.com.
Possible spammer: 162.40.98.242
host h162-040-098-242.adsl.navix.net (checking ip) ip = 162.40.98.242
Taking name from IP...
host 162.40.98.242 (getting name) 162.40.98.242 =
h162-040-098-242.adsl.navix.net.
host h162-040-098-242.adsl.navix.net. (checking ip) ip = 162.40.98.242
Chain test:firewall.intermet.com =? fw251.intermet.com.
host firewall.intermet.com (checking ip) ip not found ;
firewall.intermet.com discarded as fake.
no MXs for firewall.intermet.com
204.146.63.251 is an MX for intermet.com
host fw251.intermet.com. (checking ip) ip = 204.146.63.251
ips are identical
firewall.intermet.com and fw251.intermet.com. have close IP
addresses - chain verified
Possible relay: 204.146.63.251
204.146.63.251 not listed in relays.ordb.org.
204.146.63.251 has already been sent to relay testers
Received line accepted
Received: from unknown (HELO da001d2020.lax-ca.osd.concentric.net)
(194.29.209.49) by f64.law4.hotmail.com with QMQP; Jul, 08 2002
9:27:17 PM +0300
host 162.40.98.242 (getting name) 162.40.98.242 =
h162-040-098-242.adsl.navix.net.
Possible spammer: 194.29.209.49
host da001d2020.lax-ca.osd.concentric.net (checking ip) ip = 208.36.182.233
194.29.209.49 is not an MX for da001d2020.lax-ca.osd.concentric.net
ips don't match; da001d2020.lax-ca.osd.concentric.net discarded as fake
Taking name from IP...
host 194.29.209.49 (getting name) no name
194.29.209.49 is not an MX for h162-040-098-242.adsl.navix.net.
Chain test:f64.law4.hotmail.com =? h162-040-098-242.adsl.navix.net.
host f64.law4.hotmail.com (checking ip) ip = 216.33.149.64
host h162-040-098-242.adsl.navix.net. (checking ip) ip = 162.40.98.242
216.33.149.64 is not an MX for h162-040-098-242.adsl.navix.net.
162.40.98.242 is not an MX for f64.law4.hotmail.com
ips don't match; f64.law4.hotmail.com discarded as fake
Chain test failed
Chain test:f64.law4.hotmail.com =? h162-040-098-242.adsl.navix.net
host f64.law4.hotmail.com (checking ip) ip = 216.33.149.64
host h162-040-098-242.adsl.navix.net (checking ip) ip = 162.40.98.242
216.33.149.64 is not an MX for h162-040-098-242.adsl.navix.net
162.40.98.242 is not an MX for f64.law4.hotmail.com
ips don't match; f64.law4.hotmail.com discarded as fake
Chain test failed
Chain test:f64.law4.hotmail.com =? 162.40.98.242
host f64.law4.hotmail.com (checking ip) ip = 216.33.149.64
162.40.98.242 is not an MX for f64.law4.hotmail.com
ips don't match; f64.law4.hotmail.com discarded as fake
host 162.40.98.242 (getting name) 162.40.98.242 =
h162-040-098-242.adsl.navix.net.
Chain test failed
host 162.40.98.242 (getting name) 162.40.98.242 =
h162-040-098-242.adsl.navix.net.
host h162-040-098-242.adsl.navix.net. (checking ip) ip = 162.40.98.242
Paranoid reverse DNS passes
abuse.net navix.net = [EMAIL PROTECTED]
Chain error f64.law4.hotmail.com not equal to last sender received
line discarded
Tracking message source:162.40.98.242:
host 162.40.98.242 (getting name) 162.40.98.242 =
h162-040-098-242.adsl.navix.net.
host h162-040-098-242.adsl.navix.net. (checking ip) ip = 162.40.98.242
Paranoid reverse DNS passes
abuse.net navix.net = [EMAIL PROTECTED]
Yum, this spam is fresh!
162.40.98.242 not listed in formmail.relays.monkeys.com
162.40.98.242 listed in proxies.relays.monkeys.com
162.40.98.242 is an open proxy
Header data found in body, aborting link detection
Report Spam to:
Re:162.40.98.242 (Administrator of network where email originates)
To: [EMAIL PROTECTED]
========================
--
Neil
Neil Herber, RGD
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
