[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sep 29, 2006, Simon Waters was like:
> If you have email from the source of the problem, you can find the IP
> address of the offending box and report it.
There may be two problems: <a> messages apparently from me but really
oginating from Brazil, Russia, Malaysia, Japan, etc and addressed to
fictional recipients which bounce. and <b> messages addressed to me.
Some of these are caught by the spam filter at blackcatnetworks and
labelled (so my procmailrc feeds them to /var/spool/mail/junk) and I
can say what the spam level is. Here is part of one such message.
Received: from cpe-67-10-105-73.elp.res.rr.com ([67.10.105.73])
by tripod.blackcatnetworks.co.uk with smtp (Exim 4.50)
id 1GT1aR-0005Sb-JH
for petgord34truew@xxxxxxxxxxxxxxx; Thu, 28 Sep 2006 20:30:24 +0100
Received: from rntnhfcqcpnd by cpe-67-10-105-73.elp.res.rr.com with local (Exim 4.42
(FreeBSD))
id 1GT1aN-0003MH-AH
for petgord34truew@xxxxxxxxxxxxxxx; Thu, 28 Sep 2006 13:30:19 -0600
To: <petgord34truew@xxxxxxxxxxxxxxx>
Subject:
From: "Lucy Rosales" <yegud@xxxxxxxxxxxxxx>
Content-Type: text/html;charset=windows-1252
Content-Transfer-Encoding: 7BIT
Message-Id: <1GT1aN-0003MH-AH@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: User rntnhfcqcpnd <rntnhfcqcpnd@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Sep 2006 13:30:19 -0600
X-BlackCat-Spam-Score: 13.6
X-BlackCat-Spam-Flag: YES
X-BlackCat-Spam-Report: Spam detection software, running on the system
"tripod.blackcatnetworks.co.uk", has identified this incoming email as
possible spam.
Content analysis details: (13.6 points, 5.0 required)
pts rule name description
--- ---------------------- ------------------------------------
0.5 HTML_TITLE_UNTITLED BODY: HTML title contains "Untitled"
1.6 HTML_SHORT_LENGTH BODY: HTML is extremely short
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4505]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[67.10.105.73 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?67.10.105.73>]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[67.10.105.73 listed in sbl-xbl.spamhaus.org]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[67.10.105.73 listed in combined.njabl.org]
1.8 MISSING_SUBJECT Missing Subject: header
0.3 HTML_TITLE_SUBJ_DIFF HTML_TITLE_SUBJ_DIFF
X-BlackCat-Spam-Level: +++++++++++++
Delivered-To: solon-whit-petgord34truew@xxxxxxxxxxxxxxx
X-BlackCat-To: solon-whit-petgord34truew@xxxxxxxxxxxxxxx
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Untitled</title>
</head>
<body>
</body>
</html>
--------------------------------------------------------------------------
The IP address 67-10-105-73 really is elp.res.rr.com.
Is there anything you can deduce from all this? It looks as if the originator
is already known to the authorities?
Tony Sumner
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html