From owner-freebsd-questions@FreeBSD.ORG Sat Dec 11 15:42:11 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A94B01065672 for ; Sat, 11 Dec 2010 15:42:11 +0000 (UTC) (envelope-from xaero@xaerolimit.net) Received: from mail-ey0-f178.google.com (mail-ey0-f178.google.com [209.85.215.178]) by mx1.freebsd.org (Postfix) with ESMTP id 30C188FC12 for ; Sat, 11 Dec 2010 15:42:10 +0000 (UTC) Received: by eyh5 with SMTP id 5so2747908eyh.37 for ; Sat, 11 Dec 2010 07:42:10 -0800 (PST) Received: by 10.213.12.211 with SMTP id y19mr2482464eby.12.1292082128535; Sat, 11 Dec 2010 07:42:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.213.112.145 with HTTP; Sat, 11 Dec 2010 07:41:48 -0800 (PST) In-Reply-To: <20101211002225.D61647@sola.nimnet.asn.au> References: <20101210060704.A3B641065783@hub.freebsd.org> <20101211002225.D61647@sola.nimnet.asn.au> From: Chris Brennan Date: Sat, 11 Dec 2010 10:41:48 -0500 Message-ID: To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Ian Smith Subject: Re: xpbargains.net spam [was: Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)'] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 15:42:11 -0000 On Fri, Dec 10, 2010 at 8:47 AM, Ian Smith wrote: > In freebsd-questions Digest, Vol 340, Issue 11, Message: 27 > On Fri, 10 Dec 2010 00:54:37 -0500 > > On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol wrote: > > No, he didn't. These mails are FORGED as being from freebsd-questions > participants, and on first glance may appear to be list postings. They > used to get posted to the list itself also, but postmaster@ blocked the > nuisance source back in August. However that doesn't stop them from > targetting individual list participants, like you. > > If you examine the full mail headers, it's likely to have originated > from the following IP address. If so, you just need to block that > address at your mailserver. But if they've moved, we need to know .. > > Quoting from a message to postmaster@ in August: > > > As Roland pointed out, the phishing/virus/whatever referral has switched > > from downwind.com.au to xpbargains.net, and possibly some others. > > > > Here's the business: > > > > % dig +short -x 64.38.11.26 > > allmail.0b2.net. > > % dig +short allmail.0b2.net. > > 64.38.11.26 > > % dig +short dusk.parklogic.com > > 64.38.11.26 > > > > If you can discard by Message-ID then every one of these, including the > > privately mailed ones, has @dusk.parklogic.com there. > > > > If you can block by IP, then that's the one. Or by hostname, every one > > so far has been relayed by allmail.0b2.net (that's a zero). > > So if the full headers reveal coming from that hostname or that IP or > any other IP in 64.38.11.26/29, just block that and move on. > > If it's a different address range now, please provide the full headers > for the message you received, with a copy to postmaster@freebsd.org > > Thanks, Ian (please cc me on any reply, I take this list as a digest) > Of all the mail I got on this subject, yours was the most informative. Thanks. But my question is this. Does GMail provide access to the full headers? For example when I click 'Show Details' I see the following and not much else > from Paul B Mahol > sender-time Sent at 4:30 AM (GMT+11:00). Current time there: 2:35 AM. > to Chris Brennan > cc FreeBSD-Questions , Mark > date Mon, Nov 8, 2010 at 4:30 AM > subject Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)' The above header just arrived as I was typing this so I thought it an excellent example. Obviously, I've masked addresses but the point is the same, g-mail doesn't give much in the way of detail. Short of flagging one item as spam has the potential risk of sending all FreeBSD-Questions mail to the spam folder which is just a swirling vortex of nothingness that gets deleted. If it's managed to get routed there, it stays there, I rarely go digging for mail in my spam folder because I rarely find stuff that was sent to detention without rightfully being there. C-