From owner-freebsd-chat Tue Mar 28 19:10:53 2000 Delivered-To: freebsd-chat@freebsd.org Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134]) by hub.freebsd.org (Postfix) with ESMTP id 43C6C37BAC9 for ; Tue, 28 Mar 2000 19:10:49 -0800 (PST) (envelope-from tlambert@usr05.primenet.com) Received: (from daemon@localhost) by smtp04.primenet.com (8.9.3/8.9.3) id UAA19866; Tue, 28 Mar 2000 20:09:46 -0700 (MST) Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp04.primenet.com, id smtpdAAA9JaWWM; Tue Mar 28 20:09:42 2000 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id UAA28005; Tue, 28 Mar 2000 20:10:39 -0700 (MST) From: Terry Lambert Message-Id: <200003290310.UAA28005@usr05.primenet.com> Subject: Re: Spam e-mail headers To: johnmpurser@home.com Date: Wed, 29 Mar 2000 03:10:38 +0000 (GMT) Cc: chat@FreeBSD.ORG In-Reply-To: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com> from "John Purser" at Mar 26, 2000 07:14:12 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm trying to track down the person to complain to about some SPAM I'm > receiving. > Return-Path: Attached by mail.rdc1.wa.home.com. > Received: from h3.mail.home.com ([24.2.2.27]) by mail.rdc1.wa.home.com > (InterMail v4.01.01.00 201-229-111) with ESMTP > id > <20000326081639.USHJ12749.mail.rdc1.wa.home.com@h3.mail.home.com> > for ; > Sun, 26 Mar 2000 00:16:39 -0800 Valid. > Received: from mx1-e.mail.home.com (mx1-e.mail.home.com [24.2.2.29]) > by h3.mail.home.com (8.9.3/8.9.0) with ESMTP id AAA17883; > Sun, 26 Mar 2000 00:16:38 -0800 (PST) Valid. > From: kasner@musician.org Attached by pimout4-int.prodigy.net. This is common, with SPAM. > Received: from pimout4-int.prodigy.net (pimout4-ext.prodigy.net > [207.115.63.103]) > by mx1-e.mail.home.com (8.9.1/8.9.1) with ESMTP id AAA24197; > Sun, 26 Mar 2000 00:16:38 -0800 (PST) Valid; immediately preceeds the supplied "From:". > Received: from smtp.prodigy.net (MIAMB106-30.splitrock.net [209.156.28.214]) > by pimout4-int.prodigy.net (8.8.5/8.8.5) with SMTP id DAA67476; > Sun, 26 Mar 2000 03:15:16 -0500 Valid. The crosscheck field (compare the DNS name in the comment field with the one claimed in the "helo"; the comment field is the one in parenthesis) indicates the real culprit is the machine MIAMB106-30.splitrock.net [209.156.28.214]. This mail server is incidently misconfigured, since it did not attach a "From:". > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for > ; Sun, 26 Mar 2000 00:58:57 -0600 (EST) Forged. Basically, hearders are nothing more than data, and the only think you can trust is DNS forward and reverse address matching, since there are two different authorities involved for a valid forward and reverse DNS cross-check. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message