Date: Wed, 29 Mar 2000 03:10:38 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: johnmpurser@home.com Cc: chat@FreeBSD.ORG Subject: Re: Spam e-mail headers Message-ID: <200003290310.UAA28005@usr05.primenet.com> In-Reply-To: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com> from "John Purser" at Mar 26, 2000 07:14:12 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm trying to track down the person to complain to about some SPAM I'm > receiving. > Return-Path: <kasner@musician.org> Attached by mail.rdc1.wa.home.com. > Received: from h3.mail.home.com ([24.2.2.27]) by mail.rdc1.wa.home.com > (InterMail v4.01.01.00 201-229-111) with ESMTP > id > <20000326081639.USHJ12749.mail.rdc1.wa.home.com@h3.mail.home.com> > for <johnmpurser@mail.vncvr1.wa.home.com>; > Sun, 26 Mar 2000 00:16:39 -0800 Valid. > Received: from mx1-e.mail.home.com (mx1-e.mail.home.com [24.2.2.29]) > by h3.mail.home.com (8.9.3/8.9.0) with ESMTP id AAA17883; > Sun, 26 Mar 2000 00:16:38 -0800 (PST) Valid. > From: kasner@musician.org Attached by pimout4-int.prodigy.net. This is common, with SPAM. > Received: from pimout4-int.prodigy.net (pimout4-ext.prodigy.net > [207.115.63.103]) > by mx1-e.mail.home.com (8.9.1/8.9.1) with ESMTP id AAA24197; > Sun, 26 Mar 2000 00:16:38 -0800 (PST) Valid; immediately preceeds the supplied "From:". > Received: from smtp.prodigy.net (MIAMB106-30.splitrock.net [209.156.28.214]) > by pimout4-int.prodigy.net (8.8.5/8.8.5) with SMTP id DAA67476; > Sun, 26 Mar 2000 03:15:16 -0500 Valid. The crosscheck field (compare the DNS name in the comment field with the one claimed in the "helo"; the comment field is the one in parenthesis) indicates the real culprit is the machine MIAMB106-30.splitrock.net [209.156.28.214]. This mail server is incidently misconfigured, since it did not attach a "From:". > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for > <blind@secondsight.org>; Sun, 26 Mar 2000 00:58:57 -0600 (EST) Forged. Basically, hearders are nothing more than data, and the only think you can trust is DNS forward and reverse address matching, since there are two different authorities involved for a valid forward and reverse DNS cross-check. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003290310.UAA28005>