Date: Sun, 26 Mar 2000 19:29:41 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: chat@freebsd.org Subject: Re: Spam e-mail headers Message-ID: <20000326192941.A49403@keltia.freenix.fr> In-Reply-To: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com>; from johnmpurser@home.com on Sun, Mar 26, 2000 at 07:14:12AM -0800 References: <000801bf9735$f19e2f80$40390918@vncvr1.wa.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
According to John Purser: > Anybody got any (useful) ideas? I think the Earthlink header is a red-herring, it is a fake one, probably generated by the spammer's software. I think the sucker's coming through Prodigy from a dialup in splitrock.net. Splitrock must be a customer of Prodigy's and they have access to Prodigy's SMTP server because of that. Complain to both Prodigy and Splitrock. > Received: from pimout4-int.prodigy.net (pimout4-ext.prodigy.net > [207.115.63.103]) > by mx1-e.mail.home.com (8.9.1/8.9.1) with ESMTP id AAA24197; > Sun, 26 Mar 2000 00:16:38 -0800 (PST) > Received: from smtp.prodigy.net (MIAMB106-30.splitrock.net [209.156.28.214]) > by pimout4-int.prodigy.net (8.8.5/8.8.5) with SMTP id DAA67476; > Sun, 26 Mar 2000 03:15:16 -0500 This header is probably genuine, having to relation whatsoever with the previous one. I'm a bit surprised they still run 8.8.5 though. > Received: from harrier.prod.itd.earthlink.net (207.217.121.12) by > earthlink.net (8.8.5/8.6.5) with SMTP id GAA01093 for > <blind@secondsight.org>; Sun, 26 Mar 2000 00:58:57 -0600 (EST) Faked. This Sendmail versions signature is a common point in several spamware. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #78: Sun Feb 27 15:32:39 CET 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000326192941.A49403>