From owner-freebsd-questions Fri May 2 01:34:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA20310 for questions-outgoing; Fri, 2 May 1997 01:34:07 -0700 (PDT) Received: from theta.pair.com (theta.pair.com [207.86.128.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA20304 for ; Fri, 2 May 1997 01:34:04 -0700 (PDT) Received: from adam.netsonic.com (gb_noc81.sparknet.net [207.250.20.81]) by theta.pair.com (8.8.5/8.6.12) with SMTP id EAA20098 for ; Fri, 2 May 1997 04:30:30 -0400 (EDT) X-Envelope-To: Message-Id: <3.0.32.19970502033913.0069cdf4@mail.netsonic.com> X-Sender: adam@mail.netsonic.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 02 May 1997 03:39:15 -0500 To: questions@FreeBSD.ORG From: "Adam L. Simpson" Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk amazing how the abuse autoresponders from agis and cyberpromo are virtually the same.. hmmm.. who is copying who... we know agis provides horseshit connectivity and cyber is just horseshit period... One to grow on.. At 01:12 AM 5/2/97 -0500, you wrote: >At 01:03 PM 4/27/97 -0700, Craig W. Shaver wrote: >>When you get this kind of email expand the headers, most of the from >>and reply addresses are forged, but the received list should show >>a good ip address. Do a traceroute to each of the addresses, and >>send email to root, postmaster, and abuse at each of the addresses. >>Copy the headers and your traceroutes into your replies. > >I don't have the full thread for this, but did anyone mention that the >headers can be forged. Only the first 2 lines of the header can be >trusted, as they are added by the local sendmail. > > > >Here is the header from this message, as I don't have a truely creative >bogus header handy: > >Received: by mixcom.mixcom.com (8.6.12/2.2) > id PAA14271; Sun, 27 Apr 1997 15:26:51 -0500 >Received: from ns3.harborcom.net(206.158.4.7) by mixcom.mixcom.com via smap >(V1.3) > id sma014261; Sun Apr 27 20:26:41 1997 > >(everything after this can be pure BS) > >Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) > by ns3.harborcom.net (8.8.5/8.8.4) with ESMTP > id QAA10827; Sun, 27 Apr 1997 16:25:47 -0400 (EDT) >Received: from localhost (daemon@localhost) > by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA26277; > Sun, 27 Apr 1997 13:03:12 -0700 (PDT) >Received: (from root@localhost) > by hub.freebsd.org (8.8.5/8.8.5) id NAA26254 > for questions-outgoing; Sun, 27 Apr 1997 13:03:04 -0700 (PDT) >Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2]) > by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA26249 > for ; Sun, 27 Apr 1997 13:03:00 -0700 (PDT) >Received: from tuna.ProGroup.COM (tuna.progroup.com [206.24.122.5]) by >seabass.progroup.com (8.7.5/8.7.3) with SMTP id NAA25931; Sun, 27 Apr 1997 >13:01:19 -0700 (PDT) >Received: by tuna.ProGroup.COM (SMI-8.6/SMI-SVR4) > id NAA02441; Sun, 27 Apr 1997 13:03:08 -0700 >From: craig@tuna.progroup.com (Craig W. Shaver) >Message-Id: <199704272003.NAA02441@tuna.ProGroup.COM> >Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! >To: tomdean@ix.netcom.com >Date: Sun, 27 Apr 1997 13:03:08 -0700 (PDT) >Cc: questions@freebsd.org >In-Reply-To: <3363715E.156@ix.netcom.com> from "Thomas D. Dean" at Apr 27, >97 08:31:42 am >X-Mailer: ELM [version 2.4 PL25] >MIME-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Sender: owner-questions@freebsd.org >X-Loop: FreeBSD.org >Precedence: bulk >X-UIDL: 8c32cdb617d4289c6d5d1b1df50af7c8 > > > >------------------------------------------- >Jeff Mountin - System/Network Administrator >jeff@mixcom.net > >MIX Communications >Serving the Internet since 1990 > >