From owner-freebsd-questions@FreeBSD.ORG Mon Mar 21 06:07:59 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66CFB16A4CE for ; Mon, 21 Mar 2005 06:07:59 +0000 (GMT) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65E3C43D49 for ; Mon, 21 Mar 2005 06:07:58 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 27947 invoked by uid 510); 21 Mar 2005 06:08:42 +0000 Received: from 84.92.24.252 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.83/710. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(84.92.24.252):SA:0(-1.6/5.0):. Processed in 2.986768 secs); 21 Mar 2005 06:08:42 -0000 X-Spam-Status: No, hits=-1.6 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(84.92.24.252):SA:0(-1.6/5.0):. Processed in 2.986768 secs Process 27940) Received: from mail.bathnetworks.com (HELO ?84.92.24.252?) (bsd@bathnetworks.com@84.92.24.252) by lmail.bathnetworks.co.uk with SMTP; 21 Mar 2005 06:08:39 +0000 From: Robert Slade To: "freebsd-questions@freebsd.org" In-Reply-To: <20050320134224.30F9.GERARD-SEIBERT@suscom.net> References: <20050320172230.4141B16A4F2@hub.freebsd.org> <20050320134224.30F9.GERARD-SEIBERT@suscom.net> Content-Type: text/plain Message-Id: <1111385318.27569.15.camel@lmail.bathnetworks.co.uk> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Mon, 21 Mar 2005 06:08:39 +0000 Content-Transfer-Encoding: 7bit Subject: Re: Ebay Phishing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 06:07:59 -0000 On Sun, 2005-03-20 at 18:42, Gerard Seibert wrote: > On Sun, 20 Mar 2005 10:22:23 -0600 Chris wrote: > ||> > ||>Robert Slade wrote: > ||>> Hi all, > ||>> > ||>> Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail > ||>> address that I only use for this mail list. Both mails where from > ||>> Comcast users !! > ||>> > ||>> Rob > ||> > ||>Sounds like someone from Comcast is on this list AND using a Windows box > ||>AND is infected. > ||> > ||>Shame on you > ||> > ||>-- > ||>Best regards, > ||>Chris > ||> > ||>If you have always done it that way, it is probably wrong. > > > ********** Reply Separator ********** > Sunday, March 20, 2005 1:35:28 PM > > 1) Did you actually confirm that the email originated from Comcast Yes: Received: from c-24-13-45-69.client.comcast.net (HELO 192.168.0.101) (24.13.45.69) Direct to my mail server. It is also significant that the sending IP is listed on a number of blacklists including SORBS. > 2) Did you report the email to Comcast as well as spoof@ebay.com Yes, Ebay appear to have done something, Comcast not as the machine is still sending. > 3) Why does it have to be a Windows box? Anyone can access this forum > and harvest email addresses. Not my comment, but that is the most likely cause. Although there may be more to it. BTW I have just got a spam e-mail to the same address, this one came from a rr IP. It was advertising a site in ru space and the ebay one leads back to a ru site too. Rob