Date: Sat, 11 Dec 2010 10:41:48 -0500 From: Chris Brennan <xaero@xaerolimit.net> To: freebsd-questions@freebsd.org Cc: Ian Smith <smithi@nimnet.asn.au> Subject: Re: xpbargains.net spam [was: Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)'] Message-ID: <AANLkTimKZ1VNXm6MRbJLf5USPSvtuto1_Oz-9sTv=x-j@mail.gmail.com> In-Reply-To: <20101211002225.D61647@sola.nimnet.asn.au> References: <20101210060704.A3B641065783@hub.freebsd.org> <20101211002225.D61647@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 10, 2010 at 8:47 AM, Ian Smith <smithi@nimnet.asn.au> wrote: > In freebsd-questions Digest, Vol 340, Issue 11, Message: 27 > On Fri, 10 Dec 2010 00:54:37 -0500 > > On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol <onemda@gmail.com> wrote: > > No, he didn't. These mails are FORGED as being from freebsd-questions > participants, and on first glance may appear to be list postings. They > used to get posted to the list itself also, but postmaster@ blocked the > nuisance source back in August. However that doesn't stop them from > targetting individual list participants, like you. > > If you examine the full mail headers, it's likely to have originated > from the following IP address. If so, you just need to block that > address at your mailserver. But if they've moved, we need to know .. > > Quoting from a message to postmaster@ in August: > > > As Roland pointed out, the phishing/virus/whatever referral has switched > > from downwind.com.au to xpbargains.net, and possibly some others. > > > > Here's the business: > > > > % dig +short -x 64.38.11.26 > > allmail.0b2.net. > > % dig +short allmail.0b2.net. > > 64.38.11.26 > > % dig +short dusk.parklogic.com > > 64.38.11.26 > > > > If you can discard by Message-ID then every one of these, including the > > privately mailed ones, has @dusk.parklogic.com there. > > > > If you can block by IP, then that's the one. Or by hostname, every one > > so far has been relayed by allmail.0b2.net (that's a zero). > > So if the full headers reveal coming from that hostname or that IP or > any other IP in 64.38.11.26/29, just block that and move on. > > If it's a different address range now, please provide the full headers > for the message you received, with a copy to postmaster@freebsd.org > > Thanks, Ian (please cc me on any reply, I take this list as a digest) > Of all the mail I got on this subject, yours was the most informative. Thanks. But my question is this. Does GMail provide access to the full headers? For example when I click 'Show Details' I see the following and not much else > from Paul B Mahol <xx@xx.xx> > sender-time Sent at 4:30 AM (GMT+11:00). Current time there: 2:35 AM. > to Chris Brennan <xx@xx.xx> > cc FreeBSD-Questions <xx-xx@xx.xx>, Mark <xx@xx.xx> > date Mon, Nov 8, 2010 at 4:30 AM > subject Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)' The above header just arrived as I was typing this so I thought it an excellent example. Obviously, I've masked addresses but the point is the same, g-mail doesn't give much in the way of detail. Short of flagging one item as spam has the potential risk of sending all FreeBSD-Questions mail to the spam folder which is just a swirling vortex of nothingness that gets deleted. If it's managed to get routed there, it stays there, I rarely go digging for mail in my spam folder because I rarely find stuff that was sent to detention without rightfully being there. C-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimKZ1VNXm6MRbJLf5USPSvtuto1_Oz-9sTv=x-j>