Mailing List SIMS@mail.stalker.com Message #12278
From: Neil Herber <nospam@mail.eton.ca>
Subject: Re: Latest Viruses.
Date: Mon, 6 Jan 2003 10:35:00 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
It is rumored that on or about 2003-01-06 8:55 AM -0600, Chris Wagner wrote as follows:
Can someone please help explain this to me?

Chris

If you plug the headers into Spamcop it gives the following results:

Parsing header:

Received:  from 10.1.1.33 ([10.1.1.33] verified) by atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with SMTP id S.0000198408; Sat, 04 Jan 2003 11:42:55 -0600
10.1.1.33 discarded

Received:  from [207.241.128.21] (HELO smtp01.journey.com) by atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id S.0000198407 for <acinboard@atchisonkansas.net>; Sat, 04 Jan 2003 11:40:38 -0600
no from
Possible spammer: 207.241.128.21
Taking name from IP...
host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com.
207.241.128.21 is not an MX for smtp.journey.com.
host smtp.journey.com. (checking ip) ip = 207.241.128.20
207.241.128.21 is not an MX for smtp.journey.com.
smtp.journey.com. is 207.241.128.21
smtp.journey.com. = 207.241.128.21
Received line accepted

Received:  from Cpuarwpsq (mkc-65-30-67-139.kc.rr.com [65.30.67.139]) by smtp01.journey.com (Postfix) with SMTP id 313F97343B for <acinboard@atchisonkansas.net>; Sat, 4 Jan 2003 13:05:32 -0500 (EST)
host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com.
207.241.128.21 not listed in opm.blitzed.org
Possible spammer: 65.30.67.139
65.30.67.139 is not an MX for mkc-65-30-67-139.kc.rr.com
host mkc-65-30-67-139.kc.rr.com (checking ip) ip = 65.30.67.139
   Chain test:smtp01.journey.com =? smtp.journey.com.
   host smtp.journey.com. (checking ip) ip = 207.241.128.20
   207.241.128.20 is not an MX for smtp01.journey.com
   host smtp01.journey.com (checking ip) ip not found ; smtp01.journey.com discarded as fake.
   1 is not an MX for smtp.journey.com.
   207.241.128.20 is not an MX for smtp01.journey.com
   ips don't match; smtp01.journey.com discarded as fake
   smtp01.journey.com and smtp.journey.com. have same domain - chain verified
Possible relay: 207.241.128.21
Received line accepted

Tracking message source: 65.30.67.139:
Routing details for 65.30.67.139
[refresh/show] Cached whois for 65.30.67.139 : abuse@rr.com
abuse@rr.com: abuse net rr.com = abuse@rr.com
abuse net rr.com = abuse@rr.com
Using best contacts abuse@rr.com
Whois found abuse@rr.com
65.30.67.139 not listed in formmail.relays.monkeys.com
65.30.67.139 not listed in opm.blitzed.org
65.30.67.139 not listed in relays.ordb.org.
65.30.67.139 not listed in query.bondedsender.org

Possible open relay: 207.241.128.21
207.241.128.21 not listed in relays.ordb.org.

Report Spam to:

Re:207.241.128.21 (Automated open-relay testing system(s))
To: Internal spamcop handling: (testrelays) (Notes)

Re:65.30.67.139 (Administrator of network where email originates)
To: abuse@rr.com (Notes)


I did NOT report the spam to Spamcop since I did not get it.

http://spamcop.net/

--
Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster