Mailing List SIMS@mail.stalker.com Message #12279
From: Chris Wagner <ismgr@atchisonkansas.net>
Subject: Re: Latest Viruses.
Date: Mon, 06 Jan 2003 09:40:07 -0600
To: SIMS Discussions <SIMS@mail.stalker.com>
Neil,

Does this response mean that the message is originating from KC RoadRunner's
network?

I guess I'm not following the data you pasted in.

So SpamCop runs the source IP against RBL servers to see if it's listed
first, then to verify IP -> domain validity?

Is that right?

Thanks,

Chris

> From: Neil Herber <nospam@mail.eton.ca>
> Reply-To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Date: Mon, 6 Jan 2003 10:35:00 -0500
> To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Subject: Re: Latest Viruses.
>
> It is rumored that on or about 2003-01-06 8:55 AM -0600, Chris Wagner
> wrote as follows:
>> Can someone please help explain this to me?
>
> Chris
>
> If you plug the headers into Spamcop it gives the following results:
>
>> Parsing header:
>>
>> Received:  from 10.1.1.33 ([10.1.1.33] verified) by
>> atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with SMTP id
>> S.0000198408; Sat, 04 Jan 2003 11:42:55 -0600
>> 10.1.1.33 discarded
>>
>> Received:  from [207.241.128.21] (HELO smtp01.journey.com) by
>> atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id
>> S.0000198407 for <acinboard@atchisonkansas.net>; Sat, 04 Jan 2003
>> 11:40:38 -0600
>> no from
>> Possible spammer: 207.241.128.21
>> Taking name from IP...
>> host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com.
>> 207.241.128.21 is not an MX for smtp.journey.com.
>> host smtp.journey.com. (checking ip) ip = 207.241.128.20
>> 207.241.128.21 is not an MX for smtp.journey.com.
>> smtp.journey.com. is 207.241.128.21
>> smtp.journey.com. = 207.241.128.21
>> Received line accepted
>>
>> Received:  from Cpuarwpsq (mkc-65-30-67-139.kc.rr.com
>> [65.30.67.139]) by smtp01.journey.com (Postfix) with SMTP id
>> 313F97343B for <acinboard@atchisonkansas.net>; Sat, 4 Jan 2003
>> 13:05:32 -0500 (EST)
>> host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com.
>> 207.241.128.21 not listed in opm.blitzed.org
>> Possible spammer: 65.30.67.139
>> 65.30.67.139 is not an MX for mkc-65-30-67-139.kc.rr.com
>> host mkc-65-30-67-139.kc.rr.com (checking ip) ip = 65.30.67.139
>> Chain test:smtp01.journey.com =? smtp.journey.com.
>> host smtp.journey.com. (checking ip) ip = 207.241.128.20
>> 207.241.128.20 is not an MX for smtp01.journey.com
>> host smtp01.journey.com (checking ip) ip not found ;
>> smtp01.journey.com discarded as fake.
>> 1 is not an MX for smtp.journey.com.
>> 207.241.128.20 is not an MX for smtp01.journey.com
>> ips don't match; smtp01.journey.com discarded as fake
>> smtp01.journey.com and smtp.journey.com. have same domain - chain verified
>> Possible relay: 207.241.128.21
>> Received line accepted
>>
>> Tracking message source: 65.30.67.139:
>> Routing details for 65.30.67.139
>> [refresh/show] Cached whois for 65.30.67.139 : abuse@rr.com
>> abuse@rr.com: abuse net rr.com = abuse@rr.com
>> abuse net rr.com = abuse@rr.com
>> Using best contacts abuse@rr.com
>> Whois found abuse@rr.com
>> 65.30.67.139 not listed in formmail.relays.monkeys.com
>> 65.30.67.139 not listed in opm.blitzed.org
>> 65.30.67.139 not listed in relays.ordb.org.
>> 65.30.67.139 not listed in query.bondedsender.org
>>
>> Possible open relay: 207.241.128.21
>> 207.241.128.21 not listed in relays.ordb.org.
>>
>> Report Spam to:
>>
>> Re:207.241.128.21 (Automated open-relay testing system(s))
>> To: Internal spamcop handling: (testrelays) (Notes)
>>
>> Re:65.30.67.139 (Administrator of network where email originates)
>> To: abuse@rr.com (Notes)
>>
>
> I did NOT report the spam to Spamcop since I did not get it.
>
> http://spamcop.net/
>
> --
> Neil
>
> Neil Herber
> Corporate info at http://www.eton.ca/
> Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
> Tel: (613) 829-4668
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <SIMS@mail.stalker.com>.
> To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
> Send administrative queries to  <SIMS-request@mail.stalker.com>
>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster