Re: suspect hack of smtp for spam attacks
From: A. Marshall (angus@n-gate.net.spamfree)
Date: 01/31/03
- Next message: A. Marshall: "Re: Port number query"
- Previous message: Chris Lount: "Does this work? ( iptables )"
- In reply to: Neil: "Re: suspect hack of smtp for spam attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "A. Marshall" <angus@n-gate.net.spamfree> Date: Thu, 30 Jan 2003 23:37:13 +0000
Neil wrote:
> Jayne Heger wrote:
<headers from MSN rejection start here>
>> Return-path: <>
>> Delivery-date: Wed, 29 Jan 2003 01:51:30 +0000
>> Received: from cpimssmtpoa06.msn.com ([207.46.181.62])
>> by chaos.uk.clara.net with esmtp (Exim 4.12)
>> id 18dhNy-0002xD-00
>> for ajayne@sphynx.clara.co.uk; Wed, 29 Jan 2003 01:51:30 +0000
>> Received: from cpimssmtpa69.msn.com ([207.46.181.149]) by
>> cpimssmtpoa06.msn.com with Microsoft SMTPSVC(5.0.2195.4905);
>> Tue, 28 Jan 2003 17:51:07 -0800
>> X-MSN-Trace: {F0E67DB3-ED2F-442E-B5DD-D679C7A0F207}
>> From: postmaster@msn.com
>> To: ajayne@sphynx.clara.co.uk
>> Date: Tue, 28 Jan 2003 17:47:11 -0800
>> MIME-Version: 1.0
>> Content-Type: multipart/report;
>> report-type=delivery-status;
>> boundary="9B095B5ADSN=_01C2C736A02C5DBE00001893cpimssmtpa69.msn"
>> Message-ID: <mCvoXM7e0000017d5@cpimssmtpa69.msn.com>
>> Subject: Delivery Status Notification (Failure)
>> X-OriginalArrivalTime: 29 Jan 2003 01:51:07.0915 (UTC)
>> FILETIME=[E41F55B0:01C2C738]
>> X-Envelope-To: ajayne@sphynx.clara.co.uk
>> X-claradeliver-Version: 4.17.0
>> X-UIDL: 1043805090.11369.chaos.uk.clara.net
>> X-RCPT: ajayne
>> Status: R
>> X-Status: N
<and end here>
>> This is an automatically generated Delivery Status Notification.
>>
>> Delivery to the following recipients failed.
>>
>> hprinston@hotmail.msn.com
>> hpzoeller@hotmail.msn.com
>> hqnnguyen@hotmail.msn.com
>> hra4@hotmail.msn.com
>> hrocky330@hotmail.msn.com
>> hroom@hotmail.msn.com
>> hrpen@hotmail.msn.com
>> hrtkk@hotmail.msn.com
>> hsaenger@hotmail.msn.com
>> hsea@hotmail.msn.com
>> hsklp@hotmail.msn.com
>> hslhk@hotmail.msn.com
>>
>>
<headers on original spam start here>
>> X-MSN-Trace: {4CD4E441-BF18-4726-AF32-C3ADC5B57488}
>> Received: from 140.130.141.1 ([140.130.141.1]) by cpimssmtpa69.msn.com
NOTE the IP address of the server which relayed to MSN.......
>> with Microsoft SMTPSVC(5.0.2195.5600);
>> Tue, 28 Jan 2003 17:47:00 -0800
>> From: "denise hooper" <ajayne@sphynx.clara.co.uk>
>> Reply-To: "denise hooper" <ajayne@sphynx.clara.co.uk>
>> To: houlberg6@msn.com
>> Date: Tue, 28 Jan 2003 19:51:16 -0600
>> Subject: 1 month supply free /
>> MIME-Version: 1.0
>> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
>> Content-Type: text/plain; charset=us-ascii
>> Content-Transfer-Encoding: 7bit
>> Return-Path: ajayne@sphynx.clara.co.uk
>> Message-ID: <CPIMSSMTPA69xzmeWgU00000cfa@cpimssmtpa69.msn.com>
>> X-OriginalArrivalTime: 29 Jan 2003 01:47:01.0156 (UTC)
>> FILETIME=[510AE640:01C2C738]
<and end here>
<SNIP>
>
> Hello
>
> You are correct to be worried. Being as all of these hotmail address
> begin with H, i would say theyre part of a bigger list.
>
> Somehow you must be relaying...
>
> Check your server with the tools provided at www.abuse.net and sort it
> out before you get in to the RBL.
>
> Thanks
>
> Neil
What makes you think she's relaying ? The inner set of headers (the original
headers) make no mention of her domain or IP. Looks more like a spammer
using a known good e-mail address so they don't see the inevitable bounced
from their randomly generated names.
-- +---+ | n | n-gate ltd. http://www.n-gate.net/ +---+
- Next message: A. Marshall: "Re: Port number query"
- Previous message: Chris Lount: "Does this work? ( iptables )"
- In reply to: Neil: "Re: suspect hack of smtp for spam attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
