Re: ARIN whois / virus mails
From: Darius Schock (dariusschock@go.com)Date: 11/07/02
- Next message: Barbara: "GPG or other PGP compatible encryption on AS400"
- Previous message: Jan Krumsiek: "Virtual drive with encryption"
- In reply to: name@company.com: "Re: ARIN whois / virus mails"
- Next in thread: Barry Margolin: "Re: ARIN whois / virus mails"
- Reply: Barry Margolin: "Re: ARIN whois / virus mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dariusschock@go.com (Darius Schock) Date: 6 Nov 2002 15:27:06 -0800
The complete header of one of the mails is:
Received: from [172.20.0.184] (helo=mailgate2.cinetic.de)
by mx09.web.de with esmtp (WEB.DE(Exim) 4.92 #34)
id 1897ld-0001TR-00
for xyz@web.de; Tue, 05 Nov 2002 18:45:33 +0100
Received: from mail.web.de (tal013-126.talnet.is [62.145.159.126])
by mailgate2.cinetic.de (8.11.2/8.11.2/WEBDE Linux 8.11.0-0.2) with
SMTP id gA5HjQU20776
for <xyz@web.de>; Tue, 5 Nov 2002 18:45:26 +0100
Message-Id: <200211051745.gA5HjQU20776@mailgate2.cinetic.de>
From: Mail Delivery System<MAILER-DAEMON@web.de>
To: xyz@web.de
Subject: Undelivered Mail Returned to Sender -goldfish
Date: Tue,05 Nov 2002 18:01:05 PM
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=jifrofd
Sender: MAILER-DAEMON@web.de
It was sent to my german web.de address, which I made unreadable to
avoid spam.
This one tried to mimic a "Delivery Failure" message. Others were
bearing a sender like john.smith@abc.x400.gc.ca (imaginary address).
Thanks for your replies so far!
D. Schock
name@company.com wrote in message news:<ofbgsu06a9p4hs8hr1j1umfgb0ovpnqur4@4ax.com>...
> On 5 Nov 2002 10:06:59 -0800, dariusschock@go.com (Darius Schock)
> wrote:
>
> >Dear NG,
> >
> >maybe I'm posting to the wrong group - if so, please point me to a
> >better matching one. If you can help, I'll be very tahnkful.
> >
> >Since a couple of days, I'm bothered with virus mails with forged
> >senders. I can extract the IP address from the mail header and make a
> >whois request at ARIN. But they return the registrar IANA.org, which
> >for me seems to be no ISP. How can I track the sender's ISP down to
> >contact their admin to have that annoyinfg mails stopped?
> >
> >The IP address is 172.20.0.184. Perhaps thhis one is familar to one of
> >you or has a special meaning...
> >
> >Many thanks in advance,
> >
> >D. Schock
> Post the complete headers - they're mostly forged but maybe there will
> be something useful.
- Next message: Barbara: "GPG or other PGP compatible encryption on AS400"
- Previous message: Jan Krumsiek: "Virtual drive with encryption"
- In reply to: name@company.com: "Re: ARIN whois / virus mails"
- Next in thread: Barry Margolin: "Re: ARIN whois / virus mails"
- Reply: Barry Margolin: "Re: ARIN whois / virus mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
