Re: mail headers question
From: James Riden (j.riden_at_massey.ac.nz)
Date: 04/22/04
- Previous message: Doug McIntyre: "Re: mail headers question"
- In reply to: al: "mail headers question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Apr 2004 09:44:03 +1200
"al" <al@somplace.com> writes:
> Here's a sample spam headers that I received today.
> There are three domain addresses here:
> counsellor.com, fia74-110.dsl.hccnet.nl and iwexx.japan.com
> My question is, which address do I need to block so that I don't receive
> spam from this source again.
>
> Return-Path: <tfzqzxa@counsellor.com>
> Received: from fia74-110.dsl.hccnet.nl (fia74-110.dsl.hccnet.nl
> [62.251.110.74])
> by mydomain.com (8.12.8/8.12.8) with SMTP id i3KD8X56523724
> for <al@mydomain.com>; Tue, 20 Apr 2004 06:08:35 -0700
> Received: from iwexx.japan.com [72.224.120.76] by 62.251.110.74 with wbttrf
62.251.110.74 looks like a trojaned box or an exploited proxy.
http://cbl.abuseat.org/lookup.cgi?ip=62.251.110.74&.submit=Lookup
We're looking up against the CBL (or rather xbl.spamhaus.org, but same
thing pretty much) and it's catching a lot of spam from compromised
home machines.
(I honestly can't think of a good place to set follow-ups to. nanae
tends to be more heat than light sometimes.)
cheers,
Jamie
-- James Riden / j.riden@massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/
- Previous message: Doug McIntyre: "Re: mail headers question"
- In reply to: al: "mail headers question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
