Dilbertic Posted August 21, 2004 Share Posted August 21, 2004 I reported my held mail as normal last night before bed and when I checked my mail today the message was flaged in my mailbox as I was the spammer and sent the message. So I have a email from my abuse desk asking whats going on. See message below: Return-Path: <NXBLFKYD[at]saini.com> Delivered-To: x Received: (qmail 5084 invoked from network); 20 Aug 2004 21:06:41 -0000 Received: from unknown (192.168.1.101) by blade1.cesmail.net with QMQP; 20 Aug 2004 21:06:41 -0000 Received: from emailwest.com (64.62.213.111) by mailgate.cesmail.net with SMTP; 20 Aug 2004 21:06:40 -0000 Received: from HOST ([218.14.185.67]) by emailwest.com for <x>; Fri, 20 Aug 2004 14:06:32 -0700 X-Message-Info: 1thwpwuk7sbF/wsRlwHChfrOAvbI714Jlf Received: from bloch (46.19.109.48) by mrm20.argentina.phenylalanine.childbear.knowhere.ch (InterMail vY.9.70.78.02 25-6-2-89-395-88340132) with ESMTP id <43811.AAYHN8349.cf46-mail.brevet.pa.net.cable.rogers.com[at]maximilian> for <x>; Sat, 21 Aug 2004 10:57:13 -0200 Message-ID: <0361________________________________s999[at]agricola> Reply-To: "Harley Rowland" <NXBLFKYD[at]saini.com> From: "Harley Rowland" <NXBLFKYD[at]saini.com> To: <x> Subject: Shipped Right To You Date: Sat, 21 Aug 2004 07:00:13 -0600 MIME-Version: 1.0 Link to comment Share on other sites More sharing options...
Dilbertic Posted August 21, 2004 Author Share Posted August 21, 2004 And another one from my isp abuse desk, spamcop traced it to my machine it says and it's pretty locked down, so the spammers must have found a way to fool spamcop or spamcop is not tracing the headers right: Return-Path: <j_christian_ni[at]terena.nl> Delivered-To: x Received: (qmail 26484 invoked from network); 21 Aug 2004 03:20:33 -0000 Received: from unknown (192.168.1.101) by blade2.cesmail.net with QMQP; 21 Aug 2004 03:20:33 -0000 Received: from emailwest.com (64.62.213.111) by mailgate.cesmail.net with SMTP; 21 Aug 2004 03:20:33 -0000 Received: from star-ag.ch ([202.82.193.105]) by emailwest.com for <x>; Fri, 20 Aug 2004 20:20:24 -0700 Received: from 241.181.190.181 by smtp.terena.nl; Sat, 21 Aug 2004 03:02:06 +0000 Message-ID: <e133______________________0e97[at]star-ag.ch> From: "Jaclyn M. Christian" <j_christian_ni[at]terena.nl> To: x Subject: Buy cheap Pharmaceuticals through us! Date: Sat, 21 Aug 2004 07:01:42 +0400 MIME-Version: 1.0 Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 21, 2004 Share Posted August 21, 2004 1. Are these messages that YOU have reported. 2. If so, do you have Mailhosts configuration complete? Posting the spam here is not needed or wanted. We would need to see the tracking URL from the results report for the messages to see why it is reporting your IP address. This is another case where all reports should be at least looked at for accuracy. Link to comment Share on other sites More sharing options...
Dilbertic Posted August 21, 2004 Author Share Posted August 21, 2004 I have no idea if I reported it or not, I might have... I have gotten abuse emails with a link to spamcop, if I respond to the spamcop message it comes into my mailbox, so I am guessing I reported it..... This is the spamcop logic... No idea what is needed to I copied and pasted it... Thanks, Owen Parsing header: 0: Received: from unknown (192.168.1.101) by blade2.cesmail.net with QMQP; 21 Aug 2004 03:20:33 -0000 Internal handoff at SpamCop 1: Received: from emailwest.com (64.62.213.111) by mailgate.cesmail.net with SMTP; 21 Aug 2004 03:20:33 -0000 Hostname verified: emailwest.com SpamCop received mail from sending system 64.62.213.111 2: Received: from star-ag.ch ([202.82.193.105]) by emailwest.com for <x>; Fri, 20 Aug 2004 20:20:24 -0700 No unique hostname found for source: 202.82.193.105 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source: 64.62.213.111: Routing details for 64.62.213.111 [refresh/show] Cached whois for 64.62.213.111 : hostmaster[at]he.net Using best contacts abuse[at]he.net Message is 17 hours old 64.62.213.111 not listed in dnsbl.njabl.org 64.62.213.111 not listed in dnsbl.njabl.org 64.62.213.111 not listed in cbl.abuseat.org 64.62.213.111 not listed in dnsbl.sorbs.net 64.62.213.111 not listed in relays.ordb.org. 64.62.213.111 not listed in query.bondedsender.org 64.62.213.111 not listed in iadb.isipp.com Finding links in message body Parsing HTML part Resolving link obfuscation Tracking link: http://edited [report history] Cannot resolve http://www.worldwidemedstoday.com/?wid=000023 Reports regarding this spam have already been sent: Re: 64.62.213.111 (Administrator of network where email originates) Reportid: 1186940734 To: abuse[at]he.net If reported today, reports would be sent to: Re: 64.62.213.111 (Administrator of network where email originates) abuse[at]he.net Re: 64.62.213.111 (Third party interested in email source) Link to comment Share on other sites More sharing options...
DavidT Posted August 21, 2004 Share Posted August 21, 2004 I'm guessing that you might have a "Mailhosts" problem. Did you configure a "Mailhost"? If so, then the parsing problems are probably due to a problem there and you'll want to take this issue up in the Mailhosts forum. dt Link to comment Share on other sites More sharing options...
Wazoo Posted August 21, 2004 Share Posted August 21, 2004 To take DavidT's query one more level ... did you configure MailHost for "this account" I think is the issue. .. or for some reason, this account was never completed .. .. but, need to point out that you were the one that "allowed / directed" these spam reports to go out to your own ISP. Link to comment Share on other sites More sharing options...
Dilbertic Posted August 22, 2004 Author Share Posted August 22, 2004 I haven't changed a thing for sometime now with my mail setup. I completed my mailhost setup months ago!! I guess I can run it again and see what happens. As for reporting it as spam, I get about 100 to 400 spams a day and I look down the held mail list for misstakes and then report the spam. Owen Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 I don't read "looked down the held mail list" as "checked the parsing reults and target complaint address" ... the result of which would be quite different. Link to comment Share on other sites More sharing options...
dbiel Posted August 22, 2004 Share Posted August 22, 2004 As for reporting it as spam, I get about 100 to 400 spams a day and I look down the held mail list for misstakes and then report the spam.Unless your crystal ball works 1000 times better than mine, I have no idea how you can identify a forgery or predict exactly how the parcer is going to handle all the headers and links in each message by simply looking down the held mail list for misstakes That approach works great for finding false positives, but thats about all Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 Just a bit of update .... Dilbertic did re-do the mail-host configuration and per the Tracking URL provided in the Topic opened up in the Mail-Host Forum, this immediate issue is now resolved. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.