keythumper Posted September 25, 2004 Share Posted September 25, 2004 Email from 204.244.210.162 / Tue, 21 Sep 2004 18:48:03 +0000 (GMT) http://www.spamcop.net/w3m?i=z1244847447zf...3c55f8e9e424d0z 204.244.210.162 is open proxy, see: http://www.spamcop.net/mky-proxies.html [ Offending message ] Return-Path: <expunged[at]easyaudiotex.com> Delivered-To: x Received: (qmail 20188 invoked by uid 0); 21 Sep 2004 18:50:42 -0000 X-OB-Received: from unknown (192.168.8.41) by mta7-1.us4.outblaze.com; 21 Sep 2004 18:50:42 -0000 Received: (qmail 6891 invoked by uid 1001); 21 Sep 2004 18:50:41 -0000 X-OB-Delivered-To: x X-OB-Received: from unknown (192.168.8.39) by as7-4.us4.outblaze.com; 21 Sep 2004 18:49:13 -0000 X-OB-Delivered-To: x X-OB-Received: from unknown (192.168.8.39) by as7-4.us4.outblaze.com; 21 Sep 2004 18:49:13 -0000 X-OB-Received: from unknown (208.36.123.56) by as7-2.us4.outblaze.com; 21 Sep 2004 18:48:04 -0000 Received: from knapet.com (unknown [204.244.210.162]) by spf7-2.us4.outblaze.com (Postfix) with SMTP id 34E6367C9C for <x>; Tue, 21 Sep 2004 18:48:03 +0000 (GMT) Received: from easyaudiotex.com (mail.easyaudiotex.com [194.224.162.125]) by knapet.com (Postfix) with ESMTP id BF61E87638 for <x>; Tue, 21 Sep 2004 13:31:28 -0500 === I would think 208.36.123.56 is the guilty party Link to comment Share on other sites More sharing options...
Wazoo Posted September 25, 2004 Share Posted September 25, 2004 I would think 208.36.123.56 is the guilty party I'd be willing to agree with you .... if you could explain how and why the X-Line: stuff should be considered "valid" .... If you'll look again at the parse output, you'll not that this IP / line isn't even looked at .... X-Line: stuff can be added anywhere, by anyone, therefore can't be trusted for much of anything. In tracking down the "chaining" of the servers that "handled" the e-mail, it's the "Received:" lines that count. Link to comment Share on other sites More sharing options...
keythumper Posted September 25, 2004 Author Share Posted September 25, 2004 I would think 208.36.123.56 is the guilty party I'd be willing to agree with you .... if you could explain how and why the X-Line: stuff should be considered "valid" .... If you'll look again at the parse output, you'll not that this IP / line isn't even looked at .... X-Line: stuff can be added anywhere, by anyone, therefore can't be trusted for much of anything. In tracking down the "chaining" of the servers that "handled" the e-mail, it's the "Received:" lines that count. 17813[/snapback] So now I will go have at my customer. Thanks for taking the time to explain this Link to comment Share on other sites More sharing options...
Merlyn Posted September 26, 2004 Share Posted September 26, 2004 If this is your customer (204.244.210.162) then you should pull the plug now.......... Looks like an open http proxy, socks 4 proxy and a socks 5 proxy. Probably other problems also. CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=204.244.210.162 XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4 http://www.spamhaus.org/query/bl?ip=204.244.210.162 DSBLLIST Distributed Sender Boycott List: single-stage relays tested by trusted users: list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=204.244.210.162 DSBLUNCONFIRMED Distributed Sender Boycott List: single-stage relays, multihop relays and listings by anonymous users: unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=204.244.210.162 DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?ip=204.244.210.162 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=204.244.210.162 DNSBLAUDSBL Distributed Server Boycott List: dsbl.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?ip=204.244.210.162 It won't be long before the list grows. Hope this helps. Link to comment Share on other sites More sharing options...
keythumper Posted September 27, 2004 Author Share Posted September 27, 2004 I have not had any new reports for this IP address yet. And yes, I do wish I had the ability to yank a few connections from time to time. For this IP block, we just do email, I have no access to the dhcp server. I will retest tomorrow, and then speak to the customer service manager. == no more keythumping for me tonight.. I'm done for today.. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.