dvv Posted October 10, 2018 Posted October 10, 2018 I hope I'm posting this in the right place. The source of the following message is identified as 11.1.0.1 instead of the correct 69.85.64.2. Of course, 11.1.0.1 is not even an IP address here, and it's got nothing to do with the DoD Network Information Center. Received: from mail.gvii.net (mail.gvii.net [69.85.64.2]) by some-hostname (8.15.2/8.15.2) with ESMTPS id w9AB6TEw000831 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits) verified NO) for <some-address>; Wed, 10 Oct 2018 07:06:32 -0400 (EDT) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (some-host [192.168.1.9]); Wed, 10 Oct 2018 07:06:32 -0400 (EDT) Received: from port174.gvii.net by mail.gvii.net (IceWarp 11.1.0.1 x64) with SMTP id 201810091625223366 for <some-address>; Tue, 09 Oct 2018 16:25:22 -0600 Received: from [113.149.138.213] by m1.gns.snv.thisdomainl.com with ASMTP; Tue, 09 Oct 2018 14:14:31 -0700 Received: from m1.gns.snv.thisdomainl.com ([Tue, 09 Oct 2018 14:02:44 -0700]) by snmp.otwaloow.com with SMTP; Tue, 09 Oct 2018 14:02:44 -0700 Received: from unknown (HELO mail.webhostings4u.com) (Tue, 09 Oct 2018 13:58:32 -0700) by public.micromail.com.au with ESMTP; Tue, 09 Oct 2018 13:58:32 -0700 Message-ID: <59DD4C5C.0B7404D2@gvii.net> Date: Tue, 09 Oct 2018 13:58:32 -0700 From: "\"Ирина\" <Erikvoaer@gvii.net>" User-Agent: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.3.1) Gecko/20030701 X-Accept-Language: en-us MIME-Version: 1.0 To: "Агния" <some-address> Subject: Стройная жена - залог семейного счастья Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PCFkb2N0eXBlIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgY2hhcnNldD0idXRmLTgiPg0K PC9oZWFkPg0KDQo8Ym9keT4NCgk8dGFibGUgd2lkdGg9IjExJSIgYm9yZGVyPSIwIj48dGJvZHk+ PHRyPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjwvdHI+PC90Ym9keT48L3Rh YmxlPiANCjxoMT7vu7/QpdCj0JTQldCZ0KLQlSDQkdCV0Jcg0KHQotCg0JXQodCh0JAg0Jgg0JPQ ntCb0J7QlNCQDQo8L2gxPg0KCTxicj4gDQo8dGFibGUgd2lkdGg9IjgwMCIgYm9yZGVyPSIxIj4N CiAgPHRib2R5Pg0KICAgIDx0cj4NCiAgICAgIDx0ZCBoZWlnaHQ9IjQ1IiBiZ2NvbG9yPSIjRkYw QjBGIiBzdHlsZT0iY29sb3I6ICNGRkZGRkYiPjxoMz7vu7/QlNC70Y8g0JzQo9CW0KfQmNCY0J0g 0Lgg0JbQldCd0KnQmNCdISDQkdC10Lcg0LTQuNC10YIsINGE0LjQt9C40YfQtdGB0LrQuNGFINC9 0LDQs9GA0YPQt9C+0Log0Lgg0LPQvtC70L7QtNCw0L3QuNC5ISDQlNC+IDEwINC60LMg0LfQsCDQ tNCy0LUg0L3QtdC00LXQu9C4ITwvaDM+PHRhYmxlIHdpZHRoPSI2NiUiIGJvcmRlcj0iMCI+PHRi b2R5Pjx0cj48dGQ+PC90ZD48dGQ+PC90ZD48dGQ+PC90ZD48L3RyPjwvdGJvZHk+PC90YWJsZT4g PC90ZD4NCiAgICA8L3RyPg0KICA8L3Rib2R5Pg0KPC90YWJsZT4NCjxwPjxocj4NCjxwPu+7v9Cj 0L3QuNC60LDQu9GM0L3Ri9C5INCh0L7RgdGC0LDQsiDQuCDQutC+0LzQv9C70LXQutGBINC80L7R idC90YvRhSDQutC+0LzQv9C+0L3QtdC90YLQvtCyPC9wPg0KICA8YnI+PHA+77u/0KHQvNC+0LbQ tdGC0LUg0L3QvtGB0LjRgtGMINGD0LTQvtCx0L3Rg9GOLCDQvNC+0LTQvdGD0Y4g0Lgg0LrRgNCw 0YHQuNCy0YPRjiDQvtC00LXQttC00YM8L3A+DQogIDx0YWJsZSB3aWR0aD0iMjIlIiBib3JkZXI9 IjAiPjx0Ym9keT48dHI+PHRkPjwvdGQ+PHRkPjwvdGQ+PHRkPjwvdGQ+PC90cj48L3Rib2R5Pjwv dGFibGU+PHA+77u/0J3QtSDQvdGD0LbQvdC+INC+0YLQutCw0LfRi9Cy0LDRgtGM0YHRjyDQvtGC INC70Y7QsdC40LzQvtC5INC10LTRizwvcD4NCiAgPGJyPjxwPu+7v9CS0L3QuNC80LDQvdC40LUg 0LzRg9C20YfQuNC9INC4INCy0L7RgdGC0L7RgNC20LXQvdC90YvQtSDQutC+0LzQv9C70LjQvNC1 0L3RgtGLINC/0L7QtNGA0YPQszwvcD4NCiAgPGFydGljbGU+PC9hcnRpY2xlPjxwPjxhIGhyZWY9 Imh0dHA6Ly9nZXRub3cuc3Uvc2xpbS8iIHRhcmdldD0iX2JsYW5rIj48c3Ryb25nPu+7v9Cj0LfQ vdCw0Lkg0LHQvtC70YzRiNC1INC90LAg0L3QsNGI0LXQvCDRgdCw0LnRgtC1ITwvc3Ryb25nPjwv YT48L3A+DQo8dGFibGUgd2lkdGg9IjA1JSIgYm9yZGVyPSIwIj48dGJvZHk+PHRyPjx0ZD48L3Rk PjwvdHI+PC90Ym9keT48L3RhYmxlPjxwPjxhIGhyZWY9Imh0dHA6Ly9nZXRub3cuc3Uvc2xpbS8i IHRhcmdldD0iX2JsYW5rIj5odHRwOi8vZ2V0bm93LnN1L3NsaW0vPC9hPjwvcD4NCjxwPiZuYnNw OzwvcD4NCjxwPiZuYnNwOzwvcD4NCjxwPjxhIGhyZWY9Imh0dHA6Ly9nZXRub3cuc3Uvc2xpbS8i IHN0eWxlPSJmb250LXNpemU6IDEwcHgiPu+7v9Ce0YLQv9C40YHQsNGC0YzRgdGPPC9hPjwvcD4N CjxwPiZuYnNwOzwvcD4NCjwvYm9keT4NCjwvaHRtbD4NCg==
Lking Posted October 10, 2018 Posted October 10, 2018 If you would provide a Tracking URL it would provide the rest of us more information to answer your implied question. The Tracking URL will also let us see how the parser reach the answer(s) it did.
dvv Posted October 10, 2018 Author Posted October 10, 2018 Sure thing: https://www.spamcop.net/sc?id=z6492105021z29c7d89b43fdd4de6196a9d7a0dc1f30z Thanks!
petzl Posted October 11, 2018 Posted October 11, 2018 9 hours ago, dvv said: Sure thing: https://www.spamcop.net/sc?id=z6492105021z29c7d89b43fdd4de6196a9d7a0dc1f30z Thanks! 11.1.0.1 Needs to go to "disa.columbus.ns.mbx.arin-registrations [at] mail [dot] mil" postmaster [ at] mail [dot]mil is a default address when SpamCop can't find one Russian spam? using a compromised email server 69.85.64.2 analyst [at] gvii [dot] net
RobiBue Posted October 11, 2018 Posted October 11, 2018 4 hours ago, petzl said: 11.1.0.1 Needs to go to "disa.columbus.ns.mbx.arin-registrations [at] mail [dot] mil" postmaster [ at] mail [dot]mil is a default address when SpamCop can't find one Russian spam? using a compromised email server 69.85.64.2 analyst [at] gvii [dot] net The 11.1.0.1 is not an IP address! It is the version number of the “IceWarp” system used by mail.gvii.net. SpamCop thinks that it’s an IP address because it is commented (in parentheses) after the host name... unfortunate misatribution...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.