btech Posted November 12, 2006 Share Posted November 12, 2006 I've recently noticed some messages that come into my held folder that have screwed up headers and always seem to be addressed to my cesmail.net account. I wonder if this is an issue with cesmail or a lame spammer? Here's a recent one: Return-Path: <rogert[at]bigsky.net> Delivered-To: x[at]cesmail.net Received: (qmail 25765 invoked from network); 12 Nov 2006 19:47:31 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade4 X-spam-Level: ******************** X-spam-Status: hits=20.9 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC,INFO_TLD, INVALID_MSGID,MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT, MSGID_LONG,MSGID_SPAM_LETTERS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME, TO_CC_NONE,URIBL_BLACK,URIBL_SBL version=3.1.1 Received: from unknown (192.168.1.101) by blade4.cesmail.net with QMQP; 12 Nov 2006 19:47:31 -0000 Received: from pdbn-590d2017.pool.einsundeins.de (89.13.32.23) by mailgate.cesmail.net with SMTP; 12 Nov 2006 19:47:31 -0000 Message-ID: <000001c70692$e2002280$17200d59[at]viper-ko> From: "Rogert" <rogert[at]bigsky.net> To: <x[at]cesmail.net> Subject: Be healthy, be wealthy! Date: Sun, 12 Nov 2006 20:43:53 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms000106010209000304010407" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms000106010209000304010407 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Hello! Last time you've asked me about Canadian pharmacy shops. After some researches I can surely say that MyCanadianPharmacy drug store sells high-quality medications only. There is no need to be aware of quality. Their medications are the same we have here in USA. But they give us opportunity to buy these meds at lower prices. Cialis as low as $5.67 Viagra Soft Tabs as low as $4.1 Generic Viagra as low as $3.5=20 Cialis Soft Tabs as low as $5.76 --------------ms000106010209000304010407 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> <META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><STRONG>Hello!</STRONG></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><EM>Last time you've asked me about <STRONG><A href=3D"http://gtsodg.keylimetech.info/?35240320&men"><FONT = color=3D#ff0000>Canadian pharmacy shops</FONT></A></STRONG>.<BR>After = some=20 researches I can surely say that MyCanadianPharmacy<BR>drug store sells=20 high-quality medications only. There is no need to be<BR>aware of = quality. Their=20 medications are the same we have here in USA.<BR>But they give us = opportunity to=20 buy these meds at lower prices.</EM></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><A href=3D"http://gtsodg.keylimetech.info/?35240320&men"><STRONG>Cialis</STRONG></A><STRONG> as low as=20 $5.67<BR></STRONG><A href=3D"http://gtsodg.keylimetech.info/?35240320&men"><STRONG>Viagra Soft = Tabs</STRONG></A><STRONG>=20 as low as $4.1<BR></STRONG><A href=3D"http://gtsodg.keylimetech.info/?35240320&men"><STRONG>Generic=20 Viagra</STRONG></A><STRONG> as low as $3.5 <BR></STRONG><A=20 href=3D"http://gtsodg.keylimetech.info/?35240320&men"><STRONG>Cialis Soft Tabs</STRONG></A><STRONG> as low as=20 $5.76</STRONG><SMALL><BR></SMALL></DIV></BODY></HTML> --------------ms000106010209000304010407-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=20 I usually move the X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=20 Back to the other 'X' portions of the header and space out This is a multi-part message in MIME format. --------------ms000106010209000304010407 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable to fit and allow the parser to function, but I wonder what the cause of this issue is? I receive 1-2 of these types of messages a day. Link to comment Share on other sites More sharing options...
Wazoo Posted November 12, 2006 Share Posted November 12, 2006 What I would suggest is that the spam was sent without the 'required' blank line between the headers and body .... unfortunately, what you are admitting to doing here is against the reporting rules .... That said, are all of these 'bad' ones seen as coming from the same server? In this case, blade4 was involved .... if all are connected to blade4, then yes, there actually could be an issue ... but I suspect, you won't find this to be the case .... Link to comment Share on other sites More sharing options...
btech Posted November 13, 2006 Author Share Posted November 13, 2006 What I would suggest is that the spam was sent without the 'required' blank line between the headers and body .... unfortunately, what you are admitting to doing here is against the reporting rules .... That said, are all of these 'bad' ones seen as coming from the same server? In this case, blade4 was involved .... if all are connected to blade4, then yes, there actually could be an issue ... but I suspect, you won't find this to be the case .... I know it's against the rules, but I assumed that it was a Spamcop error, not the spammer, so I thought it was OK. I'll delete these in the future. As for the server, yes, they're coming from blade 4 several times, but also blade 3... Here's some more: Return-Path: <ralph[at]airkinginc.com> Delivered-To: x[at]cesmail.net Received: (qmail 1622 invoked from network); 8 Nov 2006 22:25:18 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade4 X-spam-Level: *********************************** X-spam-Status: hits=35.1 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC,INVALID_MSGID, MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT,MSGID_LONG, MSGID_SPAM_LETTERS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,SARE_ADULT2, TO_CC_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.1.1 Received: from unknown (192.168.1.103) by blade4.cesmail.net with QMQP; 8 Nov 2006 22:25:18 -0000 Received: from unknown (HELO NEILL01) (62.77.167.65) by mx53.cesmail.net with SMTP; 8 Nov 2006 22:25:17 -0000 Message-ID: <000001c70385$9a715200$41a74d3e[at]neill01> From: "Adam" <ralph[at]airkinginc.com> To: <x[at]cesmail.net> Subject: Girls don't like you? Date: Wed, 08 Nov 2006 22:31:16 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms000906010805060500070007" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms000906010805060500070007 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Forget about sexual problems! [SNIP] anymore!</FONT></A></EM></DIV></BODY></HTML> --------------ms000906010805060500070007-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=35 Return-Path: <robert[at]darintlfurniture.com> Delivered-To: x[at]cesmail.net Received: (qmail 12809 invoked from network); 9 Nov 2006 21:22:37 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade3.cesmail.net X-spam-Level: *********************************** X-spam-Status: hits=35.9 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC,INFO_TLD, INVALID_MSGID,MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT, MSGID_LONG,MSGID_SPAM_LETTERS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME, SARE_ADULT2,TO_CC_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.1.1 Received: from unknown (192.168.1.101) by blade3.cesmail.net with QMQP; 9 Nov 2006 21:22:37 -0000 Received: from ejh248.neoplus.adsl.tpnet.pl (83.21.149.248) by mailgate.cesmail.net with SMTP; 9 Nov 2006 21:22:14 -0000 Message-ID: <000001c70445$1bdbe980$f8951553[at]komp1> From: "Richard" <robert[at]darintlfurniture.com> To: <x[at]cesmail.net> Subject: Get medications for your cure! Date: Thu, 09 Nov 2006 22:22:07 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms010009020106090005040706" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms010009020106090005040706 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Forget about sexual problems! {SNIP} anymore!</FONT></A></EM></DIV></BODY></HTML> --------------ms010009020106090005040706-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=35 Return-Path: <rogert[at]hdk-usa.com> Delivered-To: x[at]cesmail.net Received: (qmail 16843 invoked from network); 9 Nov 2006 23:14:07 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade3.cesmail.net X-spam-Level: *********************************** X-spam-Status: hits=35.1 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC,INVALID_MSGID, MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT,MSGID_LONG, MSGID_SPAM_LETTERS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,SARE_ADULT2, TO_CC_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.1.1 Received: from unknown (192.168.1.101) by blade3.cesmail.net with QMQP; 9 Nov 2006 23:14:07 -0000 Received: from adsl-ull-197-214.47-151.net24.it (HELO utente-18a01aa9) (151.47.214.197) by mailgate.cesmail.net with SMTP; 9 Nov 2006 23:13:56 -0000 Message-ID: <000001c70454$a9730580$c5d62f97[at]utente-18a01aa9> From: "Richard" <rogert[at]hdk-usa.com> To: <x[at]cesmail.net> Subject: Don't have time to visit local drug store? Date: Fri, 10 Nov 2006 00:13:27 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms050401020504070607040500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms050401020504070607040500 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Forget about sexual problems! {SNIP} anymore!</FONT></A></EM></DIV></BODY></HTML> --------------ms050401020504070607040500-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=35 Return-Path: <richard[at]csuchico.edu> Delivered-To: x[at]cesmail.net Received: (qmail 18495 invoked from network); 10 Nov 2006 04:15:37 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade3.cesmail.net X-spam-Level: *********************************** X-spam-Status: hits=35.1 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC, HELO_DYNAMIC_IPADDR,INVALID_MSGID,MISSING_HB_SEP,MISSING_HEADERS, MISSING_SUBJECT,MSGID_LONG,MSGID_SPAM_LETTERS,RATWARE_MS_HASH, RATWARE_OUTLOOK_NONAME,SARE_ADULT2,TO_CC_NONE,URIBL_BLACK, URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.1.1 Received: from unknown (192.168.1.101) by blade3.cesmail.net with QMQP; 10 Nov 2006 04:15:37 -0000 Received: from triband-del-59.177.0.136.bol.net.in (59.177.0.136) by mailgate.cesmail.net with SMTP; 10 Nov 2006 04:15:35 -0000 Message-ID: <000001c7047e$9412d100$8800b13b[at]ama123> From: "Philip" <richard[at]csuchico.edu> To: <x[at]cesmail.net> Subject: To buy or not to buy? Date: Fri, 10 Nov 2006 09:43:30 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms000508050207080102030607" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms000508050207080102030607 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Forget about sexual problems! -Tired with weak penis?=20 {SNIP} anymore!</FONT></A></EM></DIV></BODY></HTML> --------------ms000508050207080102030607-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=35 Return-Path: <hugh[at]csuchico.edu> Delivered-To: x[at]cesmail.net Received: (qmail 1753 invoked from network); 11 Nov 2006 09:32:34 -0000 X-spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-26) on filter7 X-spam-Level: ************************************ X-spam-Status: hits=36.5 tests=DRUGS_ERECTILE,DRUG_ED_GENERIC,INVALID_MSGID, MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT,MSGID_LONG,MSGID_SHORT, MSGID_SPAM_LETTERS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,SARE_ADULT2, TO_CC_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.1.4 Received: from unknown (192.168.1.101) by filter7.cesmail.net with QMQP; 11 Nov 2006 09:32:34 -0000 Received: from unknown (HELO ILZE) (88.242.63.2) by mailgate.cesmail.net with SMTP; 11 Nov 2006 09:32:33 -0000 Message-ID: <000001c70574$35c81a00$023ff258[at]ilze> From: "Philip" <hugh[at]csuchico.edu> To: <x[at]cesmail.net> Subject: To buy or not to buy? Date: Sat, 11 Nov 2006 11:31:48 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms080502090001020704030205" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --------------ms080502090001020704030205 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Forget about sexual problems! {SNIP} anymore!</FONT></A></EM></DIV></BODY></HTML> --------------ms080502090001020704030205-- X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=36 X-Antivirus: avast! (VPS 0647-0, 09.11.2006), Outbound message X-Antivirus-Status: Clean Based on what I posted, does it seem to be a spammer doing this? If so, how would they send something that would affect the SC mail server to put the "X" checks and informaion at the end of the message? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 13, 2006 Share Posted November 13, 2006 Based on what I posted, does it seem to be a spammer doing this? If so, how would they send something that would affect the SC mail server to put the "X" checks and informaion at the end of the message? Simply by not providing a space between the headers and the body. By RFC, spamcop needs to assume the entire message is headers and adds its x-spamcop-* headers at the end. Spamcop currently adds it's x-spam-* headers to the top of the message. Link to comment Share on other sites More sharing options...
btech Posted November 13, 2006 Author Share Posted November 13, 2006 so I shuold just delete these messages, is what I gather... ? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 13, 2006 Share Posted November 13, 2006 so I shuold just delete these messages, is what I gather... ? Or use your method to determine the source and manually report them. More work, but keeps you legal from the spamcop side of things. Link to comment Share on other sites More sharing options...
btech Posted November 13, 2006 Author Share Posted November 13, 2006 By Manually, do you mean sending an email to the IP owner with a 'complaint' and a copy of the email? (just want to make sure) Link to comment Share on other sites More sharing options...
Wazoo Posted November 13, 2006 Share Posted November 13, 2006 By Manually, do you mean sending an email to the IP owner with a 'complaint' and a copy of the email? (just want to make sure) Manual reports are listed in the Dictionary, FAQ, Glossary, and I'm pretty sure we've done up a page or two in the Wiki .. (me also trying to cpver all bases <g>) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.