PierJes Posted March 21, 2004 Posted March 21, 2004 De : john[at]spamcop.net To: Pierjes <pierjes[at]spamcop.net> Envoyer : 21 mars 2004 12:30:01 Cc : recipient list not shown: Received: from c60.cesmail.net ([216.154.195.49]) by mc1-f39.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 21 Mar 2004 09:30:02 -0800 Received: from unknown (HELO blade4.cesmail.net) (192.168.1.214) by c60.cesmail.net with SMTP; 21 Mar 2004 12:30:01 -0500 Received: (qmail 31058 invoked by uid 1010); 21 Mar 2004 17:30:01 -0000 Received: (qmail 30999 invoked from network); 21 Mar 2004 17:30:00 -0000 Received: from unknown (192.168.1.213) by blade4.cesmail.net with QMQP; 21 Mar 2004 17:30:00 -0000 Received: from cable-212.76.233.111.coditel.net (HELO localhost) (212.76.233.111) by blade3.cesmail.net with SMTP; 21 Mar 2004 17:29:56 -0000 X-Message-Info: JGTYoYF78jEjCajuLPxFf+DIwvSTPGpJ Message-ID: <20040321173001.31057.qmail[at]blade4.cesmail.net> Delivered-To: spamcop-net-pierjes[at]spamcop.net X-Mail-Format-Warning: Bad RFC2822 header formatting in ------------CB7EDDDC00162C3 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4 X-spam-Level: *** X-spam-Status: hits=3.7 tests=DATE_MISSING,LARGE_HEX,UPPERCASE_50_75 version=2.63 X-SpamCop-Checked: 192.168.1.213 212.76.233.111 Return-Path: john[at]spamcop.net X-OriginalArrivalTime: 21 Mar 2004 17:30:02.0394 (UTC) FILETIME=[245867A0:01C40F6A] Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you. oofofsof I keep getting those messages. It's obvious it's a virus but it seems to come "genuinely" from the spamcop system. I can't track the origin of the mail as there are no complete headers on this e-mail. Am I missing something here ?
Wazoo Posted March 21, 2004 Posted March 21, 2004 I can't figure out what you used to copy / paste this in, but yes, there are problems with what you posted. Quick glance says that the source was 212.76.233.111 ... and the first problem is parsing would prbably have started with the blank line up at the top of the alleged headers. if this is what you actually tried to parse.
Jeff G. Posted March 22, 2004 Posted March 22, 2004 After removing the top section (above the first Received header) and adding a blank line between headers and body, I was able to parse the message. http://www.spamcop.net/sc?id=z364833160z4f...96021f7eb963ffz shows a willingness to report to abuse[at]coditel.be, but I didn't send a report.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.