nadeaup Posted November 20, 2007 Share Posted November 20, 2007 I need help!!! I am being told that spam is being sent by my server 22.214.171.124. I currently have deleted sendmail binaries and every other mail realted service. The email below seems to show a non-routable-ip address 172.18.52.79... How can I prove to my hosting campany and their NOC that this spam is not coming from my server and my ip is being spoofed??? OR am I wrong? Please help!!! Below is the emial with comments in the headers.. X-Apparently-To: x via 126.96.36.199; Sat, 10 Nov 2007 02:54:08 -0800 X-Originating-IP: [188.8.131.52] Authentication-Results: mta423.mail.re4.yahoo.com from=cox.net; domainkeys=neutral (no sig) Hmmm authentication-results: isn't a header I recognise Received: from 184.108.40.206 (EHLO eastrmmtao107.cox.net) (220.127.116.11) by mta423.mail.re4.yahoo.com with SMTP; Sat, 10 Nov 2007 02:54:08 -0800 This received header was added by your mailserver mta423.mail.re4.yahoo.com received this from someone claiming to be 18.104.22.168 (mta423.mail.re4.yahoo.com doesn't record the senders IP address in any way I recognise, so it's impossible to be sure. All received headers after this one should be treated with suspicion) Received: from eastrmimpo03.cox.net ([22.214.171.124]) by eastrmmtao107.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20071110105208.STAY4189.eastrmmtao107.cox.net[at]eastrmimpo03.cox.net>; Sat, 10 Nov 2007 05:52:08 -0500 eastrmmtao107.cox.net received this from eastrmimpo03.cox.net (IP addresses match) Received: from eastrmwml20.mgt.cox.net ([172.18.52.79]) by eastrmimpo03.cox.net with bizsmtp id Ayrg1Y0051iXuec0000000; Sat, 10 Nov 2007 05:51:40 -0500 eastrmimpo03.cox.net received this from someone claiming to be eastrmwml20.mgt.cox.net but really from 172.18.52.79(No rDNS) All headers below may be forged Received: from 126.96.36.199 by webmail.east.cox.net; Sat, 10 Nov 2007 5:52:05 -0500 webmail.east.cox.net received this from someone claiming to be 188.8.131.52 (webmail.east.cox.net doesn't record the senders IP address in any way I recognise, so it's impossible to be sure. All received headers after this one should be treated with suspicion) Date: Sat, 10 Nov 2007 5:52:06 -0500 From: The free lotto sweepstakes <figgy45[at]cox.net> Reply-To: agtwilliams202[at]hotmail.com Many spams are forged to appear connected to hotmail.com. They probably aren't from there. If the spam is soliciting replies to a hotmail.com address tell abuse[at]hotmail.com and the mailbox will die. Subject: BATCH NUMBER: YPA/07-43658 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Hmmm sensitivity: isn't a header I recognise BATCH NUMBER: YPA/07-43658 REFERENCE NUMBER: 2007234522 PIN: 1206 This is to inform you that you have won a prize money of (GBP500,000.00) for the 2007 Prize Promotion which is Organized by The Free lotto Company The Free lotto Company! collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail and few from other e-mail providers. Ten people are selected monthly to benefit from this promotion and you are one of the Selected Winners. Fill and return to Agent Name: Rev.Jackson Williams E-Mail:agtwilliams202[at]hotmail.com Full name..... Winning email..... Occupation......... Nationality......... Phone no........... Age....... He shall commence the process that will facilitate the release of your fund to you. Regards, Mrs Pauline Walcott. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.