On Tue, 29 Nov 2005, Declan Moriarty wrote:
Received: from [81.103.221.10] (really [61.173.188.55])
by aamta03-winn.ispmail.ntl.com with SMTP
id
<[EMAIL PROTECTED]
This kind of upends what little I thought I knew about mail
transactions. It's spam from chinanet (61.173.188.55), but passing
the wrong IP seems like a surefire way _not_ to transmit :-o.
Most of the spam I receive has rewritten headers using a misconfigured
server. Misconfigured meaning, of course, purposely misconfigured to
produce a bogus IP. When receiving spam the only IP address you can
really trust is the one address previous to your ISPs maild. 9/10 times
that machine is compromised and is running the final mail bouncer which
has been specifically modified to erase/forge/falsify all tracks of where
the mail actually originated.
If 81.103.221.10 truly is the last hop before this mail came to your ISP
and it truly is the smtpin for ntl.com then there are a few possibilities:
1) It's a true maild and it's compromised
2) It's not a true maild but it's set up or compromised by someone who has
the authority or ability to modify the DNS records without anyone noticing
3) It is an open relay (doubtful in these times)
At one time I made a practice of contacting ISPs or sysadmins about
systems which were passing along spam. 99/100 times I'd receive a
dismissive or even blistering message back telling me how I'm obviously
wrong in my identification of the offending IP address.
Have fun!
Steven
--
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
