Re: What's going on? (Mail header)

Wed, 30 Nov 2005 05:31:48 -0800 

Recently, Somebody Somewhere wrote these words
> On Tue, 29 Nov 2005, Declan Moriarty wrote:
> 
> >Received: from [81.103.221.10] (really [61.173.188.55]) by
> >aamta03-winn.ispmail.ntl.com with SMTP id
> ><[EMAIL PROTECTED]
> >
> >This kind of upends what little I thought I knew about mail
> >transactions. It's spam from chinanet (61.173.188.55), but
> >passing the wrong IP seems like a surefire way _not_ to
> >transmit :-o.
> 
> Most of the spam I receive has rewritten headers using a
> misconfigured server.  Misconfigured meaning, of course,
> purposely misconfigured to produce a bogus IP.  When receiving
> spam the only IP address you can really trust is the one address
> previous to your ISPs maild.  9/10 times that machine is
> compromised and is running the final mail bouncer which has been
> specifically modified to erase/forge/falsify all tracks of where
> the mail actually originated.
> 
> If 81.103.221.10 truly is the last hop before this mail came to
> your ISP and it truly is the smtpin for ntl.com then there are a
> few possibilities: 1) It's a true maild and it's compromised 2)
> It's not a true maild but it's set up or compromised by someone
> who has the authority or ability to modify the DNS records
> without anyone noticing 3) It is an open relay (doubtful in
> these times)
> 
> At one time I made a practice of contacting ISPs or sysadmins
> about systems which were passing along spam.  99/100 times I'd
> receive a dismissive or even blistering message back telling me
> how I'm obviously wrong in my identification of the offending IP
> address.
> 
> Have fun!
> 
I am pretty sure the mail was being sent _to_ 81.103.221.10 by
61.173.188.55.

BTW, ntl (Who I am not exactly on speaking terms with) have _no_
sysadmins in Ireland, AFAICT. They have 'tech support' running
scripts as lusers, wondering what linux is anyhow, and hoping the
big boxes out there don't break down one day....

-- 

        With best Regards,


        Declan Moriarty.
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to