On Thursday 04 September 2003 06:28 am, Bryan Phinney wrote: > On Thursday 04 September 2003 06:43 am, Anne Wilson wrote: > > On Thursday 04 Sep 2003 11:36 am, Charlie wrote: > > > I suppose it was quite harmless but naturally it went in the bin. > > > > Yes - I got one for both the expert and the newbie list. I sent this > > to the newbie list when it was the first to arrive: > > > > Looking at the headers, I'm confused. I was looking for something > > that could categorically say that it had come from the Mandrake > > lists. This is what I found: > > ...snipped > > > Received: from smtp.mandrake.org (212.43.244.24) by > > mk-cpfrontend.uk.tiscali.com (6.7.018) > > id 3F547F72003A439B for [EMAIL PROTECTED]; Thu, 4 Sep > > 2003 09:10:51 +0100 > > ...snipped. > > > Could someone more experienced look it over for me. Is it really > > coming in as a false list email, as I first thought, or is it a > > virused list member affecting us all? > > > > I was concerned that it really looked as though it had come through > > the Mandrake list. What do you think? > > From what I can tell, this did come from the Mandrake list. First received > header indicates the IP originating: > > whois 212.43.244.24 > % This is the RIPE Whois server. > % The objects are in RPSL format. > % > % Rights restricted by copyright. > % See http://www.ripe.net/ripencc/pub-services/db/copyright.html > > inetnum: 212.43.244.16 - 212.43.244.31 > netname: MANDRAKESOFT-NETS > descr: Mandrakesoft > country: FR > admin-c: DC4946-RIPE > tech-c: CFH1-RIPE > rev-srv: ns3.fr.clara.net > rev-srv: ns4.fr.clara.net > status: ASSIGNED PA > notify: [EMAIL PROTECTED] > mnt-by: AS8975-MNT > changed: [EMAIL PROTECTED] 20010614 > source: RIPE > > Following the headers further down the chain, if they are to be believed > would seem to indicate the origination was a pacbell DSL modem > (67.122.222.126) which does belong to Pacbell so is probably accurate. If > anyone on the list is using a pacbell DSL modem and has Windows machines > attached, you may want to check your machine for infection. > > I, however, did not receive this original message, so I suspect that it was > either not sent to the list or my virus scanning stuff is working well > enough that it was trashed before it got to my inbox.
Where did you get the 67.x.y.z. address from? To me the originator looks like being from adelphia.net: Received: from KRIS (ca-dibar-cuda1-c1d-204.anhmca.adelphia.net [24.48.211.204]) by smtp.mandrax.org (Postfix) with ESMTP id C8D4556A1D for <[EMAIL PROTECTED]>; Thu, 04 Sep 2003 03:53:10 +0200 host 80.67.180.169 (getting name) no name 24.48.211.204 is not an MX for ca-dibar-cuda1-c1d-204.anhmca.adelphia.net host ca-dibar-cuda1-c1d-204.anhmca.adelphia.net (checking ip) = 24.48.211.204
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
