boy ! did this generate a flurry .. it will be fun to watch this adventurous 'tracking' ..
..piikay ----- Original Message ----- From: "Siddhartha Basu" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, January 17, 2005 8:25 PM Subject: Re: [ilug-cal] [Off Topic] - Help me to track down a spammer > Hi rajiv, > > Couple of thoughts. > > > > I have attached the header, the guy has set up a mail server on a > > linux machine, i guess its fedora. > How do you guess it is fedora. I could'nt figure out from the headers though. > > > > > > His IP Address is - 210.210.74.150 (which is sify broadband or leased line) > > > > I cant make out which one is his ipaddress provided by SIFY, it can be > > either 10.54.51.16 or 10.11.117.43 or something else. > > Both of them are non-routable ip address of internal networks. They > also belong to different subnetwork. So, the mail must have been > routed through two boxes before it has hit the external routable sify > box (210.210.74.150). So, from sify you should be able to get which > box it is assigned to and the gory details. > > > > > > X-Gmail-Received: 1fd05570cbe204e3a6822bf17a432ff370ea2dca > > Delivered-To: [EMAIL PROTECTED] > > Received: by 10.54.51.16 with SMTP id y16cs5805wry; > > Sun, 16 Jan 2005 01:52:49 -0800 (PST) > > Received: by 10.11.117.43 with SMTP id p43mr390223cwc; > > Sun, 16 Jan 2005 01:52:49 -0800 (PST) > > Return-Path: <[EMAIL PROTECTED]> > > Received: from station3.example.com (210-210-74-150.lan.sify.net > > [210.210.74.150]) > > by mx.gmail.com with ESMTP id p77si1036593cwc.2005.01.16.01.52.44; > > Sun, 16 Jan 2005 01:52:49 -0800 (PST) > > Received-SPF: neutral (gmail.com: 210.210.74.150 is neither permitted > > nor denied by domain of [EMAIL PROTECTED]) > > Received: from station3.example.com (localhost.localdomain [127.0.0.1]) > > by station3.example.com (8.12.10/8.12.10) with ESMTP id j0GBMVn9024974 > > for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 16:52:31 +0530 > > Received: (from [EMAIL PROTECTED]) > > The originating box is sending it as root user. Why somebody who owns > a box should use root user to send anonymous mass mails. I doubt this > originating mahcine might have been compromised. In that case it > would be hard to track down the actual culprit. However, at least the > compromised machine could be stopped from spreading the annoyance. > > > <snipped> > > > -siddhartha > > -- > To unsubscribe, send mail to [EMAIL PROTECTED] with the body > "unsubscribe ilug-cal" and an empty subject line. > FAQ: http://www.ilug-cal.org/node.php?id=3 -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
