well, generally you have to go by ip addresses as the dns info is usually
forged. for instance, winproxy.anywhere is obviously not a vaild name. the
mail.zushabrmanova.pvtnet.cz can be verified by a quick dns lookup:
Received: from WinProxy.anywhere (mail.zushabrmanova.pvtnet.cz
[195.47.60.155]) by smtp.nextra.cz (8.11.1/8.11.1) with SMTP id
f1HAv8D35808; Sat, 17 Feb 2001 11:57:08 +0100 (CET) (envelope-from
[EMAIL PROTECTED])
the only thing you care about here is the IP 195.47.60.155
this resolves to:
nslookup 195.47.60.155
Canonical name: mail.zushabrmanova.pvtnet.cz
so the short answer is yes, you could put that in your kill list, which
would bounce any mail coming from that mail server. the is not the origin of
the mail however, but what appears to be an open relay. going a bit further:
harryh@cet harryh]$ dig -x 195.47.60.155 soa
; <<>> DiG 2.2 <<>> -x soa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;; 155.60.47.195.in-addr.arpa, type = SOA, class = IN
;; AUTHORITY RECORDS:
60.47.195.in-addr.arpa. 86400 SOA ns.pvt.net. hostmaster.pvt.net. (
2001013101 ; serial
28800 ; refresh (8 hours)
3600 ; retry (1 hour)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
;; Total query time: 198 msec
;; FROM: cet to SERVER: default -- 206.96.91.1
;; WHEN: Sat Feb 17 16:45:55 2001
;; MSG SIZE sent: 44 rcvd: 101
using the whois server at abuse.net:
[harryh@cet harryh]$ fwhois [EMAIL PROTECTED]
[whois.abuse.net]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
if you wish to file a spam complaint, it would be sent to:
[EMAIL PROTECTED] & [EMAIL PROTECTED]
the source of the message is shown in this line:
Received: from 216.214.77.248 by 195.47.60.155 (WinProxy); Sat, 17 Feb 2001
this resolves to:
nslookup 216.214.77.248
Canonical name: max1-120.sanfrancisco.corecomm.net
<<>> DiG 2.2 <<>> -x soa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;; 248.77.214.216.in-addr.arpa, type = SOA, class = IN
;; AUTHORITY RECORDS:
77.214.216.in-addr.arpa. 86400 SOA ns1.corecomm.net.
postmaster.corecomm.net. (
2001010309 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
;; Total query time: 121 msec
;; FROM: cet to SERVER: default -- 206.96.91.1
;; WHEN: Sat Feb 17 16:49:55 2001
;; MSG SIZE sent: 45 rcvd: 108
using the whois server at abuse.net:
[harryh@cet harryh]$ fwhois
[EMAIL PROTECTED]
[whois.abuse.net]
[EMAIL PROTECTED]
the complaint would be sent to: [EMAIL PROTECTED]
Hope that helps.
----- Original Message -----
From: "Howard Reeves" <[EMAIL PROTECTED]>
To: "I-Mail" <[EMAIL PROTECTED]>
Sent: Saturday, February 17, 2001 12:24 PM
Subject: [IMail Forum] Understading headers
> I have been receiving a lot of unwanted e-mail. I am trying to understand
> where it is coming from and what to enter in my kill.lst to stop it. I
> opened one of the messages in Notepad and found the information pasted
> below. Would this be the header? It appears to me that this message
> originated from mail.zushabrmanova.pvtnet.cz. Is this correct? Would I
enter
> mail.zushabrmanova.pvtnet.cz in the kill.lst to stop receiving messages
from
> these people?
>
> Thanks,
>
> Howard Reeves
> [EMAIL PROTECTED]
>
>
> Received: from WinProxy.anywhere (mail.zushabrmanova.pvtnet.cz
> [195.47.60.155])
> by smtp.nextra.cz (8.11.1/8.11.1) with SMTP id f1HAv8D35808;
> Sat, 17 Feb 2001 11:57:08 +0100 (CET)
> (envelope-from [EMAIL PROTECTED])
> Received: from 216.214.77.248 by 195.47.60.155 (WinProxy); Sat, 17 Feb
2001
> 06:56:26 +0100
> Message-ID: <00005f860ccf$000065b8$00007056@>
> To: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> Subject: Cash In Your Pocket Today 28758
> Date: Fri, 16 Feb 2001 20:05:54 -0800
> MIME-Version: 1.0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-RCPT-TO: <[EMAIL PROTECTED]>
> X-UIDL: 280952411
> Status: U
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
