Hi,
Since April 27, I noticed that ALL my mails pass through outblaze.com, a
Hong Kong based company that I suspect, with extreme prejudice, allows
relaying of spam or could be directly involved with sending of spam
msgs.
I found out about this "go-between" because I've spent weeks trying to
configure my mail system to block spam and yet I still receive spam
(once or twice a week from 6-or-more-a-week previously). Upon checking
the complete headers, I noticed outblaze.com in all my mails which is
also marked "maybe forged" by iname.net.
I use sendmail's dsnbl feature and have placed domain names in
/etc/access.db.
I tried using mailfilter but it can't totally stop spam.
But I'd like to stop this go-between (spf4.us4.outblaze.com) becuase I
have recd an altered email from them. I subscribe to Java Developer
Connection and regularly receive bulletins from them. Last week, I rec'd
a msg supposedly from JDC with a
"From: JDC.C&[EMAIL PROTECTED]"
If this isn't mail/internet abuse then I don't know what is. Can someone
help me or give me references on the internet that can help me stop this?
I've read articles from spam.abuse.net and many other anti-spam sites
and haven't come across any articles about go-betweens and how to stop
them.
I have also checked the IP Block 205.158.62.26 which is owned by
Concentric Network Corp. (www.concentric.net which auto-links to
www.xo.com), a U.S. based company, which is referenced by an anti-spam
document http://www.digital.net/~gandalf/spamfaq.html for some help
documentation.
Thanks in advance.
Here's a sample header from a spam:
>From [EMAIL PROTECTED] Fri Apr 27 08:52:06 2001
Return-Path: <[EMAIL PROTECTED]>
Received: from localhost (IDENT:[EMAIL PROTECTED] [127.0.0.1])
by localhost.localdomain (8.11.0/8.11.0) with ESMTP id f3R0q5P01368
for <hgf3@localhost>; Fri, 27 Apr 2001 08:52:05 +0800
Received: from POP3.skyinet.net [206.101.197.21]
by localhost with POP3 (fetchmail-5.5.0)
for hgf3@localhost (single-drop); Fri, 27 Apr 2001 08:52:05 +0800 (PHT)
Received: from mx.skyinet.net (int2-mx.skyinet.net [202.78.88.137])
by pop3.skyinet.net (Postfix) with ESMTP id 9A3842825B
for <[EMAIL PROTECTED]>; Fri, 27 Apr 2001 02:24:20 +0800 (PHT)
Received: from smv05.iname.net (lmtp06.iname.net [165.251.8.61])
by mx.skyinet.net (Postfix) with SMTP id 5F5DD1B304
for <[EMAIL PROTECTED]>; Fri, 27 Apr 2001 02:24:18 +0800 (PHT)
Received: from spf4.us4.outblaze.com (205-158-62-26.outblaze.com [205.158.62.26] (may
be forged))
by smv05.iname.net (8.9.3/8.9.1SMV2) with ESMTP id OAA02486
for <[EMAIL PROTECTED]> sent by <[EMAIL PROTECTED]>; Thu, 26 Apr 2001 14:17:22
-0400 (EDT)
From: [EMAIL PROTECTED]
Received: from klhtnet.klht.pvt.k12.ct.us (klhtnet.klht.pvt.k12.ct.us [206.97.9.2])
by spf4.us4.outblaze.com (8.11.0/8.11.0) with ESMTP id f3QIG7Q16150
for <[EMAIL PROTECTED]>; Thu, 26 Apr 2001 18:16:09 GMT
Date: Thu, 26 Apr 2001 18:16:09 GMT
Message-Id: <[EMAIL PROTECTED]>
Received: from kwcsa.hotbot.com ([24.216.191.16])
by klhtnet.klht.pvt.k12.ct.us (post.office MTA v2.0 0813
ID# 0-29026U510) with SMTP id AAO197;
Wed, 25 Apr 2001 13:00:43 -0400
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Reduce Your Debt! [oracs]
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=iso-8859-1
Status: RO
--
Horace G. Friend III
[EMAIL PROTECTED]
GnuPG DSA/ElGamal Key Fingerprint
9295 80C4 C723 621B 9C2D B53E D432 7936 4CA9 8AD6
