Re: [Declude.JunkMail] How did this Spammer get through?
Here's an example of the email he's trying to relay through: The key information isn't in the headers in this case -- it's in the IMail SMTP log file. Most importantly are the RCPT TO: lines, which will show who the E-mail was actually addressed to, and whether or not some hack was used to relay the E-mail. If you post the IMail SMTP log file entries, I should be able to let you know what is going on. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How did this Spammer get through?
Here you go: 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] HELO 208.253.112.160 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] MAIL FROM: [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] ERR richmond.com invalid user [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] ERR richmond.com invalid user [EMAIL PROTECTED] 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] d:\IMail\spool\Dc4500f9200bec554.SMD 1114 So is he authenticating as a real user? b -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 12 Mar 2003 19:11:04 -0500 Here's an example of the email he's trying to relay through: The key information isn't in the headers in this case -- it's in the IMail SMTP log file. Most importantly are the RCPT TO: lines, which will show who the E-mail was actually addressed to, and whether or not some hack was used to relay the E-mail. If you post the IMail SMTP log file entries, I should be able to let you know what is going on. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for Viruses and Spam by Richmond.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How did this Spammer get through?
What's strange is that the only thing consistent around all of the spam emails is the IP address 169.207.38.237, which is listed with SpamCop. Should declude pick that up? I've got spamcop listed as an automatic hold, but somehow he keeps getting through. Thanks. b -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 12 Mar 2003 19:11:04 -0500 Here's an example of the email he's trying to relay through: The key information isn't in the headers in this case -- it's in the IMail SMTP log file. Most importantly are the RCPT TO: lines, which will show who the E-mail was actually addressed to, and whether or not some hack was used to relay the E-mail. If you post the IMail SMTP log file entries, I should be able to let you know what is going on. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for Viruses and Spam by Richmond.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.