Re: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread R. Scott Perry
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] HELO 208.253.112.160 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] MAIL FROM: <[EMAIL PROTECTED]> 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]> 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]> 03:12 1

RE: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread John Tolmachoff
am > Sent: Wednesday, March 12, 2003 4:23 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] How did this Spammer get through? > > What's strange is that the only thing consistent around all of the spam emails is the > IP address 169.207.38.237, which is listed with SpamCo

Re: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread Brian Cunningham
What's strange is that the only thing consistent around all of the spam emails is the IP address 169.207.38.237, which is listed with SpamCop. Should declude pick that up? I've got spamcop listed as an automatic hold, but somehow he keeps getting through. Thanks. b -- Original Messa

Re: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread Brian Cunningham
Here's another example: 03:12 15:59 SMTPD(2842009C) [10.9.8.51] connect 169.207.38.237 port 4345 03:12 15:59 SMTPD(2842009C) [169.207.38.237] HELO 208.253.112.160 03:12 15:59 SMTPD(2842009C) [169.207.38.237] MAIL FROM: <[EMAIL PROTECTED]> 03:12 15:59 SMTPD(2842009C) [169.207.38.237] RCPT TO: <[EMA

Re: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread Brian Cunningham
Here you go: 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] HELO 208.253.112.160 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] MAIL FROM: <[EMAIL PROTECTED]> 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]> 03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECT

Re: [Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread R. Scott Perry
Here's an example of the email he's trying to relay through: The key information isn't in the headers in this case -- it's in the IMail SMTP log file. Most importantly are the "RCPT TO:" lines, which will show who the E-mail was actually addressed to, and whether or not some hack was used to r

[Declude.JunkMail] How did this Spammer get through?

2003-03-12 Thread Brian Cunningham
I've got several held emails from a spammer trying to use our system for relay. I've got the box locked down to only accept relay from "authenticated" users, but somehow this guy got through. Luckily, I've got hijack on the box, which has blocked all of his emails. Here's an example of the email