Re: How did this Spam get through?

Technical Support, Stalker Labs Wed, 08 Aug 2001 23:49:12 -0700
Hello,

Apparently the message was received with some other SMTP session - compare the time 
stamp in the Received header and the in logs.

If your server has some MX backup, the spamware could retry sending through that 
backup and succeeded that time.


On Thu, Aug 9, 2001, 01:18:38 GMT
  Andrzej Kozlowski, <[EMAIL PROTECTED]> wrote:

>Something weird. The spam below was identified as blacklisted by
>relays.ordb.org an yet it got through! From the log it looks like it was
>rejected and but I got it.
>
>Here are the message headers and the SIMS log:
>
> From (null)@platon.c.u-tokyo.ac.jp Thu Aug 9 09:04:42 2001
>Return-Path: [EMAIL PROTECTED]
>Received: from bnmail1.botsnet.bw ([168.167.71.132] verified) by
>platon.c.u-tokyo.ac.jp (Stalker SMTP Server 1.8b8) with ESMTP id
>S.0000027305 for <[EMAIL PROTECTED]>; Thu, 09 Aug 2001
>08:46:58 +0900
>Received: from bnfire1.botsnet.bw ([168.167.71.129]) by
>bnmail1.botsnet.bw  with Microsoft SMTPSVC(5.5.1877.197.19);
>        Wed, 8 Aug 2001 02:47:58 +0200
>Message-ID: <00005bc1501f$00004957$[EMAIL PROTECTED]>
>To: <Subscriber>
> From: [EMAIL PROTECTED]
>Subject:
>[0x8E][0xFB][0x93][0xFC][0x82][0xCD][0x8E]v[0x82][0xA2][0x82][0xCC][0x82]
>[0xDC][0x82][0xDC]!
>[0x82][0xB3][0x82][0xE7][0x82][0xC9][0x82][0xED][0x82][0xAD][0x82][0xED]
>[0x82][0xAD][0x83]h[0x83]L[0x83]h[0x83]L[0x82][0xCC][0x83]o[0x83]J[0x83]
>[0x93][0x83]X[0x82][0xDC][0x82][0xC5][0x82][0xC2][0x82][0xA2][0x82][0xC4]
>[0x82][0xAD][0x82][0xE9]!                         22427
>Date: Tue, 07 Aug 2001 19:48:17 -1700
>MIME-Version: 1.0
>Content-Type: text/html;
>       charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>X-Priority: 3
>X-MSMail-Priority: Normal
>Reply-To: [EMAIL PROTECTED]
>Return-Path: [EMAIL PROTECTED]
>
>
>:08:29 4 SMTP Line 3195 created for answering
>04:08:29 4 SMTP-195() Got connection from [168.167.71.132:1267]
>04:08:29 4 SMTP(tcp) Connection accepted from [168.167.71.132:1267],
>seq=1027, 13/14
>04:08:29 4 SMTP-195([168.167.71.132]) Sending 220-Stalker Internet Mail
>Server V.1.8b8 is ready.\r\n220 ESMTP is spoken here. You are welcome\r\n
>04:08:29 5 SMTP-195([168.167.71.132]) OT 95 of 95 bytes sent, Flags=0
>04:08:29 5 SMTP-195([168.167.71.132]) *Status=34
>04:08:29 4 SMTP-195([168.167.71.132]) Looking for
>132.71.167.168.relays.ordb.org
>04:08:29 1 SMTP-195([168.167.71.132]) SPAM? Host is blacklisted per RBL
>relays.ordb.org with result [127.0.0.2]
>04:08:29 5 SMTP-195([168.167.71.132]) *Status=22
>04:08:31 5 SMTP-195([168.167.71.132]) Received 25 bytes
>04:08:31 4 SMTP-195([168.167.71.132]) Input Line: EHLO
>bnmail1.botsnet.bw\r
>04:08:31 5 SMTP-195([168.167.71.132]) *Status=21
>04:08:31 4 SMTP-195(bnmail1.botsnet.bw) Looking for bnmail1.botsnet.bw
>04:08:31 4 SMTP-195(bnmail1.botsnet.bw) Sending 250-platon.c.u-
>tokyo.ac.jp is pleased to meet
>you\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250 EHLO\r\n
>04:08:31 5 SMTP-195(bnmail1.botsnet.bw) OT 97 of 97 bytes sent, Flags=0
>04:08:31 5 SMTP-195(bnmail1.botsnet.bw) *Status=22
>04:08:36 5 SMTP-195(bnmail1.botsnet.bw) Received 38 bytes
>04:08:36 4 SMTP-195(bnmail1.botsnet.bw) Input Line: MAIL
>FROM:<[EMAIL PROTECTED]>\r
>04:08:36 5 SMTP-195(bnmail1.botsnet.bw) *Status=25
>04:08:36 5 SYSTEM {S.0000027304} in work, ref=814, nFresh=4
>04:08:36 5 ROUTER Input: HomeRevenue57(excite.com)
>04:08:36 5 ROUTER Parser: [EMAIL PROTECTED] ->
>HomeRevenue57(excite.com)
>04:08:36 5 SMTP-195(bnmail1.botsnet.bw) *Status=26
>04:08:37 4 SMTP-195(bnmail1.botsnet.bw) Sending 250
><[EMAIL PROTECTED]> sender accepted\r\n
>04:08:37 5 SMTP-195(bnmail1.botsnet.bw) OT 48 of 48 bytes sent, Flags=0
>04:08:37 5 SMTP-195(bnmail1.botsnet.bw) *Status=23
>04:08:38 5 SMTP-195(bnmail1.botsnet.bw) Received 42 bytes
>04:08:38 4 SMTP-195(bnmail1.botsnet.bw) Input Line: RCPT
>TO:<[EMAIL PROTECTED]>\r
>04:08:38 5 ROUTER Input: andrzej%platon.c.u-tokyo.ac.jp(Blacklisted)
>04:08:38 5 ROUTER Parser: andrzej%platon.c.u-tokyo.ac.jp@Blacklisted ->
>andrzej%platon.c.u-tokyo.ac.jp(Blacklisted)
>04:08:38 1 SMTP-195(bnmail1.botsnet.bw) SPAM? Recipient
>'<[EMAIL PROTECTED]>' rejected: sending host is
>blacklisted, "See <http://www.ordb.org/> for more information."
>04:08:38 4 SMTP-195(bnmail1.botsnet.bw) Sending 591 No mail will be
>accepted. Your host is in a Black List. See <http://www.ordb.org/> for
>more information.\r\n
>04:08:38 5 SMTP-195(bnmail1.botsnet.bw) OT 110 of 110 bytes sent, Flags=0
>04:08:39 5 SYSTEM {S.0000027310} created, ref=758, nFresh=5
>04:08:39 5 SMTP-195(bnmail1.botsnet.bw) Received 6 bytes
>04:08:39 4 SMTP-195(bnmail1.botsnet.bw) Input Line: QUIT\r
>04:08:39 5 SMTP-195(bnmail1.botsnet.bw) *Status=29
>04:08:40 4 SMTP-195(bnmail1.botsnet.bw) Sending 221 platon.c.u-
>tokyo.ac.jp closing connection\r\n
[skipped]


Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your reply.

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>
Re: How did this Spam get through?

Reply via email to
