Neil, Does this response mean that the message is originating from KC RoadRunner's network?
I guess I'm not following the data you pasted in. So SpamCop runs the source IP against RBL servers to see if it's listed first, then to verify IP -> domain validity? Is that right? Thanks, Chris > From: Neil Herber <[EMAIL PROTECTED]> > Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> > Date: Mon, 6 Jan 2003 10:35:00 -0500 > To: "SIMS Discussions" <[EMAIL PROTECTED]> > Subject: Re: Latest Viruses. > > It is rumored that on or about 2003-01-06 8:55 AM -0600, Chris Wagner > wrote as follows: >> Can someone please help explain this to me? > > Chris > > If you plug the headers into Spamcop it gives the following results: > >> Parsing header: >> >> Received: from 10.1.1.33 ([10.1.1.33] verified) by >> atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with SMTP id >> S.0000198408; Sat, 04 Jan 2003 11:42:55 -0600 >> 10.1.1.33 discarded >> >> Received: from [207.241.128.21] (HELO smtp01.journey.com) by >> atchisonkansas.net (Stalker SMTP Server 1.8b9d14) with ESMTP id >> S.0000198407 for <[EMAIL PROTECTED]>; Sat, 04 Jan 2003 >> 11:40:38 -0600 >> no from >> Possible spammer: 207.241.128.21 >> Taking name from IP... >> host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com. >> 207.241.128.21 is not an MX for smtp.journey.com. >> host smtp.journey.com. (checking ip) ip = 207.241.128.20 >> 207.241.128.21 is not an MX for smtp.journey.com. >> smtp.journey.com. is 207.241.128.21 >> smtp.journey.com. = 207.241.128.21 >> Received line accepted >> >> Received: from Cpuarwpsq (mkc-65-30-67-139.kc.rr.com >> [65.30.67.139]) by smtp01.journey.com (Postfix) with SMTP id >> 313F97343B for <[EMAIL PROTECTED]>; Sat, 4 Jan 2003 >> 13:05:32 -0500 (EST) >> host 207.241.128.21 (getting name) 207.241.128.21 = smtp.journey.com. >> 207.241.128.21 not listed in opm.blitzed.org >> Possible spammer: 65.30.67.139 >> 65.30.67.139 is not an MX for mkc-65-30-67-139.kc.rr.com >> host mkc-65-30-67-139.kc.rr.com (checking ip) ip = 65.30.67.139 >> Chain test:smtp01.journey.com =? smtp.journey.com. >> host smtp.journey.com. (checking ip) ip = 207.241.128.20 >> 207.241.128.20 is not an MX for smtp01.journey.com >> host smtp01.journey.com (checking ip) ip not found ; >> smtp01.journey.com discarded as fake. >> 1 is not an MX for smtp.journey.com. >> 207.241.128.20 is not an MX for smtp01.journey.com >> ips don't match; smtp01.journey.com discarded as fake >> smtp01.journey.com and smtp.journey.com. have same domain - chain verified >> Possible relay: 207.241.128.21 >> Received line accepted >> >> Tracking message source: 65.30.67.139: >> Routing details for 65.30.67.139 >> [refresh/show] Cached whois for 65.30.67.139 : [EMAIL PROTECTED] >> [EMAIL PROTECTED]: abuse net rr.com = [EMAIL PROTECTED] >> abuse net rr.com = [EMAIL PROTECTED] >> Using best contacts [EMAIL PROTECTED] >> Whois found [EMAIL PROTECTED] >> 65.30.67.139 not listed in formmail.relays.monkeys.com >> 65.30.67.139 not listed in opm.blitzed.org >> 65.30.67.139 not listed in relays.ordb.org. >> 65.30.67.139 not listed in query.bondedsender.org >> >> Possible open relay: 207.241.128.21 >> 207.241.128.21 not listed in relays.ordb.org. >> >> Report Spam to: >> >> Re:207.241.128.21 (Automated open-relay testing system(s)) >> To: Internal spamcop handling: (testrelays) (Notes) >> >> Re:65.30.67.139 (Administrator of network where email originates) >> To: [EMAIL PROTECTED] (Notes) >> > > I did NOT report the spam to Spamcop since I did not get it. > > http://spamcop.net/ > > -- > Neil > > Neil Herber > Corporate info at http://www.eton.ca/ > Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1 > Tel: (613) 829-4668 > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[EMAIL PROTECTED]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
