So, that said,
does this mean that in this message header that the message came from our
mail server, since the time stamp appears to be earlier than the entry for
the mkc-65-30-67-139.kc.rr.com server?
====================================================================
Return-Path: [EMAIL PROTECTED]
Received: from 10.1.1.33 ([10.1.1.33] verified)
by atchisonkansas.net (Stalker SMTP Server 1.8b9d14)
with SMTP id S.0000198408; Sat, 04 Jan 2003 11:42:55 -0600
Received: from [207.241.128.21] (HELO smtp01.journey.com)
by atchisonkansas.net (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0000198407 for <[EMAIL PROTECTED]>;
Sat, 04 Jan 2003 11:40:38 -0600
Received: from Cpuarwpsq (mkc-65-30-67-139.kc.rr.com
[65.30.67.139])
by smtp01.journey.com (Postfix) with SMTP id 313F97343B
for <[EMAIL PROTECTED]>; Sat, 4 Jan 2003 13:05:32
-0500 (EST)
====================================================================
Thing is, I don't get how the virus could have replicated itself on our
network, unless it came from one of our own PCs and I haven't seen any
indication of this otherwise.
The machine that it came in on was my Mac.
Thanks,
Chris
> From: Neil Herber <[EMAIL PROTECTED]>
> Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]>
> Date: Mon, 6 Jan 2003 11:00:00 -0500
> To: "SIMS Discussions" <[EMAIL PROTECTED]>
> Subject: Re: Latest Viruses.
>
> It is rumored that on or about 2003-01-06 9:40 AM -0600, Chris Wagner
> wrote as follows:
>> Neil,
>>
>> Does this response mean that the message is originating from KC RoadRunner's
>> network?
>>
>> I guess I'm not following the data you pasted in.
>>
>> So SpamCop runs the source IP against RBL servers to see if it's listed
>> first, then to verify IP -> domain validity?
>>
>> Is that right?
>>
>> Thanks,
>>
>> Chris
>
> Chris
>
> My understanding is that Spamcop tries to validate the "Received:"
> chain, tossing out any spoofed IPs or domains. It then tags the first
> valid IP as the source of the message and does some voodoo to
> determine if any of the other IPs are relays. Any that it suspects of
> being relays are submitted to its relay testing module, which does
> more voodoo.
>
> Spamcop also runs it's own RBL, which I use, but which has been known
> to issue false positives. They do seem to be quite responsive at
> removing such false positives though. I run all the spam I receive
> through Spamcop, in part to feed the RBL mechanism.
>
> --
> Neil
>
> Neil Herber
> Corporate info at http://www.eton.ca/
> Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
> Tel: (613) 829-4668
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <[EMAIL PROTECTED]>.
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to <[EMAIL PROTECTED]>
>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
