procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Klez putatively from me

2002-08-12 15:59:17
from [dman] [Permanent Link] 
I raised an eyebrow at seeing this (edited version of headers)
in my procmail list mail just now:


From procmail-admin(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE  Tue Aug 13 
00:29:00 2002
From: dman <dman(_at_)nomotek(_dot_)com>
Subject: A  excite game
To: procmail(_at_)informatik(_dot_)rwth-aachen(_dot_)de


I can assure all on the list that this was not from me.
Most of you know that Klez is infamous for taking on the
putative identity of others.  And that is the case here,
as well.

The full headers from the message reveal, in pertinent part,
the below, which analysis was performed by the engine at
spamcop.net, but with which I concur:


Received: from Rzsw ([170.215.171.22]) by out011.verizon.net
 (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP id
 <2002___________________________________(_dot_)net(_at_)Rzsw> for <x>; Mon, 
12
 Aug 2002 17:24:28 -0500



host 206.46.170.135 (getting name) 206.46.170.135 = out011pub.verizon.net.
206.46.170.135 not listed in proxies.relays.monkeys.com
Possible spammer: 170.215.171.22
Taking name from IP...
host 170.215.171.22 (getting name) 170.215.171.22 = marl-cs01-t17.citlink.net.
host marl-cs01-t17.citlink.net. (checking ip) ip = 170.215.171.22
   Chain test:out011.verizon.net =? out011pub.verizon.net
   out011.verizon.net and out011pub.verizon.net have same hostname - chain 
verified
Possible relay: 206.46.170.135
206.46.170.135 not listed in relays.ordb.org.
206.46.170.135 has already been sent to relay testers
Received line accepted


Tracking message source:170.215.171.22:
host 170.215.171.22 (getting name) 170.215.171.22 = marl-cs01-t17.citlink.net.
host marl-cs01-t17.citlink.net. (checking ip) ip = 170.215.171.22
Paranoid reverse DNS passes
abuse.net citlink.net = abuse(_at_)citlink(_dot_)net


In other words, the mail apparently originated at the stated message-source
IP -- a system I have never visited.

Yeesh.

Dallman

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Klez putatively from me, dman <=
Previous by Date:  A excite game, dman
Next by Date:  Re: How do I match from a tedt file?, Luke Davis
Previous by Thread:  A excite game, dman
Next by Thread:  EXITCODE for exim?, John Conover
Indexes:  [Date] [Thread] [Top] [All Lists]