Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Spam email generated from my IP Address
From:
David Gillett <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Tue, 9 May 2006 07:55:04 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (189 lines) 
  Spammers routinely spoof the source *email address* of messages.  I'm 
having trouble with that at the moment myself -- some spammer out there has 
decided that I should get all his "bounce" messages.  That's NOT what you're 
seeing.
  Spammers often exploit intermediate email servers if they are "open 
relays", which will forward third-party email.  What you've been told is 
that your email server cannot be used this wayby spammers.
  Spammers have been known to insert a fake Received: header into messages, 
to make it look like their sending machine was just a relay forwarding a 
message from somewhere else.  They're rarely very convincing.

  I've never heard of a spammer managing to forge a convincing Rewceived: 
header line AND a corresponding message ID.  I think it's extremely likely 
that this spam message really did get sent by that machine in your office.

  An awful lot of current spam is sent by infected/compromised machines.  So 
you need to check that machine thoroughly for viruses/spyware/etc.  It might 
not hurt to check the whole office....

David Gillett


On 9 May 2006 at 16:12, rizal sharif wrote:

> Dear All,
> 
> I got a remainder from our ISP that they received  a complaint of spam email
> coming from our IP Address (219.93.x.x).
> 
> From the log report  I can see our IP Address was in the header  "Received:
> from friend (unknown [219.93.x.x])"
> 
> Since our e-mail server setting is "close relay", could it be one of the PCs
> was infected by worms/etc which generates the SPAM. In the header
> "Message-ID: <000001c65e0d$a310a280$0100007f@IP3104_XP1>,  IP3104_XP1 in one
> of the PCs in my office.
> 
> Or could it be that our IP Address was spoofed in the mail header?
> 
> Thank you for your help.
> 
> Rizal Sharif
> 
> 
> ***********************
> Your mail has been scanned by InterScan MSS.
> ***********-***********
> 
> Login Status Netmask IP Address
> username 1 255.255.255.252 219.93.x.x
> 
> [Spam-RBL] Spam from 219.93.x.x
> 
> *******************************************
> 
> [Traduction francaise plus bas]
> 
> Hello,
> 
> We have received a complaint for a SPAM which has been sent through your
> SMTP server or transiting through your network.
> The IP address is 219.93.x.x.
> 
> 219.93.x.x: 1 complaint(s), IP address is not blacklisted
> 
> You will find below the related spam with its headers enclosed.
> 
> After resolving the issue, you will be able to cancel this complaint by
> visiting : http://www.spam-rbl.com/unblacklist.cgi?id=3FQVK54JVAKD9IRV15RA
> 
> If you prefer use e-mail to cancel this complaint:
> After resolving the issue, you can send your message to
> [log in to unmask]
> If you can not resolve the issue but want to inform us that you will
> investigate, you can send a message to
> [log in to unmask]
> 
> Finally, if this complaint was sent to you by error (forged headers for
> example), you can inform our team by sending your message to
> [log in to unmask]
> (and the complaint will be canceled)
> 
> 
> Sincerely,
> The Spam-RBL team.
> 
> =====================================================================
> 
> Bonjour,
> 
> Nous avons recu une plainte pour Spam provenant de votre reseau ou ayant
> transite par celui-ci. L'adresse IP incriminee est 219.93.x.x.
> 
> Statistiques de 219.93.x.x : 1 plainte(s), IP non blacklistee
> 
> Vous trouverez ci-apres le mail en question, accompagne de ses en-tetes.
> 
> Pour lever la plainte : apres avoir resolu le probleme, vous devez vous
> connecter sur
> http://www.spam-rbl.com/unblacklist.cgi?id=3FQVK54JVAKD9IRV15RA
> 
> Si vous preferez utiliser l'e-mail pour lever la plainte :
> Apres avoir resolu le probleme, envoyez votre messagee
> [log in to unmask]
> Si vous ne pouvez pas resoudre le probleme mais souhaitez informer de
> sa prise en compte, envoyez votre message a
> [log in to unmask]
> 
> Finallement, si cette plainte vous a ete adressee par erreur (en-tetes
> 'forgees' par exemple), vous pouvez informer notre equipe en envoyant
> votre message a
> [log in to unmask]
> (et la plainte sera levee)
> 
> 
> Cordialement,
> L'equipe de Spam-RBL.
> 
> ===8<======================Debut du spam=============================
> 
> This is a multi-part message in MIME format.
> --DeathToSpamDeathToSpamDeathToSpam
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> 
> 
> --DeathToSpamDeathToSpamDeathToSpam
> Content-Type: message/rfc822
> Content-Disposition: attachment
> 
> Return-Path: <>
> Delivered-To: spam-quarantine
> X-Envelope-From: <[log in to unmask]>
> X-Envelope-To: <[log in to unmask]>
> X-Quarantine-ID: <wpL5QHLlZ4-d>
> X-Spam-Flag: YES
> X-Spam-Score: 30.818
> X-Spam-Level: ******************************
> X-Spam-Status: Yes, score=30.818 tag=2 tag2=6.31 kill=6.31
>         tests=[BAYES_99=3.5, DATE_IN_FUTURE_06_12=1.668,
>         EXTRA_MPART_TYPE=1.091, HTML_90_100=0.113, HTML_IMAGE_ONLY_08=3.126,
>         HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.948,
>         MIME_HTML_MOSTLY=1.102, RCVD_IN_XBL=3.897, URIBL_JP_SURBL=4.087,
>         URIBL_OB_SURBL=3.008, URIBL_SBL=1.639, URIBL_SC_SURBL=4.498,
>         URIBL_WS_SURBL=2.14]
> Received: from home.ellmout.net ([127.0.0.1])
>         by localhost (home.ellmout.net [127.0.0.1]) (amavisd-new, port
> 10024)
>         with ESMTP id wpL5QHLlZ4-d for <[log in to unmask]>;
>         Wed, 12 Apr 2006 10:48:03 +0200 (CEST)
> Received: from friend (unknown [219.93.x.x])
>         by home.ellmout.net (Postfix) with ESMTP id 17AE7394003
>         for <[log in to unmask]>; Wed, 12 Apr 2006 10:48:00 +0200 (CEST)
> Message-ID: <000001c65e0d$a310a280$0100007f@IP3104_XP1>
> From: "Rogert" <[log in to unmask]>
> To: <[log in to unmask]>
> Subject: We cure any desease!
> Date: Wed, 12 Apr 2006 16:46:49 +0100
> MIME-Version: 1.0
> Content-Type: multipart/related;
>         type="multipart/alternative";
>         boundary="------------ms000207000805070105030707"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> 
> This is a multi-part message in MIME format.
> 
> --------------ms000207000805070105030707
> Content-Type: multipart/alternative;
>         boundary="------------ms080700060901090400070406"
> 
> 
> --------------ms000207000805070105030707
> Content-Type: image/jpeg;
>         name="p.jpg"
> Content-Transfer-Encoding: base64
> Content-ID: <000301c634d3$5e87f4f0$aa0fa8c0@sanya>
> 
>                 Curious about the people moderating your
>                    messages? Visit our staff web site:
>                     http://freepctech.com/staff.shtml
> 

                Curious about the people moderating your
                   messages? Visit our staff web site:
                    http://freepctech.com/staff.shtml

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV