Spam

Discussion in 'Computer Security' started by new guy, Jul 10, 2006.

  1. new guy

    new guy Guest

    Here is the source of the messages I receive. Can anyone please help? Pretty
    please?

    Return-path: <>
    Received: from pd7mr3no.prod.shaw.ca
    (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
    with ESMTP id <0J2600BNFFMEVU00@l-daemon> for ; Mon,
    10 Jul 2006 01:32:38 -0600 (MDT)
    Received: from pd6mi2no.prod.shaw.ca ([10.0.149.175])
    by pd7mr3no.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built
    Mar
    15 2004)) with ESMTP id <> for
    (ORCPT ); Mon,
    10 Jul 2006 01:32:38 -0600 (MDT)
    Received: from dsl-42-71.utaonline.at ([81.189.42.71])
    by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
    with SMTP id <0J26005ADFJSW5D0@l-daemon> for ; Mon,
    10 Jul 2006 01:32:37 -0600 (MDT)
    Received: from mzp.ugixx ([81.189.134.28]) by dsl-42-71.utaonline.at
    (8.13.4/8.13.4) with SMTP id k6A7ZOWV074674; Mon, 10 Jul 2006 09:35:24
    +0200
    Date: Mon, 10 Jul 2006 09:26:43 +0200
    From: Brandon Reid <>
    Subject: colonialism trawl
    To:
    Message-id: <000b01c6a3f3$2c248983$>
    MIME-version: 1.0
    X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    X-Mailer: Microsoft Outlook Express 6.00.2800.1106
    Content-type: multipart/related; type="multipart/alternative";
    boundary="----=_NextPart_000_0007_01C6A403.EFAD5917"
    X-Priority: 3
    X-MSMail-priority: Normal
    Original-recipient: rfc822;
    new guy, Jul 10, 2006
    #1
    1. Advertising

  2. new guy wrote:
    > Here is the source of the messages I receive. Can anyone please help?


    Helping with what?

    > Pretty please?


    No, you're not.
    Sebastian Gottschalk, Jul 10, 2006
    #2
    1. Advertising

  3. new guy

    new guy Guest

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > new guy wrote:
    >> Here is the source of the messages I receive. Can anyone please help?

    >
    > Helping with what?


    Blocking the servers where the spam comes from.

    >
    >> Pretty please?

    >
    > No, you're not.


    What do you mean?

    Oh well, I am tired of this ...

    I will see what my ISP can do about it ...
    new guy, Jul 10, 2006
    #3
  4. new guy wrote:

    > Blocking the servers where the spam comes from.


    So you want to block your very own mail provider?

    > I will see what my ISP can do about it ...


    Eh... nothing?
    Sebastian Gottschalk, Jul 10, 2006
    #4
  5. new guy

    new guy Guest

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > new guy wrote:
    >
    >> Blocking the servers where the spam comes from.

    >
    > So you want to block your very own mail provider?


    Yeah, yeah, very funny ...
    I meant the servers that are the source of the spam ....

    >
    >> I will see what my ISP can do about it ...

    >
    > Eh... nothing?
    new guy, Jul 10, 2006
    #5
  6. new guy wrote:
    >>> Blocking the servers where the spam comes from.

    >> So you want to block your very own mail provider?

    >
    > Yeah, yeah, very funny ...
    > I meant the servers that are the source of the spam ....


    OK, then, I'll present you all implicitly reliable information that are
    not under the choice of the spammer:

    | Received: from pd7mr3no.prod.shaw.ca
    | (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    | (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
    | with ESMTP id <0J2600BNFFMEVU00@l-daemon> for ; Mon,
    | 10 Jul 2006 01:32:38 -0600 (MDT)
    | Date: Mon, 10 Jul 2006 09:26:43 +0200
    | To:

    The same holds for any legitimate mail.


    So, now for the questions if you still don't get the obvious:
    - Where is the real server?
    - If you ever find it (means: none of the other information are faked),
    is it a spammer's machine or just one of literally thousands of
    hijacked computers? What do you achieve with shutting down only one such
    machine?
    - Do you try to shutdown every possible source of the 50+ spam mails you
    receive per day?

    Dude, get a serious spam filter like any other clever guy does.
    Sebastian Gottschalk, Jul 10, 2006
    #6
  7. new guy

    optikl Guest

    Sebastian Gottschalk wrote:

    >
    > Dude, get a serious spam filter like any other clever guy does.


    Try Mailwasher Pro.
    optikl, Jul 11, 2006
    #7
  8. new guy

    new guy Guest

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > new guy wrote:
    >>>> Blocking the servers where the spam comes from.
    >>> So you want to block your very own mail provider?

    >>
    >> Yeah, yeah, very funny ...
    >> I meant the servers that are the source of the spam ....

    >
    > OK, then, I'll present you all implicitly reliable information that are
    > not under the choice of the spammer:
    >
    > | Received: from pd7mr3no.prod.shaw.ca
    > | (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    > | (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
    > | with ESMTP id <0J2600BNFFMEVU00@l-daemon> for ; Mon,
    > | 10 Jul 2006 01:32:38 -0600 (MDT)
    > | Date: Mon, 10 Jul 2006 09:26:43 +0200
    > | To:
    >
    > The same holds for any legitimate mail.
    >
    >
    > So, now for the questions if you still don't get the obvious:
    > - Where is the real server?


    > - If you ever find it (means: none of the other information are faked),
    > is it a spammer's machine or just one of literally thousands of
    > hijacked computers?


    prod, ESMTP, "pd7mr3no-qfe3.prod.shaw.ca", it's a spoof, right?


    What do you achieve with shutting down only one such
    > machine?
    > - Do you try to shutdown every possible source of the 50+ spam mails you
    > receive per day?


    Actually, I receive 1 or 2 spams a day, no more than that, and it looks like
    it always comes from the same source.
    >
    > Dude, get a serious spam filter like any other clever guy does.


    I will try that. Thanks for your help!
    new guy, Jul 11, 2006
    #8
  9. optikl wrote:
    > Sebastian Gottschalk wrote:
    >
    >>
    >> Dude, get a serious spam filter like any other clever guy does.

    >
    > Try Mailwasher Pro.


    Why? Spam filtering should happen at the mail provider and at the eMail
    client, and every modern client already has a good Bayesian filter
    implemented (and only differences between processing efficiency exist).

    Even further, a local proxy wouldn't work at all, due to the usage of
    SSL and TSL. Except it breaks the connection intentionally, but then
    there's a big question how good it handles SSL/TSL certificate checking.
    And still would be pretty unusable, as one couldn't easily move mails
    between the proxy's mail store and the mail client's store.
    Sebastian Gottschalk, Jul 11, 2006
    #9
  10. new guy wrote:

    >> - If you ever find it (means: none of the other information are faked),
    >> is it a spammer's machine or just one of literally thousands of
    >> hijacked computers?

    >
    > prod, ESMTP, "pd7mr3no-qfe3.prod.shaw.ca", it's a spoof, right?


    No, this is the last server that Received the mail. I guess within the
    prod.shaw.ca there's also some level of authentication, but the
    utaonline.at part is potentially faked.

    > Actually, I receive 1 or 2 spams a day, no more than that, and it looks like
    > it always comes from the same source.


    Hm... you haven't been online for a long time, have you? Well, OK,
    you're a dirty address-faking bastard that slipped through my filter,
    but every sufficient usage of an email address, as intended my the means
    of communication media like eMail, usually leads to a less moderate
    level of spam.
    Sebastian Gottschalk, Jul 11, 2006
    #10
  11. new guy

    Poster 60 Guest

    new guy wrote:
    > Here is the source of the messages I receive. Can anyone please help? Pretty
    > please?



    Send a complaint with your info below to:

    If you don't include the info below your complaint will be disregarded.


    >
    > Return-path: <>
    > Received: from pd7mr3no.prod.shaw.ca
    > (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    > (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
    > with ESMTP id <0J2600BNFFMEVU00@l-daemon> for ; Mon,
    > 10 Jul 2006 01:32:38 -0600 (MDT)
    > Received: from pd6mi2no.prod.shaw.ca ([10.0.149.175])
    > by pd7mr3no.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built
    > Mar
    > 15 2004)) with ESMTP id <> for
    > (ORCPT ); Mon,
    > 10 Jul 2006 01:32:38 -0600 (MDT)
    > Received: from dsl-42-71.utaonline.at ([81.189.42.71])
    > by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
    > with SMTP id <0J26005ADFJSW5D0@l-daemon> for ; Mon,
    > 10 Jul 2006 01:32:37 -0600 (MDT)
    > Received: from mzp.ugixx ([81.189.134.28]) by dsl-42-71.utaonline.at
    > (8.13.4/8.13.4) with SMTP id k6A7ZOWV074674; Mon, 10 Jul 2006 09:35:24
    > +0200
    > Date: Mon, 10 Jul 2006 09:26:43 +0200
    > From: Brandon Reid <>
    > Subject: colonialism trawl
    > To:
    > Message-id: <000b01c6a3f3$2c248983$>
    > MIME-version: 1.0
    > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    > X-Mailer: Microsoft Outlook Express 6.00.2800.1106
    > Content-type: multipart/related; type="multipart/alternative";
    > boundary="----=_NextPart_000_0007_01C6A403.EFAD5917"
    > X-Priority: 3
    > X-MSMail-priority: Normal
    > Original-recipient: rfc822;
    >
    >
    Poster 60, Jul 11, 2006
    #11
  12. new guy

    Truncat Guest

    You can find the source of Spam in Spamcop too:

    http://www.spamcop.net

    And if the spam is less than 24hrs old you can report it there, otherwise
    it is assumed that it's been already reported.
    Truncat, Jul 11, 2006
    #12
  13. new guy

    new guy Guest

    "Truncat" <> wrote in message
    news:eek:p.tch4h5ve5ngpqe@yourmum...
    > You can find the source of Spam in Spamcop too:
    >
    > http://www.spamcop.net
    >
    > And if the spam is less than 24hrs old you can report it there, otherwise
    > it is assumed that it's been already reported.


    Thanks!
    new guy, Jul 11, 2006
    #13
  14. new guy

    new guy Guest

    "Poster 60" <> wrote in message
    news:...
    >
    >
    > new guy wrote:
    >> Here is the source of the messages I receive. Can anyone please help?
    >> Pretty please?

    >
    >
    > Send a complaint with your info below to:



    Thanks, however there is a DNS error for 81.189.42.71 and 81.189.134.28;
    there is no such a domain as utaonline.at or uta.at
    It looks like it's coming from astralnet.ro via aorta.net 213.46.x.x. but
    the destination protocol is unreachable... well, some of you guys here can
    go further than that ....

    new guy :)


    >
    > If you don't include the info below your complaint will be disregarded.
    >
    >
    >>
    >> Return-path: <>
    >> Received: from pd7mr3no.prod.shaw.ca
    >> (pd7mr3no-qfe3.prod.shaw.ca [10.0.144.130]) by l-daemon
    >> (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
    >> with ESMTP id <0J2600BNFFMEVU00@l-daemon> for ; Mon,
    >> 10 Jul 2006 01:32:38 -0600 (MDT)
    >> Received: from pd6mi2no.prod.shaw.ca ([10.0.149.175])
    >> by pd7mr3no.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01
    >> (built Mar
    >> 15 2004)) with ESMTP id <> for
    >> (ORCPT ); Mon,
    >> 10 Jul 2006 01:32:38 -0600 (MDT)
    >> Received: from dsl-42-71.utaonline.at ([81.189.42.71])
    >> by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
    >> 2004))
    >> with SMTP id <0J26005ADFJSW5D0@l-daemon> for ; Mon,
    >> 10 Jul 2006 01:32:37 -0600 (MDT)
    >> Received: from mzp.ugixx ([81.189.134.28]) by dsl-42-71.utaonline.at
    >> (8.13.4/8.13.4) with SMTP id k6A7ZOWV074674; Mon, 10 Jul 2006 09:35:24
    >> +0200
    >> Date: Mon, 10 Jul 2006 09:26:43 +0200
    >> From: Brandon Reid <>
    >> Subject: colonialism trawl
    >> To:
    >> Message-id: <000b01c6a3f3$2c248983$>
    >> MIME-version: 1.0
    >> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
    >> Content-type: multipart/related; type="multipart/alternative";
    >> boundary="----=_NextPart_000_0007_01C6A403.EFAD5917"
    >> X-Priority: 3
    >> X-MSMail-priority: Normal
    >> Original-recipient: rfc822;

    >
    new guy, Jul 11, 2006
    #14
  15. new guy

    Poster 60 Guest

    new guy wrote:
    > "Poster 60" <> wrote in message
    > news:...
    >
    >>
    >>new guy wrote:
    >>
    >>>Here is the source of the messages I receive. Can anyone please help?
    >>>Pretty please?

    >>
    >>
    >>Send a complaint with your info below to:

    >
    >
    >
    > Thanks, however there is a DNS error for 81.189.42.71 and 81.189.134.28;
    > there is no such a domain as utaonline.at or uta.at
    > It looks like it's coming from astralnet.ro via aorta.net 213.46.x.x. but
    > the destination protocol is unreachable... well, some of you guys here can
    > go further than that ....
    >
    > new guy :)



    Go here and type in 81.189.42.71 http://www.ripe.net - This is one of
    the five IP databases for looking up IP's.

    The databases can all be found here: http://www.iana.org
    Poster 60, Jul 12, 2006
    #15
  16. new guy

    new guy Guest

    "Poster 60" <> wrote in message
    news:...
    >
    >
    > new guy wrote:
    >> "Poster 60" <> wrote in message
    >> news:...
    >>
    >>>
    >>>new guy wrote:
    >>>
    >>>>Here is the source of the messages I receive. Can anyone please help?
    >>>>Pretty please?
    >>>
    >>>
    >>>Send a complaint with your info below to:

    >>
    >>
    >>
    >> Thanks, however there is a DNS error for 81.189.42.71 and 81.189.134.28;
    >> there is no such a domain as utaonline.at or uta.at
    >> It looks like it's coming from astralnet.ro via aorta.net 213.46.x.x. but
    >> the destination protocol is unreachable... well, some of you guys here
    >> can go further than that ....
    >>
    >> new guy :)

    >
    >
    > Go here and type in 81.189.42.71 http://www.ripe.net - This is one of
    > the five IP databases for looking up IP's.
    >
    > The databases can all be found here: http://www.iana.org



    Thanks a lot!

    new guy :)
    new guy, Jul 12, 2006
    #16
  17. new guy

    optikl Guest

    Sebastian Gottschalk wrote:
    > optikl wrote:
    >> Sebastian Gottschalk wrote:
    >>
    >>> Dude, get a serious spam filter like any other clever guy does.

    >> Try Mailwasher Pro.

    >
    > Why? Spam filtering should happen at the mail provider and at the eMail
    > client, and every modern client already has a good Bayesian filter
    > implemented (and only differences between processing efficiency exist).
    >

    I'm not sure I agree with your "should". Yes, you can "filter" with an
    email client. Mailwasher actually does a bit more. But, hey, use what
    you like.
    optikl, Jul 12, 2006
    #17
  18. optikl wrote:
    > Sebastian Gottschalk wrote:
    >> optikl wrote:
    >>> Sebastian Gottschalk wrote:
    >>>
    >>>> Dude, get a serious spam filter like any other clever guy does.
    >>> Try Mailwasher Pro.

    >>
    >> Why? Spam filtering should happen at the mail provider and at the eMail
    >> client, and every modern client already has a good Bayesian filter
    >> implemented (and only differences between processing efficiency exist).
    >>

    > I'm not sure I agree with your "should". Yes, you can "filter" with an
    > email client. Mailwasher actually does a bit more.


    Mailwasher doesn't do anything because I'm using POP3-SSL and SMTP-TLS.
    Sebastian Gottschalk, Jul 12, 2006
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stefano
    Replies:
    5
    Views:
    4,403
    Moz Champion
    Feb 9, 2005
  2. SW Monkey
    Replies:
    12
    Views:
    2,038
  3. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    587
    Hywel
    Apr 12, 2004
  4. nota chance

    in the valley of spam stupidity on spam removing

    nota chance, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    535
    Blinky the Shark
    Aug 8, 2004
  5. Clwddncr
    Replies:
    6
    Views:
    687
    Dave - Dave.net.nz
    Feb 7, 2005
Loading...

Share This Page