Can anyone trace this?

Discussion in 'Computer Support' started by chris, Oct 14, 2005.

  1. chris

    chris Guest

    Return-path: <>
    Envelope-to:
    Delivery-date: Fri, 14 Oct 2005 10:08:10 +0100
    Received: from ark.sin1.netline.net.uk ([213.40.2.11])
    by barrel.sin.netline.net.uk with esmtp (Exim 4.50)
    id 1EQLXt-0005ZI-B0; Fri, 14 Oct 2005 10:08:09 +0100
    Received: from 217-162-86-145.dclient.hispeed.ch ([217.162.86.145])
    by ark.sin1.netline.net.uk with smtp (Exim 4.50)
    id 1EQLXR-0004zh-PL; Fri, 14 Oct 2005 10:08:09 +0100
    FCC: mailbox:///Sent
    X-Identity-Key: id1
    Date: Fri, 14 Oct 2005 15:00:25 +0500
    From: Leigh Samuel <>
    X-Accept-Language: en-us, en
    MIME-Version: 1.0
    To:
    Subject: re[20]
    Content-Type: multipart/related;
    boundary="------------010801060904090403060003"
    X-Company: This passed through a supanet.com sin1.mail server

    It resolves as arin whois.
    Isthere another clue to follow?
     
    chris, Oct 14, 2005
    #1
    1. Advertisements

  2. chris

    Yddap Guest

    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    % Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '217.162.86.0 - 217.162.86.255'

    inetnum: 217.162.86.0 - 217.162.86.255
    netname: CABLECOMMAIN-NET
    descr: Cablecom GmbH
    descr: DHCP Scopes
    descr: Zuerich
    country: CH
    remarks: *************************************************
    remarks: For spam/abuse, please contact
    remarks: E-mails to the persons below will be IGNORED!!
    remarks: *************************************************
    remarks: INFRA-AW
    admin-c: WM5132-RIPE
    tech-c: CAN6-RIPE
    status: ASSIGNED PA
    mnt-by: AS8404-MNT
    source: RIPE # Filtered

    role: cablecom GmbH NOC
    address: Foerrlibuckstrasse 181
    address: CH-8005 Zurich
    address: Switzerland
    remarks: ******************************************************
    remarks: For spam/abuse, please contact
    remarks: E-mails to the persons below will be IGNORED!!
    remarks: ******************************************************
    e-mail:
    admin-c: WM5132-RIPE
    admin-c: CL1831-RIPE
    tech-c: MA9163-RIPE
    tech-c: FG178-RIPE
    tech-c: AR1871-RIPE
    nic-hdl: CAN6-RIPE
    mnt-by: AS8404-MNT
    source: RIPE # Filtered

    person: Wilson Mehringer
    address: Cablecom GmbH
    address: Foerrlibuckstrasse 181
    address: CH-8005 Zurich
    address: Switzerland
    phone: +41 1 277 90 72
    remarks: ***************************************************
    remarks: For Spam/Abuse, please contact
    remarks: E-mails to the persons below will be IGNORED!!
    remarks: ***************************************************
    e-mail:
    nic-hdl: WM5132-RIPE
    mnt-by: AS8404-MNT
    source: RIPE # Filtered

    % Information related to '217.162.0.0/17AS8404'

    route: 217.162.0.0/17
    descr: Cablecom GmbH
    descr: Zollstrasse42
    descr: CH-8021 Zuerich
    descr: SWITZERLAND
    origin: AS8404
    remarks: Lower IP-Range
    remarks: ***************************************************
    remarks: For Spam/Abuse, please contact
    remarks: E-mails to the persons below will be IGNORED!!
    remarks: ***************************************************
    mnt-by: AS8404-MNT
    source: RIPE # Filtered
     
    Yddap, Oct 14, 2005
    #2
    1. Advertisements

  3. chris

    chris Guest

    Thanks, how did you do that?
    Spade doesnt get that far for me.
     
    chris, Oct 14, 2005
    #3
  4. chris

    samuel Guest

    try diff whois like
    http://www.dnsstuff.com/
     
    samuel, Oct 14, 2005
    #4
  5. chris wrote in 24hoursupport.helpdesk:

    Use the proper whois server.
     
    The Old Sourdough, Oct 14, 2005
    #5
  6. chris

    Mike Easter Guest

    217.162.86.145 rDNS 217-162-86-145.dclient.hispeed.ch of Cablecom notify
    is spamcop blocklisted^0 for hitting spamtraps.
    The resolving part is the rDNS. The arin whois shows you that you
    should use whois ripe.
    Are you using samspade online^1 tools or dnsstuff^2 online tools or
    samspade for win^3 console tools?

    ^0 http://www.spamcop.net/w3m?action=blcheck&ip=217.162.86.145
    ^1 http://samspade.org
    ^2 http://www.dnsstuff.com/
    ^3 http://samspade.org/ssw/
     
    Mike Easter, Oct 14, 2005
    #6
  7. chris

    Mike Easter Guest

    chris wrote:
    X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    Since you are win, I recommend the SamSpade for Win console and for
    online tools to use dnsstuff. That means you will need to learn to use
    the console effectively as well as the numerous tools at dnsstuff.

    I just tested SSonline on this one and all it did was rDNS the IP and
    'show me' that it should be ripe whois, but it didn't get the ripe whois
    information.

    SS online is sometimes impeded by lots of people using it and causing
    the RIR regional internet registrars to inhibit their output to all of
    those queries from SS's IP..
     
    Mike Easter, Oct 14, 2005
    #7
  8. chris

    Mike Easter Guest

    The other tool you can use is the spamcop parsing tool. You have to
    register to use it, but you can learn a lot about parsing headers and
    deriving notifies from observing its parsing in verbose mode, and if you
    configure it for your mailhost, it is highly unlikely to make any
    mistakes. http://www.spamcop.net/anonsignup.shtml

    It isn't necessary to actually report your spam to use the parser. You
    can cancel the reports.

    Here's the result of the parse of the headers you posted
    http://www.spamcop.net/sc?id=z815617083za06f41eac34781f73ce4eaa1011bc1a5z
     
    Mike Easter, Oct 14, 2005
    #8
  9. chris

    chris Guest

    Thanks Mike , the parsing tool looks very useful.
     
    chris, Oct 14, 2005
    #9
  10. chris

    Mike Easter Guest

    Next we're going to have to teach you how to trim and contextualize so
    that your message makes a conversation. It should look like this:

    ------------
    Thanks Mike , the parsing tool looks very useful.
    ------------


    The way you did yours by putting your isolated sentence up there in the
    'sky' talking to nothing and pushing down all of the 'junk' which you
    weren't addressing below your words doesn't lend itself to a meaningful
    ongoing conversational exchange.

    It also doesn't put what words or phrases you are replying to directly
    in front of your eyes as you are typing your reply, so it leads to a
    much higher likelihood that your reply to something won't be 'right on
    the money' and exactly or precisely responsive. It can also cause there
    to be 'fuzziness' about /exactly/ what part of the preceding
    conversation you are addressing.

    Trimming and contextualizing newsgroup replies is essential. Here's a
    good link about it http://members.fortunecity.com/nnqweb/nquote.html
    Quoting Style in Newsgroup Postings
     
    Mike Easter, Oct 14, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.