| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32744 | 2003-04-27 02:02:00 | Help with spammer!! | nzscratch (3161) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 139294 | 2003-04-27 02:02:00 | It seems of our domains (wavelength . co . nz) is being used for spamming? I don't know how to read email headers, so can someone look at this and help me understand what's happening please? Returned mail #1 Received: by ns1 . nameserver . net . nz (mbox wavelength) (with Cubic Circle's cucipop (v1 . 31 1998/05/13) Sun Apr 27 12:29:52 2003) X-From_: MAILER-DAEMON@ns1 . nameserver . net . nz Sun Apr 27 12:29:25 2003 Return-Path: <MAILER-DAEMON@ns1 . nameserver . net . nz> Received: from mail . netwiz . net (mail . netwiz . net [208 . 136 . 106 . 6]) by ns1 . nameserver . net . nz (8 . 11 . 6/8 . 11 . 6) with ESMTP id h3R0TNl01247 for <3px7a2hw@wavelength . co . nz>; Sun, 27 Apr 2003 12:29:23 +1200 Received: by mail . netwiz . net (Postfix) id 3B2326D17B; Sat, 26 Apr 2003 17:30:30 -0700 (PDT) Date: Sat, 26 Apr 2003 17:30:30 -0700 (PDT) From: MAILER-DAEMON@netwiz . net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: 3px7a2hw@wavelength . co . nz MIME-Version: 1 . 0 Content-Type: multipart/report; report-type=delivery-status; boundary="5091F6D1A6 . 1051403430/mail . netwiz . net" Message-Id: <20030427003030 . 3B2326D17B@mail . netwiz . net> This is a MIME-encapsulated message . --5091F6D1A6 . 1051403430/mail . netwiz . net Content-Description: Notification Content-Type: text/plain This is the Postfix program at host mail . netwiz . net . I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations . For further assistance, please send mail to <postmaster> If you do so, please include this problem report . You can delete your own text from the message returned below . The Postfix program <schult@netwiz . net>: unknown user: "schult" <sesco@netwiz . net>: unknown user: "sesco" <secker@netwiz . net>: unknown user: "secker" --5091F6D1A6 . 1051403430/mail . netwiz . net Content-Description: Delivery error report Content-Type: message/delivery-status Reporting-MTA: dns; mail . netwiz . net Arrival-Date: Sat, 26 Apr 2003 17:30:29 -0700 (PDT) Final-Recipient: rfc822; schult@netwiz . net Action: failed Status: 5 . 0 . 0 Diagnostic-Code: X-Postfix; unknown user: "schult" Final-Recipient: rfc822; sesco@netwiz . net Action: failed Status: 5 . 0 . 0 Diagnostic-Code: X-Postfix; unknown user: "sesco" Final-Recipient: rfc822; secker@netwiz . net Action: failed Status: 5 . 0 . 0 Diagnostic-Code: X-Postfix; unknown user: "secker" --5091F6D1A6 . 1051403430/mail . netwiz . net Content-Description: Undelivered Message Content-Type: message/rfc822 Received: by mail . netwiz . net (Postfix, from userid 11184) id 5091F6D1A6; Sat, 26 Apr 2003 17:30:29 -0700 (PDT) Received: from HP_E60_2 (unknown [210 . 3 . 32 . 132]) by mail . netwiz . net (Postfix) with SMTP id ECB8F6D103; Sat, 26 Apr 2003 17:30:25 -0700 (PDT) Received: from lj . lzios . org ([239 . 194 . 175 . 252]) by HP_E60_2 SMTP id DftGt5XyHMyr1d for <schult@netwiz . net>; Sat, 26 Apr 2003 20:34:17 -0500 Message-ID: <1$22z8$-6z7h$q@753v . cs . slb> From: "Dean Hanks" <3px7a2hw@wavelength . co . nz> To: schult@netwiz . net Subject: Flash And Graphics Development $25hr icvuqesycxlhzsdshg Date: Sat, 26 Apr 03 20:34:17 GMT X-Mailer: Internet Mail Service (5 . 5 . 2650 . 21) MIME-Version: 1 . 0 Content-Type: multipart/alternative; boundary="14ED4_2 . . 5 . C_" X-Priority: 1 X-MSMail-Priority: High X-Spam-Status: Yes, hits=7 . 4 required=5 . 0 tests=ADULT_SITE,DATE_IN_PAST_03_06,FORGED_MUA_IMS , FROM_HAS_MIXED_NUMS,MIME_LONG_LINE_QP,MISSING_MIME OLE, MISSING_OUTLOOK_NAME,X_PRIORITY_HIGH version=2 . 53 X-Spam-Level: ******* X-Spam-Checker-Version: SpamAssassin 2 . 53 (1 . 174 . 2 . 15-2003-03-30-exp) X-Spam-Report: This mail is probably spam . The original message has been attached along with this report, so you can recognize or block similar unwanted mail in future . See . org/tag/" target="_blank">spamassassin . org for more details . Content preview: Dear Webmaster, My name is Steve Warren, and I am the president of an internet development and marketing company . Due to the state of the economy, several of our long term contracts have defaulted and I need to rapidly generate some funds to pay my developers or lose them . If you have any web design, Flash development, PHP, CGI or database development, C, C++, JAVA, ASP work you need done; please give us the opportunity to quote you . We can program for any windows or linux environment . I will bill you just $25 per hour to offset my employee payroll . [ . . . ] Content analysis details: (7 . 40 points, 5 required) X_PRIORITY_HIGH (0 . 8 points) Sent with 'X-Priority' set to high FROM_HAS_MIXED_NUMS (0 . 3 points) From: contains numbers mixed in with letters ADULT_SITE (0 . 6 points) BODY: Possible porn - Adult Web Sites MIME_LONG_LINE_QP (0 . 5 points) RAW: Quoted-printable line longer than 76 characters DATE_IN_PAST_03_06 (0 . 4 points) Date: is 3 to 6 hours before Received: date MISSING_MIMEOLE (0 . 4 points) Message has X-MSMail-Priority, but no X-MimeOLE FORGED_MUA_IMS (4 . 2 points) Forged mail pretending to be from IMS MISSING_OUTLOOK_NAME (0 . 2 points) Message looks like Outlook, but isn't X-Spam-Flag: YES This is a multi-part message in MIME format . --14ED4_2 . . 5 . C_ Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Dear Webmaster, My name is Steve Warren, and I am the president of an internet development= and marketing company . Due to the state of the economy, several of our l= ong term contracts have defaulted and I need to rapidly generate some fund= s to pay my developers or lose them . If you have any web design, Flash de= velopment, PHP, CGI or database development, C, C++, JAVA, ASP work you ne= ed done; please give us the opportunity to quote you . We can program for = any windows or linux environment . I will bill you just $25 per hour to of= fset my employee payroll . We have the following scripts already developed and ready to install: *Access Counters *Banner Ad Rotation System *Auction Scripts *bulletin board system *realtime chat *live helper support system *support ticket system *multi-level affiliate marketing system *Shopping cart system *guestbook *classified ads *personals/dating system *survey and voting *form/order processing *topsite *weblinks *adult websites (turnkey) *membership rebilling for websites *realtime credit card processing . . . Plus too much more to list Thank You for your consideration Steve Warren CEO NetWizards 1601 NW 97th Ave, SJO3016 Miami, FL 33102 1-305-468-6390 (Leave a message with a brief description of your needs so I can have the = correct person return your call) ------------------------------------------blfn cfqwhs v daiitnxlvq njdmqfyllxonkn itvam --14ED4_2 . . 5 . C_-- --5091F6D1A6 . 1051403430/mail . netwiz . net-- Returned mail #2 Received: by ns1 . nameserver . net . nz (mbox wavelength) (with Cubic Circle's cucipop (v1 . 31 1998/05/13) Sun Apr 27 12:29:52 2003) X-From_: MAILER-DAEMON@ns1 . nameserver . net . nz Sun Apr 27 12:28:37 2003 Return-Path: <MAILER-DAEMON@ns1 . nameserver . net . nz> Received: from ashd1-2 . relay . mail . uu . net (ashd1-2 . relay . mail . uu . net [199 . 171 . 54 . 246]) by ns1 . nameserver . net . nz (8 . 11 . 6/8 . 11 . 6) with ESMTP id h3R0SVl00982 for <pm5ebgvqg@wavelength . co . nz>; Sun, 27 Apr 2003 12:28:32 +1200 Received: from localhost by mr1 . ash . ops . us . uu . net with internal (peer crosschecked as: localhost) id QQomdt11172; Sun, 27 Apr 2003 00:29:51 GMT Date: Sun, 27 Apr 2003 00:29:51 GMT From: MAILER-DAEMON@uunet . uu . net (Mail Delivery Subsystem) Subject: Returned mail: User unknown Message-Id: <QQomdt11172 . 200304270029@mr1 . ash . ops . us . uu . net> To: <pm5ebgvqg@wavelength . co . nz> MIME-Version: 1 . 0 Content-Type: multipart/report; report-type=delivery-status; boundary="QQomdt11172 . 1051403391/mr1 . ash . ops . us . uu . net" Auto-Submitted: auto-generated (failure) |
nzscratch (3161) | ||
| 139295 | 2003-04-27 03:04:00 | How to read e-mail headers (www.stopspam.org) | whiskeytangofoxtrot (438) | ||
| 139296 | 2003-04-27 03:40:00 | Hi nzscratch, These lines: Received: from lj . lzios . org ([239 . 194 . 175 . 252]) by HP_E60_2 SMTP id DftGt5XyHMyr1d for <schult@netwiz . net>; Sat, 26 Apr 2003 20:34:17 -0500 Message-ID: <1$22z8$-6z7h$q@753v . cs . slb> From: "Dean Hanks" <3px7a2hw@wavelength . co . nz> give it away . Someone borrowed your domain as their identity, and has sent email through "netwiz . net" using "Dean Hanks" <3px7a2hw@wavelength . co . nz> as the return address . As it is still illegal to dismember people over spamming issues, there is not much to be done other than send this to netwiz . net Of course it is also possible that part of the headers was also forged, and it was sent directly though lj . lzios . org Frustrated yet??? Confused??? You will know understand why some people adviise that we do NOT send spam back to the apparant source . I would send any mail coming back from that address direct to trash, and expect the bin to get well used for a week or 2 . After then it will probably be someone elses turn . . Clueless |
Clueless (181) | ||
| 1 | |||||