[SpamCop-List] Re: ping - Mike Easter

[Mike Easter]

WazoO wrote:
> Gmail - query on a sample spam received via rr server

I can't see anything in the mail that would have me not post here.

spamcop.net/sc?id=z707855236z40adc0865406f78715bd26589d1233caz

When I was RR I never saw anything like even the only Received line.
That is to say, that is not a RR received mail, not a RR server in the
'by'.

The item is /from/ a RR IP [see below] on an oddball port to some kind
of screwy noncompliant server:

Received: from cs2416211-226.houston.rr.com (24.162.11.226:4277)  by
xmailserver.test with [XMail 1.20 ESMTP Server]

What is an exmailserver.test domainname supposed to be?  What is it
doing smtp/ing on 4277?

What does this SC mailhost verbose mean?

Hostname verified: cs2416211-226.houston.rr.com
www.aabbco.com received mail from sending system 24.162.11.226

That doesn't make any sense to me.  SC's verbose is bad enough when I'm
trying to figure out 'ordinary' parsing.  When it is doing its 'mailhost
thing' sometimes it is completely baffling.

Supposedly the XMail ware will compile under multiple different kinds of
OSes, /n/x of various iterations including Solaris, Win nt/2k/xp

The only 4277 I know is vrml multiuser system, and I don't know what
that has to do with mail.  I don't know of trojans with that.

The source IP itself is listed all over the place and is in sightings;
without the 4277 attached.  It is also SCbl listed as a source and cbl
as a proxy/trojan.  It is also listed in MyNetWatchman as smtp incidents

-- 
Mike Easter
kibitzer, not SC admin