[SpamCop-List] Re: ping - Mike Easter
MikeE at ster.invalid
Thu Dec 30 18:13:37 EST 2004
> Gmail - query on a sample spam received via rr server
I can't see anything in the mail that would have me not post here.
When I was RR I never saw anything like even the only Received line.
That is to say, that is not a RR received mail, not a RR server in the
The item is /from/ a RR IP [see below] on an oddball port to some kind
of screwy noncompliant server:
Received: from cs2416211-226.houston.rr.com (18.104.22.168:4277) by
xmailserver.test with [XMail 1.20 ESMTP Server]
What is an exmailserver.test domainname supposed to be? What is it
doing smtp/ing on 4277?
What does this SC mailhost verbose mean?
Hostname verified: cs2416211-226.houston.rr.com
www.aabbco.com received mail from sending system 22.214.171.124
That doesn't make any sense to me. SC's verbose is bad enough when I'm
trying to figure out 'ordinary' parsing. When it is doing its 'mailhost
thing' sometimes it is completely baffling.
Supposedly the XMail ware will compile under multiple different kinds of
OSes, /n/x of various iterations including Solaris, Win nt/2k/xp
The only 4277 I know is vrml multiuser system, and I don't know what
that has to do with mail. I don't know of trojans with that.
The source IP itself is listed all over the place and is in sightings;
without the 4277 attached. It is also SCbl listed as a source and cbl
as a proxy/trojan. It is also listed in MyNetWatchman as smtp incidents
kibitzer, not SC admin
More information about the SpamCop-List