[SpamCop-List] Re: Old E-Mail???
MikeE at ster.invalid
Thu Dec 8 14:20:08 EST 2005
Robert Williams wrote:
> This should give you some idea of what my headers normally look like.
Okey dokey thanks.
Oh, I see. You don't have anything to do with cleartel. I
misinterpreted something that SC said in the verbose^1 and tho't it
cleartel had something to do with you. It isn't the first time I have
misunderstood something SC sez about a mailhost.
^1 "Hostname verified: mail.cleartel.net"
In that case, I will revise my earlier abbreviated headers of the item
this all started wtih.
Abbreviated Received lines *comment
from mail.cleartel.net ([188.8.131.52]) by
server1.DANJONENGINEERING.LOCAL *sourceline vs relay output
from [184.108.40.206] (helo=mail.4-serv.com) by mail.cleartel.net
*timestamp 17d, bogushelo, ?bogusline vs sourceIP
from 4technology.net ([220.127.116.11]) by mwcp.4technology.net
>From a human parser's point of view, the notified source would be
albany.net for cleartel in any case, it is just a matter of whether you
want to say the source IP is the cleartel output server or a userIP
The server IP is also listed in PSBL, which gives evidence which looks
like your spamitem, ie the same IP 'behind' the server and the same
'modus' of a bogus helo in that line.
I personally think the problem is an insecurity between 18.104.22.168 &
its server -- that the spam may be being injected at .49 and going out
thru' the server 'belatedly' [getting stuck there] and getting the
The other possibility is that the server is insecure and the timestamp
problem line is bogus. It is worse for the server to be listed than the
user IP, because the server is the #1 output server for the cleartel.
kibitzer, not SC admin
More information about the SpamCop-List