[exim] Advise about spam notification - advanced spam

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Odhiambo G. Washington
Data:  
Para: exim-users
Asunto: [exim] Advise about spam notification - advanced spam

Hello Senior Mail Admins,

(Hi Suresh ;))

This is for the hawk-eyed mail admins.

I am confused by a certain notification I received about one of the
hosts I am responsible for being "abused" by spammers.
The reasons for my disbelief are:

(1) the fact the host in question is literally 'closed' for the
    outside world. Only two hosts from my network can communicate
    directly with this host on port 25.
(2) The host IP has a registered PTR RR and so I also don't see
    how the name can come up as "unknown".


I am wondering how the spammer, if any, managed this. Are there
new tricks out there by spammers that can subvert even hosts that
cannot be accessed from the Internet, like 62.8.70.75??


Thanking you in advance for your time.


Below are the full details of the notification I received:



<CUT>

------ Forwarded Message
From: <Abuse@???>
Date: Sun, 24 Oct 2004 13:30:57 +0200
To: <abuse@???>
Cc: abuse <wolabusesent@???>
Subject: Spam from your Network



Hi. The spammer below is either using your resources to send out
unsolicited commercial e-mail ("spam") or collect responses from such
spam campaigns, or is deceptively trying to make it look like he is while
using one of our clients E-mail address's. In either case, a legitimate
company like yours probably would not approve. The information below
should be all you need.

This notification is addressed, amongst others, to the abuse contacts
of any mail servers through which the spam appears to have passed on its
way here, any webservers advertised in the spam and, where appropriate,
the ARIN (or equivalent) listed owners of the netblocks in which the
offending mail and web servers reside. Where the spammer has included a
reply-to address that domain will be included too, EVEN IF THE MAIL DID
NOT ORIGINATE THERE. Reputable companies will bar spammers from both
sending and receiving e-mail through their networks.




Regards,

Tiscali Abuse Team

tiscali.
INTERNET WITH A PASSION
A Division of Tiscali (Pty) Ltd.
42 Wierda Road West, Wierda Valley, Sandton
Office  : +27 860 00 1177
Fax     : +27 11 507 5253
E-Mail : abuse@??? <mailto:abuse@tiscali.co.za>
http://www.tiscali.co.za <http://www.tiscali.co.za>




Return-Path: <postbox@???>
Received: from smtp-7.worldonline.co.za ([192.168.128.77]) by
          istore-3.worldonline.co.za (Netscape Messaging Server 4.15) with
          ESMTP id I5ZWJ500.JQI for <pfcolin@???>; Fri, 22 Oct
          2004 18:59:29 +0200
Received: from mxvwall-02.tiscali.co.za ([127.0.0.1]) by
          smtp-7.worldonline.co.za (Netscape Messaging Server 4.15) with
          ESMTP id I5ZWJ401.E14 for <pfcolin@???>; Fri, 22 Oct
          2004 18:59:28 +0200
Received: from 62.8.70.75 (unknown [62.8.70.75])
 by mxvwall-02.tiscali.co.za (Postfix) with SMTP id 6F488201CC4
 for <pfcolin@???>; Fri, 22 Oct 2004 18:59:20 +0200 (SAST)
Message-ID: <000f01c4b918$fc17ce88$c8bf1b7f@fsbnyft>
Reply-To: "=?windows-1251?B?Y2xldmVyIGxhZHkg?=" <pestova@???>
From: "=?windows-1251?B?Y2xldmVyIGxhZHkg?=" <postbox@???>
To: <pfcolin@???>
Subject: =?windows-1251?B?Zm9yIHlvdQ==?=
Date: Fri, 22 Oct 2004 22:57:47 -0500
MIME-Version: 1.0
Content-Type: text/html;
 charset="windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081


</CUT>



        cheers
       - wash 
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"  
                         --from a /. post