It could be a case of forged headers. I've had that on one of my accounts. Mail bounced back to me that a spammer sent, but it didn't come from that account. Mark On Wed, 22 Jan 2003, Mark Cooke wrote: > Hi, > > A friend of mine has just received about 200 spam mails (why 200, beats me), > Anyway, I have found out from the headers, who received what and who was > the initial point of injection, I want to contact the point of injection > and warn that person that their box is being used for an open relay, > without contacting their isp (and getting them in trouble). > > The problem is looking at their IP, it seems to be a blueyonder broadband > account, I wish to somehow contact the person on that address and advise > them of this, I have their hostname and IP address. > > I tried to telnet to port 25 on that IP, yet it never received a reply, > which would seem that their smtp sever isn't open, yet they did send the > mail through their open rely sever. > > Email headers: > > Received: from mail.pcc.edu.cn ([211.65.116.10]) by > mc7-f9.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 21 Jan > 2003 10:41:13 -0800 > Received: from smtp0542.mail.yahoo.com > (pc-80-193-4-51-nm.blueyonder.co.uk [80.193.4.51])(authenticated bits=0)by > mail.pcc.edu.cn (8.12.3/8.12.3) with ESMTP id h0LItEL9003808for > <tuesday350@hotmail.com>; Wed, 22 Jan 2003 02:55:23 +0800 > > > Spammer: smtp0542.mail.yahoo.com > OpenRelay Server: pc-80-193-4-51-nm.blueyonder.co.uk [80.193.4.51] > > > Any advise is greaty received. > > Cheers > > Mark > -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
