-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Jan 2003 09:45:40 -0000 (GMT), Mark Cooke wrote: > A friend of mine has just received about 200 spam mails (why 200, > beats me), Anyway, I have found out from the headers, who received > what and who was the initial point of injection, I want to contact the > point of injection and warn that person that their box is being used > for an open relay, without contacting their isp (and getting them in > trouble). > > The problem is looking at their IP, it seems to be a blueyonder > broadband account, I wish to somehow contact the person on that > address and advise them of this, I have their hostname and IP address. > > I tried to telnet to port 25 on that IP, yet it never received a > reply, which would seem that their smtp sever isn't open, yet they > did send the mail through their open rely sever. > > Email headers: > > Received: from mail.pcc.edu.cn ([211.65.116.10]) by > mc7-f9.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 21 > Jan 2003 10:41:13 -0800 > Received: from smtp0542.mail.yahoo.com > (pc-80-193-4-51-nm.blueyonder.co.uk [80.193.4.51])(authenticated > bits=0)by mail.pcc.edu.cn (8.12.3/8.12.3) with ESMTP id > h0LItEL9003808for<tuesday350@hotmail.com>; Wed, 22 Jan 2003 02:55:23 > +0800 > > > Spammer: smtp0542.mail.yahoo.com No, that is not the spammer. That was faked. You can submit an arbitrary sequence of characters in the greeting line when connecting to a mail server. > OpenRelay Server: pc-80-193-4-51-nm.blueyonder.co.uk [80.193.4.51] No, that is the sender address. The mail server is mail.pcc.edu.cn (211.65.116.10), Pengcheng College, Xuzhou, Jiangsu,221008, China. Forward the entire mail to <abuse@blueyonder.co.uk> - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Lnsh0iMVcrivHFQRAvsAAJ0VY2cA40tfilN4Z4IPfN71InjC9gCeMaVw jGjP8qJh4qy5lvuxu0JIAnA= =wIWA -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
