EmailDiscussions.com - View Single Post

jeronimus · 24 Oct 2004, 08:45 AM

Here is a less stripped one with mproxy.gmail.com
and wproxy.gmail.com

=== RAW SPAM MESSAGE STARTS BELOW ====

X-Gmail-Received: {LongHEX_NR}
Delivered-To: {GMAIL_ACCOUNT}+{MYDOMAIN.COM}@gmail.com
Received: by {IPnr_K} with SMTP id {SomeNumber};
Fri, 22 Oct 2004 12:05:47 -0700 (PDT)
Received: by {IPnr_L} with SMTP id {SomeNumer2};
Fri, 22 Oct 2004 12:05:47 -0700 (PDT)
Return-Path: <{Some_Email_Addres}>
Received: from omta14.mta.{MAILPROVIDER.DOM} (sitemail.{MAILPROVIDER.DOM} [{IPnr_Z}])
by mx.gmail.com with ESMTP id {SomeNumer4};
Fri, 22 Oct 2004 12:05:47 -0700 (PDT)
Received-SPF: neutral (gmail.com: {IPnr_Z} is neither permitted nor denied by domain of {Some_Email_Addres})
Received: from imta14.mta.{MAILPROVIDER.DOM} (bigip34 [{IPnr_Y}])
by omta14.mta.{MAILPROVIDER.DOM} (Postfix) with ESMTP
id {SomeID9}; Fri, 22 Oct 2004 12:05:46 -0700 (PDT)
Received: by imta14.mta.{MAILPROVIDER.DOM} (Postfix)
id {SomeID8}; Fri, 22 Oct 2004 12:05:46 -0700 (PDT)
Delivered-To: {MYDOMAIN.COM}@{OTHER_DOMAIN.COM}
Received: from pmta04.mta.{MAILPROVIDER.DOM} (bigiplb-dsnat [{IPnr_Z}])
by imta14.mta.{MAILPROVIDER.DOM} (Postfix) with ESMTP id {SomeHexNR2}
for <{MYDOMAIN.COM}@{OTHER_DOMAIN.COM}>; Fri, 22 Oct 2004 12:05:46 -0700 (PDT)
Received: from chugmail2.{ANOTHERDOMAIN1.COM} ({IPnr_W} [{IPnr_W}])
by pmta04.mta.{MAILPROVIDER.DOM} (EON-PMTA) with ESMTP id {SomeHexNr3}
for <{MYDOMAIN.COM}@{OTHER_DOMAIN.COM}>; Fri, 22 Oct 2004 12:05:46 -0700
Received: from mail.{ANOTHERDOMAIN2.COM} (mws-mail.{ANOTHERDOMAIN1.COM} [{IPnr_M}])
by chugmail2.{ANOTHERDOMAIN1.COM} (Postfix) with ESMTP id {SomeID7};
Fri, 22 Oct 2004 00:40:27 -0600 (MDT)
Received: from dsl-{XX}-{XX}-{XX}-{XX}.access.uk.tiscali.com (unknown [{XX}.{XX}.{XX}. {XX}]) by mail.{ANOTHERDOMAIN2.COM} (Postfix) with SMTP id {SomeHexNr3};
Fri, 22 Oct 2004 00:35:51 -0600 (MDT)
Received: from wproxy.gmail.com ([{IP_G}]:61893 "EHLO mproxy.gmail.com")
by avas-mx35.{SomeDomain4} with ESMTP id {SomeID_X};
Sat, 9 Oct 2004 10:36:23 -0300
Received: by mproxy.gmail.com with SMTP id {SomeIDxx}
for <xsjTasa58.{SomeDomain5}>; Sat, 09 Oct 2004 06:36:10 -0700 (PDT)
Received: by {IPnr_F} with SMTP id {SomeNr4};
Sat, 09 Oct 2004 06:36:10 -0700 (PDT)
Received: by {IPnr_Q} with HTTP; Sat, 9 Oct 2004 06:36:10 -0700 (PDT)
Date: Sat, 9 Oct 2004 06:36:10 -0700
Message-Id: <200410031475.i93FwoTw008312@www5.gmail.com>
From: "{A_NAME} " <{Some_Email_Addres}>
To: field@{MYDOMAIN.COM}, fink@{MYDOMAIN.COM}, finn@{MYDOMAIN.COM},
rusba@{MYDOMAIN.COM}, rushing@{MYDOMAIN.COM},
russell_shute@{MYDOMAIN.COM}, rutherford@{MYDOMAIN.COM},
sadler@{MYDOMAIN.COM}
Subject:
Mime-Version: 1.0
Content-Type: text/plain;

{The message}

= = END OF RAWMSG = =
I expect that the line
Received: from dsl-{XX}-{XX}-{XX}-{XX}.access.uk.tiscali.com (unknown [{XX}.{XX}.{XX}. {XX}]) by mail.{ANOTHERDOMAIN2.COM} (Postfix) with SMTP id {SOME_HEX_NR}; "
is the address of the sender or the (abused) system dsl system used to send this spam ?

{XX}.{XX}.{XX}. {XX} is a Tiscali IPnr

If {IP_G} is realy a IP number, it is from a big non internet company that normally should have noting to do with spam or email handling.

24 Oct 2004, 08:45 AM	#8
jeronimus Member Join Date: Jul 2004 Location: NL Posts: 73	Here is a less stripped one with mproxy.gmail.com and wproxy.gmail.com === RAW SPAM MESSAGE STARTS BELOW ==== X-Gmail-Received: {LongHEX_NR} Delivered-To: {GMAIL_ACCOUNT}+{MYDOMAIN.COM}@gmail.com Received: by {IPnr_K} with SMTP id {SomeNumber}; Fri, 22 Oct 2004 12:05:47 -0700 (PDT) Received: by {IPnr_L} with SMTP id {SomeNumer2}; Fri, 22 Oct 2004 12:05:47 -0700 (PDT) Return-Path: <{Some_Email_Addres}> Received: from omta14.mta.{MAILPROVIDER.DOM} (sitemail.{MAILPROVIDER.DOM} [{IPnr_Z}]) by mx.gmail.com with ESMTP id {SomeNumer4}; Fri, 22 Oct 2004 12:05:47 -0700 (PDT) Received-SPF: neutral (gmail.com: {IPnr_Z} is neither permitted nor denied by domain of {Some_Email_Addres}) Received: from imta14.mta.{MAILPROVIDER.DOM} (bigip34 [{IPnr_Y}]) by omta14.mta.{MAILPROVIDER.DOM} (Postfix) with ESMTP id {SomeID9}; Fri, 22 Oct 2004 12:05:46 -0700 (PDT) Received: by imta14.mta.{MAILPROVIDER.DOM} (Postfix) id {SomeID8}; Fri, 22 Oct 2004 12:05:46 -0700 (PDT) Delivered-To: {MYDOMAIN.COM}@{OTHER_DOMAIN.COM} Received: from pmta04.mta.{MAILPROVIDER.DOM} (bigiplb-dsnat [{IPnr_Z}]) by imta14.mta.{MAILPROVIDER.DOM} (Postfix) with ESMTP id {SomeHexNR2} for <{MYDOMAIN.COM}@{OTHER_DOMAIN.COM}>; Fri, 22 Oct 2004 12:05:46 -0700 (PDT) Received: from chugmail2.{ANOTHERDOMAIN1.COM} ({IPnr_W} [{IPnr_W}]) by pmta04.mta.{MAILPROVIDER.DOM} (EON-PMTA) with ESMTP id {SomeHexNr3} for <{MYDOMAIN.COM}@{OTHER_DOMAIN.COM}>; Fri, 22 Oct 2004 12:05:46 -0700 Received: from mail.{ANOTHERDOMAIN2.COM} (mws-mail.{ANOTHERDOMAIN1.COM} [{IPnr_M}]) by chugmail2.{ANOTHERDOMAIN1.COM} (Postfix) with ESMTP id {SomeID7}; Fri, 22 Oct 2004 00:40:27 -0600 (MDT) Received: from dsl-{XX}-{XX}-{XX}-{XX}.access.uk.tiscali.com (unknown [{XX}.{XX}.{XX}. {XX}]) by mail.{ANOTHERDOMAIN2.COM} (Postfix) with SMTP id {SomeHexNr3}; Fri, 22 Oct 2004 00:35:51 -0600 (MDT) Received: from wproxy.gmail.com ([{IP_G}]:61893 "EHLO mproxy.gmail.com") by avas-mx35.{SomeDomain4} with ESMTP id {SomeID_X}; Sat, 9 Oct 2004 10:36:23 -0300 Received: by mproxy.gmail.com with SMTP id {SomeIDxx} for <xsjTasa58.{SomeDomain5}>; Sat, 09 Oct 2004 06:36:10 -0700 (PDT) Received: by {IPnr_F} with SMTP id {SomeNr4}; Sat, 09 Oct 2004 06:36:10 -0700 (PDT) Received: by {IPnr_Q} with HTTP; Sat, 9 Oct 2004 06:36:10 -0700 (PDT) Date: Sat, 9 Oct 2004 06:36:10 -0700 Message-Id: <200410031475.i93FwoTw008312@www5.gmail.com> From: "{A_NAME} " <{Some_Email_Addres}> To: field@{MYDOMAIN.COM}, fink@{MYDOMAIN.COM}, finn@{MYDOMAIN.COM}, rusba@{MYDOMAIN.COM}, rushing@{MYDOMAIN.COM}, russell_shute@{MYDOMAIN.COM}, rutherford@{MYDOMAIN.COM}, sadler@{MYDOMAIN.COM} Subject: Mime-Version: 1.0 Content-Type: text/plain; {The message} = = END OF RAWMSG = = I expect that the line Received: from dsl-{XX}-{XX}-{XX}-{XX}.access.uk.tiscali.com (unknown [{XX}.{XX}.{XX}. {XX}]) by mail.{ANOTHERDOMAIN2.COM} (Postfix) with SMTP id {SOME_HEX_NR}; " is the address of the sender or the (abused) system dsl system used to send this spam ? {XX}.{XX}.{XX}. {XX} is a Tiscali IPnr If {IP_G} is realy a IP number, it is from a big non internet company that normally should have noting to do with spam or email handling.