your account splsahka

Harold van Oostrom pedge at lanceerplaats.nl
Fri Aug 1 14:37:00 CDT 2003


Yeah. 

~$ whois NET-207-30-27-0-1 -h whois.arin.net

CustName:   Seagate Software
Address:    920 Disc Drive
City:       Scotts Valley
StateProv:  CA
PostalCode: 95067-0360
Country:    US
RegDate:    1996-04-30
Updated:    1999-05-25

NetRange:   207.30.27.0 - 207.30.27.255 
CIDR:       207.30.27.0/24 
NetName:    SEAGATE5
NetHandle:  NET-207-30-27-0-1
Parent:     NET-207-30-0-0-1
NetType:    Reassigned
Comment:    
RegDate:    1996-04-30
Updated:    1999-05-25

TechHandle: SAN6-ORG-ARIN
TechName:   Sprint Advanced Network Services 
TechPhone:  +1-407-741-0500
TechEmail:  dns-admin at utelfla.com 

OrgAbuseHandle: ROLEA5-ARIN
OrgAbuseName:   Role Account 
OrgAbusePhone:  +1-800-603-8044
OrgAbuseEmail:  abuse at sprintnetops.net

OrgTechHandle: SAN6-ORG-ARIN
OrgTechName:   Sprint Advanced Network Services 
OrgTechPhone:  +1-407-741-0500
OrgTechEmail:  dns-admin at utelfla.com


http://spamcop.net/ will tell you this too.

|Received:  from localhost (london-bridge.east.veritas.com [207.30.27.2])
|by smtp20.us.dell.com (8.12.9/8.12.7) with SMTP id h71HLt4h023141 for
|<Linux-PowerEdge at dell.com>; Fri, 1 Aug 2003 12:22:05 -0500
|host 143.166.148.129 (getting name) = smtp20.us.dell.com.
|host smtp20.us.dell.com (checking ip) = 143.166.148.129
|143.166.148.129 not listed in dnsbl.njabl.org
|143.166.148.129 not listed in proxies.blackholes.easynet.nl
|143.166.148.129 not listed in dnsbl.sorbs.net
|143.166.148.129 is not an MX for smtp20.us.dell.com
|143.166.148.129 is not an MX for lists.us.dell.com
|143.166.148.129 not listed in dnsbl.njabl.org
|Possible spammer: 207.30.27.2
|ips are close enough
|207.30.27.2 is close to an MX (207.30.27.35) for east.veritas.com
|207.30.27.2 is mx
|host smtp20.us.dell.com (checking ip) = 143.166.148.129
|143.166.148.129 not listed in dnsbl.njabl.org
|143.166.148.129 not listed in proxies.blackholes.easynet.nl
|143.166.148.129 not listed in dnsbl.sorbs.net
|   Chain test:smtp20.us.dell.com =? smtp20.us.dell.com
|   smtp20.us.dell.com and smtp20.us.dell.com have same hostname - chain
|verified
|Possible relay: 143.166.148.129
|Received line accepted
|
|Tracking message source: 207.30.27.2:
|Routing details for 207.30.27.2
|[refresh/show] Cached whois for 207.30.27.2 : abuse at sprintnetops.net
|Using abuse net on abuse at sprintnetops.net
|abuse net sprintnetops.net = postmaster at sprintnetops.net,
|abuse at sprintnetops.net
|Using best contacts postmaster at sprintnetops.net abuse at sprintnetops.net
|Yum, this spam is fresh!
|207.30.27.2 not listed in dnsbl.njabl.org
|207.30.27.2 not listed in dnsbl.njabl.org
|207.30.27.2 not listed in proxies.blackholes.easynet.nl
|207.30.27.2 not listed in dnsbl.sorbs.net
|207.30.27.2 not listed in relays.ordb.org.
|207.30.27.2 not listed in query.bondedsender.org
|
|Possible open relay: 143.166.148.129
|Yum, this spam is fresh!
|143.166.148.129 not listed in relays.ordb.org.
|
|Would send message source reports to:
|
|Re:143.166.148.129 (Automated open-relay testing system(s))
|Internal spamcop handling: (relays)
|
|Re:207.30.27.2 (Administrator of network where email originates)
|
|abuse at sprintnetops.net
|postmaster at sprintnetops.net
|
|Re:207.30.27.2 (Third party interested in email source)
|
|spamcop at imaphost.com



On Fri, Aug 01, 2003 at 03:01:02PM -0400, Ryan Go wrote:
> 
> Well some part of the headers indicate it was from dell. But mostly
> because it was sent to the mailing list.
> 
> If you look closely at the first header, it would tell you that it came
> from somewhere else,
> 
> 	<< ryan
> 
> On Fri, 1 Aug 2003, Eberhard Moenkeberg wrote:
> 
> > Hi,
> >
> > On Fri, 1 Aug 2003, ?lvaro Palma wrote:
> >
> > > I receive the following email. I'm almost sure it's a virus, by if not, is Dell
> > > list allowing spam? I hope and believe not, but I prefer to be sure. Is the list
> > > moderated or not? Cause if it is, I think this one passes the filter....
> >
> > That suspicious mail seems to originate directly from dell... ;->>
> >
> > This was the header for me:
> >
> > Return-path: <linux-poweredge-admin at dell.com>
> > Envelope-to: emoenke at gwdg.de
> > Delivery-date: Fri, 01 Aug 2003 19:40:08 +0200
> > Received: from lists.us.dell.com ([143.166.224.162])
> >         by mailer.gwdg.de with esmtp (Exim 4.20)
> >         id 19idst-00039G-Dr
> >         for emoenke at gwdg.de; Fri, 01 Aug 2003 19:40:07 +0200
> > Received: from lists.us.dell.com (localhost.localdomain [127.0.0.1])
> >         by lists.us.dell.com (8.11.6/8.11.6/Dell.IT.3.31.03) with ESMTP id h71HOMk31706;
> >         Fri, 1 Aug 2003 12:24:22 -0500
> > Received: from smtp20.us.dell.com (smtp20.us.dell.com [143.166.148.129])
> >         by lists.us.dell.com (8.11.6/8.11.6/Dell.IT.3.31.03) with ESMTP id h71HN7k31681
> >         for <linux-poweredge at lists.us.dell.com>; Fri, 1 Aug 2003 12:23:07 -0500
> > Received: from localhost (london-bridge.east.veritas.com [207.30.27.2])
> >         by smtp20.us.dell.com (8.12.9/8.12.7) with SMTP id h71HLt4h023141
> >         for <Linux-PowerEdge at dell.com>; Fri, 1 Aug 2003 12:22:05 -0500
> > Message-Id: <200308011722.h71HLt4h023141 at smtp20.us.dell.com>
> > From: admin at dell.com
> > To: Linux-PowerEdge <Linux-PowerEdge at dell.com>
> > Reply-To: admin at dell.com
> > X-Mailer: The Bat! (v1.61)
> > X-Priority: 2 (High)
> > Subject: your account                         splsahka
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed; boundary="----------B697262D2D453D5"
> > X-Scanned-By: MIMEDefang 2.31
> > X-Spam-Status: No, hits=-3.4 required=5.0
> >         tests=NO_REAL_NAME,RCVD_IN_BONDEDSENDER,SPAM_PHRASE_05_08,
> >               SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID,TO_LOCALPART_EQ_REAL,
> >               USER_AGENT_THEBAT
> >         version=2.44
> > Sender: linux-poweredge-admin at dell.com
> > Errors-To: linux-poweredge-admin at dell.com
> > X-BeenThere: linux-poweredge at dell.com
> > X-Mailman-Version: 2.0.13
> > Precedence: bulk
> > List-Help: <mailto:linux-poweredge-request at dell.com?subject=help>
> > List-Post: <mailto:linux-poweredge at dell.com>
> > List-Subscribe: <http://lists.us.dell.com/mailman/listinfo/linux-poweredge>,
> >         <mailto:linux-poweredge-request at dell.com?subject=subscribe>
> > List-Id: Linux on Dell PowerEdge Servers discussion <linux-poweredge.dell.com>
> > List-Unsubscribe: <http://lists.us.dell.com/mailman/listinfo/linux-poweredge>,
> >         <mailto:linux-poweredge-request at dell.com?subject=unsubscribe>
> > List-Archive: <http://lists.us.dell.com/pipermail/linux-poweredge/>
> > X-Original-Date: Fri, 1 Aug 2003 12:21:55 -0500
> > Date: Fri, 1 Aug 2003 12:21:55 -0500
> >
> >
> > Cheers -e
> > --
> > Eberhard Moenkeberg (emoenke at gwdg.de, em at kki.org)
> >
> > _______________________________________________
> > Linux-PowerEdge mailing list
> > Linux-PowerEdge at dell.com
> > http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> > Please read the FAQ at http://lists.us.dell.com/faq or search the list archives at http://lists.us.dell.com/htdig/
> >
> 
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq or search the list archives at http://lists.us.dell.com/htdig/




More information about the Linux-PowerEdge mailing list