|
List Info
Thread: Getting spammed
|
|
| Getting spammed |
 
New Zealand |
2007-05-03 10:53:39 |
|
Need help -- all users in the domain are getting spam from
67.41.198.132 and have SPF turnned on.
Below is an example.
nslookup can not find the domain.
Thanks for any help.
Sam Pizzuto
Received-SPF: neutral (Last token {?all}
(res=NEUTRAL)) client-ip=67.41.198.132;
envelope-from=aol.com"><Webmaster aol.com>;;
Received: from nisnjpum.com (unverified [67.41.198.132])
by esamiam.net (SurgeMail 3.7b8) with ESMTP id 52949
for multiple; Tue, 01 May 2007 09:35:40 -0400
Return-Path: aol.com"><Webmasteraol.com>;
From: aol.com">Webmasteraol.com
To: saxbyscoffee.com">priv-mailsaxbyscoffee.com
Date: Tue, 01 May 2007 13:20:01 GMT
Subject: Your Updated Password!
Importance: Normal
X-Mailer: SoberTestEngine-V7.14
X-Priority: 3 (Normal)
Message-ID: aol.com"><aabce04.4ebcedfaaol.com>;
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="======6a7fcac1806.4c3731"
Content-Transfer-Encoding: 7bit
This is a multi-part message in MIME format.
X-Server: High Performance Mail Server - http://surgemail.com
r=-364810539
X-Rcpt-To: saxbyscoffee.com"><;sampizzutosaxbyscoffee.com>
X-SpamDetect-Info: This message may be spam see
http://www.smitespam.com for more information
X-SpamDetect: *****: 5.139000 Poly=0.1,NakedCR=0.2,SPF
Neutral=1.5,From: does not include a real name=0.3,Aspam=3.0
X-NakedCr: Body contained naked cr characters
X-IP-stats: Incoming Last 0, First 0, in=4, out=0, spam=0
X-External-IP: 67.41.198.132
Status: U
|
| Re: Getting spammed |
New Zealand |
2007-05-03 11:04:06 |
See http://ws.arin.net/cgi-bin/whois.pl?queryinput=67.41
.198.132
for the Whois contacts at Qwest.
If you just want to block the IP, see g_deny.
Sam Pizzuto wrote:
> Need help -- all users in the domain are getting spam
from 67.41.198.132
> and have SPF turnned on.
> Below is an example.
>
> nslookup can not find the domain.
>
> Thanks for any help.
>
> Sam Pizzuto
--
Neil Herber
Corporate info at http://www.eton.ca/
|
|
| RE: Getting spammed |
New Zealand |
2007-05-03 11:37:30 |
|
Sam,
I just did a check on this IP and my bet
is that it’s a compromised machine (it is in the Qwest Communications
Corporation IP address block).
If I had this problem, I would block the
IP at the edge router, monitor router logs and remove the block once the
activity ceased.
Ted
From: Sam Pizzuto [mailto:spizzutosertec.com]
Sent: May 3, 2007 0954
To: SurgeMail List
Cc:
surgemail-supportnetwinsite.com
Subject: [SurgeMail List] Getting
spammed
Need help -- all users in the domain are getting spam
from 67.41.198.132 and have SPF turnned on.
Below is an example.
nslookup can not find the domain.
Thanks for any help.
Sam Pizzuto
Received-SPF:
neutral (Last token {?all} (res=NEUTRAL)) client-ip=67.41.198.132;
envelope-from= Webmasteraol.com"><Webmasteraol.com>;;
Received: from nisnjpum.com (unverified [67.41.198.132])
by esamiam.net (SurgeMail 3.7b8) with ESMTP id 52949
for multiple; Tue, 01 May 2007 09:35:40 -0400
Return-Path: Webmasteraol.com"><Webmasteraol.com>;
From: Webmasteraol.com">Webmasteraol.com
To: priv-mailsaxbyscoffee.com">priv-mailsaxbyscoffee.com
Date: Tue, 01 May 2007 13:20:01 GMT
Subject: Your Updated Password!
Importance: Normal
X-Mailer: SoberTestEngine-V7.14
X-Priority: 3 (Normal)
Message-ID: aabce04.4ebcedfaaol.com"><aabce04.4ebcedfaaol.com>;
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="======6a7fcac1806.4c3731"
Content-Transfer-Encoding: 7bit
This is a multi-part message in MIME format.
X-Server: High Performance Mail Server - http://surgemail.com
r=-364810539
X-Rcpt-To: sampizzutosaxbyscoffee.com"><;sampizzutosaxbyscoffee.com>
X-SpamDetect-Info: This message may be spam see http://www.smitespam.com for more
information
X-SpamDetect: *****: 5.139000 Poly=0.1,NakedCR=0.2,SPF Neutral=1.5,From: does
not include a real name=0.3,Aspam=3.0
X-NakedCr: Body contained naked cr characters
X-IP-stats: Incoming Last 0, First 0, in=4, out=0, spam=0
X-External-IP: 67.41.198.132
Status: U
|
[1-3]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|