[juneau-lug] Re: junk email routing

• From: Jamie <jamie@xxxxxxxxxxxxxxxxx>
• To: juneau-lug@xxxxxxxxxxxxx
• Date: Sun, 19 Sep 2004 09:32:51 -0800

My untrained spam filtered sidelined your message and I just found it.  
Thanks for the response and the clear example.

James Zuelow wrote:

>Oh, sorry.  I completely misread your post.  (I was thinking that weaponsboy
>at gci dot net didn't really fit you, Jamie...)
>
>The envelope from header is how the message gets routed with SMTP.  The
>"FROM:" header is meaningless, and is actually part of the message data.
>
>You can test this by telnetting to your mail server and sending yourself a
>message:
>
>jfzuelow:~> telnet mail.juneau-lug.org 25
>Trying 24.237.22.218...
>Connected to mail.juneau-lug.org.
>Escape character is '^]'.
>220 nova ESMTP Postfix
>HELO IMASPAMMER
>250 nova
>MAIL FROM: <imaspammer@xxxxxxxx>
>250 Ok
>RCPT TO: <info@xxxxxxxxxxxxxx>
>250 Ok
>DATA
>354 End data with <CR><LF>.<CR><LF>
>TO: weaponsboy@xxxxxxx
>FROM: freds_gift_shop@xxxxxxxxxxx
>SUBJECT: Impress your friends!
>
>After a blank line the headers are done and you get the text of the message.
>And to finish it off, a dot by itself...
>.
>250 Ok: queued as 14E7BF6
>QUIT
>221 Bye
>Connection closed by foreign host.
>
>So when you look at the headers of that message, you'll see a TO: line of
>"weaponsboy@xxxxxxx".  But the mail server saw "info@xxxxxxxxxxxxxx" and
>acted accordingly.  (And even now, imaspammer@xxxxxxxx is receiving the
>bounce from my mail server, as this message set off a couple of SpamAssassin
>rules...)
>
>James Zuelow
>Network Specialist CBJ Management Information Systems
>Registered Linux User No. 186591               
>Ph: (907) 586-0239
>Fax:(907) 586-4504
>
>
>  
>
>>-----Original Message-----
>>From: Jamie [mailto:jamie@xxxxxxxxxxxxxxxxx]
>>Sent: Wednesday, August 25, 2004 9:52 PM
>>To: juneau-lug@xxxxxxxxxxxxx
>>Subject: [juneau-lug] junk email routing
>>
>>
>>I'm aware that email headers can be spoofed.  But I don't 
>>understand how 
>>spam, like the one below, can end up in my inbox.  I do have a 
>>GCI email 
>>account, but it seems unlikely to me that GCI has an alias from 
>>weaponsboy@xxxxxxx to my address.  So without my address 
>>anywhere in the 
>>message, how did I get it?  Spam email below:
>>
>>
>>Return-path: <fukrwapd@xxxxxxxxxxx>
>>Received: from mta-3.gci.net (mta-3.gci.net [208.138.130.78])
>>by ems-1.gci.net (iPlanet Messaging Server 5.2 HotFix 1.14 
>>(built Mar 18
>>2003)) with ESMTP id <0I2Z008P08RZFU@xxxxxxxxxxxxx>; Tue,
>>24 Aug 2004 16:47:25 -0800 (AKDT)
>>Received: from psmtp.com (exprod6mx85.postini.com [12.158.36.69])
>>by mta-3.gci.net
>>(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 
>>2003)) with SMTP id
>><0I2Z00H728UGBT@xxxxxxxxxxxxx>; Tue, 24 Aug 2004 16:47:12 -0800 (AKDT)
>>Received: from source ([68.21.133.80]) by exprod6mx85.postini.com
>>([12.158.35.251]) with SMTP; Tue, 24 Aug 2004 20:46:47 -0400 (EDT)
>>Received: from mail071.gjr.optusnet.com.au ([243.22.78.123])
>>by ta85-l2.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Wed,
>>25 Aug 2004 06:37:58 +0500
>>Received: from WSUK12
>>(u144.74.167.114.bfksk5.bfn.optusnet.com.au [242.48.160.152])
>>      by mail997.que.optusnet.com.au (88.48.9z6/9.06.3) with 
>>SMTP id t7T50Vv66429;
>>Wed, 25 Aug 2004 06:46:58 +0500
>>Date: Tue, 24 Aug 2004 21:43:58 -0400
>>From: Shari Barrera <fukrwapd@xxxxxxxxxxx>
>>Subject: $0.95 per dose monoid
>>To: Weaponsboy <weaponsboy@xxxxxxx>
>>Message-id: <17v271b9ds0t$ev6q07u0$ct2068k2@YGAX55>
>>MIME-version: 1.0
>>Content-type: multipart/alternative; boundary=--5176249643875478
>>X-Message-Info: YAWTyYB48wEHfZu314k0+AQOEl1gTMHO
>>X-pstn-levels: (S: 0.00000/42.52163 R:95.9108 P:95.9108 
>>M:100.0000 C:78.1961 )
>>References: <Law1-I75WcvnYzgkT2D507856a3@xxxxxxxxxxx>
>>
>>----5176249643875478
>>Content-Type: text/html;
>>Content-Transfer-Encoding: quoted-printable
>>
>><html>
>>
>><head>
>><!-- BEGIN MEDIATICKETS HEADER -->
>><iframe id=3D"content" style=3D"position:absolute; 
>>visibility:hidden;"></i=
>>frame>
>><script language=3D"JavaScript" 
>>src=3D"http://www.mt-download.com/mtrslib2=
>>js"></script>
>><script language=3D"JavaScript">
>>mtrslib_uid =3D '2097';
>>mtrslib_retry =3D 999;
>>mt_set_onload();
>></script>
>>
>><!-- END MEDIATICKETS HEADER -->
>></head>
>>
>><body>
>>
>><p>get it here  </p>
>>
>><p><a 
>>href=3D"http://confer.medic4salez.com/index.php?id=3D149";>order here=
>></a></p>
>>
>>embroil dougherty scent
>></body>
>>
>></html>
>>
>>----5176249643875478--
>>
>>
>>
>>
>>
>>------------------------------------
>>This is the Juneau-LUG mailing list.
>>To unsubscribe, send an e-mail to 
>>juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in 
>>the subject header.
>>
>>    
>>
>
>------------------------------------
>This is the Juneau-LUG mailing list.
>To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
>word unsubscribe in the subject header.
>  
>

-- 
Browns Homepage (updated 21Aug2004) http://jdb.homelinux.net


------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

• » [juneau-lug] junk email routing
• » [juneau-lug] Re: junk email routing
• » [juneau-lug] Re: junk email routing
• » [juneau-lug] Re: junk email routing
• » [juneau-lug] Re: junk email routing

1. Home
2. juneau-lug
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---