This was from a recent bit of spam to hit the debian user list. Spamcop resolved the sources out to be something in the *.cn namespace (wherever that is), but I noticed that the "From:" header referenced my local little ISP, so I'm a little interested in this... Please correct any analysis mistakes I make. I'm really just guessing at this stuff.... JJL-> This is the envelope From header and shows that it was delivered to me from the debian list. Nothing interesting here... From bounce-debian-user=jjlupa=jamdata.net@lists.debian.org Wed Feb 28 21:51:17 2001 JJL-> This is just me getting the message from pop3. Again nothing interesting... Received: from mail.jamdata.net by localhost with POP3 (fetchmail-5.3.3) for jjlupa@localhost (single-drop); Wed, 28 Feb 2001 21:51:17 -0500 (EST) JJL-> And this the debian machine distributing the message to my ISP for me. Received: from murphy.debian.org (murphy.debian.org [216.234.231.6]) by dns1.jamdata.net (8.9.3/8.9.3) with SMTP id FAA20804 for <jjlupa@jamdata.net>; Wed, 28 Feb 2001 05:33:36 -0500 Resent-Date: Wed, 28 Feb 2001 05:33:36 -0500 Received: (qmail 9307 invoked by uid 38); 28 Feb 2001 10:32:55 -0000 JJL-> This is an utterly useless header, correct? Settable by the client? X-Envelope-Sender: hbphbpp@china.com JJL-> And these are the things used to track this down to that *.cn address Received: (qmail 9274 invoked from network); 28 Feb 2001 10:32:53 -0000 Received: from unknown (HELO server) (202.104.57.145) by murphy.debian.org with SMTP; 28 Feb 2001 10:32:53 -0000 Received: from server ([127.0.0.1]) by server with Microsoft SMTPSVC(5.0.2195.1600); Wed, 28 Feb 2001 17:34:43 +0800 JJL-> Notice this here... This is actually what was wigging me out. From: <ÖÐÏãÍø@dns1.jamdata.net> Sender: <hbphbpp@china.com> Is this just some random happenstance that they set the From: header for the dns server for my ISP? Or is it an indication of a problem with configuration on my ISPs end? This is all kind of amusing for me since I know the guys who run this ISP, and they have all of about 200 subscribers... real small operation out of my buddies garage. Thanks for any help! -Jonathan -- jjlupa@jamdata.net GPG public key available from http://lupavista.jamdata.net/gpg.asc ------------------------------------------------------------------ Lament 1750: "If I only had a radioactive decay source and a fast free-running oscillator..."
Attachment:
pgp3n06uPa7P3.pgp
Description: PGP signature