Hash: SHA1

On Wed, 22 Jan 2003 09:45:40 -0000 (GMT), Mark Cooke wrote:

> A friend of mine has just received about 200 spam mails (why 200,
> beats me), Anyway, I have found out from the headers, who received
> what and who was the initial point of injection, I want to contact the
> point of injection and warn that person that their box is being used
> for an open relay, without contacting their isp (and getting them in
> trouble).
> The problem is looking at their IP, it seems to be a blueyonder
> broadband account, I wish to somehow contact the person on that
> address and advise them of this, I have their hostname and IP address.
> I tried to telnet to port 25 on that IP, yet it never received a
> reply, which  would seem that their smtp sever isn't open, yet they
> did send the mail through their open rely sever.
> Email headers:
> Received: from mail.pcc.edu.cn ([]) by
> mc7-f9.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 21
> Jan 2003 10:41:13 -0800
>       Received: from smtp0542.mail.yahoo.com
> (pc-80-193-4-51-nm.blueyonder.co.uk [])(authenticated
> bits=0)by mail.pcc.edu.cn (8.12.3/8.12.3) with ESMTP id
> h0LItEL9003808for<[EMAIL PROTECTED]>; Wed, 22 Jan 2003 02:55:23
> +0800
> Spammer: smtp0542.mail.yahoo.com

No, that is not the spammer. That was faked. You can submit an
arbitrary sequence of characters in the greeting line when
connecting to a mail server.

> OpenRelay Server: pc-80-193-4-51-nm.blueyonder.co.uk []

No, that is the sender address. The mail server is mail.pcc.edu.cn
(, Pengcheng College, Xuzhou, Jiangsu,221008, China.

Forward the entire mail to <[EMAIL PROTECTED]>

- -- 
Version: GnuPG v1.0.7 (GNU/Linux)


Psyche-list mailing list

Reply via email to