Repeat - it NEVER WENT NEAR gmail. That part is pure forgery.
{^_^}
----- Original Message -----
From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
I see ... I'll have to see why my qmail didn't drop it for those address
issues.
Thanks
-----Original Message-----
From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED]
On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote:
Is anyone else getting spam from gmail? The ones I'm getting are very
lengthy but doesn't look like bayes poison.
It's _not from_ GMail.
<snip>
Received: from unknown (HELO 192.168.0.4) (66.148.73.132)
by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 -0000
Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun
2006 05:05:20 -0800
Message-Id: <[EMAIL PROTECTED]>
From: "Marcelino Crews" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: this weeks stock pick KMAG - build a strong position now
<snip>
Maybe gmail has an open relay? Or does this look like something else?
No, you should be looking at this header:
Received: from unknown (HELO 192.168.0.4) (66.148.73.132)
by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 -0000
This message was received from [66.148.73.132] with no rDNS and using
a private non-routable IP in HELO.
The IP in question is owned by HopOne:
NetRange: 66.148.64.0 - 66.148.127.255
CIDR: 66.148.64.0/18
OrgName: HopOne Internet Corporation
OrgID: HOPO
Address: 1010 Wisconsin Avenue N.W.
City: Washington
StateProv: DC
PostalCode: 20007-3603
Country: US
It doesn't match the SPF record for gmail.com either:
_spf.google.com. 300 IN TXT "v=spf1
ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20
ip4:72.14.192.0/18 ?all"
The sender address is forged, as is common.
IOW it should have been rejected outright before it even got to SA,
either because it has no rDNS, or because it used an invalid address
literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private
non-routable IP in HELO.
-j
