North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP wants to stop outgoing web based spam
On Wed, 9 Aug 2006, Ken Simpson wrote:
Typical SMTP headers of http based spam:
Received: from pmx2.montclair.edu (smtp-in.montclair.edu [220.127.116.11]) by broadway.montclair.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <[email protected]> for x; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from pmx2.montclair.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 032883F01 for <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from tw4.telgua.com.gt (tw3.telgua.com.gt [18.104.22.168]) by pmx2.montclair.edu (Postfix) with ESMTP id 8F6993F03 for <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from intelnet.net.gt (unknown [10.160.3.1]) by tw4.telgua.com.gt (Tumbleweed MailGate) with ESMTP id 72D1748A5C673; Wed, 09 Aug 2006 13:42:51 -0500 (CDT) Received: from [10.160.3.30] (Forwarded-For: [xx.56.145.19]) by messaging.telgua.com.gt (mshttpd); Wed, 09 Aug 2006 12:39:46 -0700
The key here is the bottom Received with the mshttpd. Only once it hits telgua.com.pt (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs.
Basically, the state of blocking outgoing spam hasn't progressed in the past 4 years. Bummer.
Hank Nussbacher http://www.interall.co.il