[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

email header analysis

To: misc@openbsd.org
Subject: email header analysis
From: Jay Moore <jay_mo@bellsouth.net>
Date: Fri, 12 Sep 2003 15:34:35 -0500

In some spam I received, I found the following header: 

--------------------------------------
Received: from 57-112.hspg-b3.cablelynx.com
(57-112.hspg-b3.cablelynx.com [24.204.57.112])
        by kingcull.cullmail.com (8.12.9/8.12.9) with SMTP id
h8CJvFi2029627;
        Fri, 12 Sep 2003 14:57:17 -0500 (CDT)
Received: from (HELO yxe5tru) [221.96.194.116]
        by 57-112.hspg-b3.cablelynx.com;
        Fri, 12 Sep 2003 19:56:12 -0100
--------------------------------------

Which is the _real_ spammer? or, are both real spammers, or open
relays, or something else I should block? I did nslookups on these
addresses with following results: 

$ nslookup 24.204.57.112
Server:         207.203.159.252
Address:        207.203.159.252#53

Non-authoritative answer:
112.57.204.24.in-addr.arpa      name = 57-112.hspg-b3.cablelynx.com.

Authoritative answers can be found from:
57.204.24.in-addr.arpa  nameserver = ns1.netipfam.net.
57.204.24.in-addr.arpa  nameserver = ns2.netipfam.net.
ns1.netipfam.net        internet address = 24.204.0.4
ns2.netipfam.net        internet address = 24.204.0.5


$ nslookup 221.96.194.116
Server:         207.203.159.252
Address:        207.203.159.252#53

116.194.96.221.in-addr.arpa     name = YahooBB221096194116.bbtec.net.

Thanks,
Jay

Follow-Ups:
- Re: email header analysis
  - From: "Peter H. Coffin" <hellsop@ninehells.com>
- Re: email header analysis
  - From: Chuck Yerkes <chuck+obsd@2003.snew.com>

Prev by Date: pppoe truncated ip xx bytes missing 3.3 / 3.4 snapshot
Next by Date: Determining if my OpenBSD 3.3 box sent out mails
Prev by thread: pppoe truncated ip xx bytes missing 3.3 / 3.4 snapshot
Next by thread: Re: email header analysis
Index(es):
- Date
- Thread