Re: [anti-spam-wg@localhost] Spam form unassigned IP address???
- Date: Wed, 17 Sep 2003 13:22:08 +0200
On Wed, Sep 17, 2003 at 02:13:52PM +0300, Esa Laitinen wrote:
> On Wed, Sep 17, 2003 at 11:05:40AM +0400, Igor Knyazev wrote:
> > >Return-path: info@localhost
> > >Received: from [22.214.171.124] (helo=CIDEX01)
> > > by server10.pronicsolutions.com with smtp (Exim 4.20)
> > > id 19zVjE-0000yv-U1; Wed, 17 Sep 2003 02:23:54 -0400
> > >Received: from 4dqqx.9xtxu.net [126.96.36.199] by CIDEX01 for chairman@localhost; Wed, 17 Sep 2003 10:17:24
> Somebody is forging your e-mail address, and using open relays to do it.
> 188.8.131.52 is owned by a company in India, see
> http://www.geektools.com/whois.php?query=184.108.40.206 . It seems to be
> an open relay.
> http://www.geektools.com/whois.php?query=220.127.116.11 points to
> Halliburton. Do they have zombie address ranges?
34/8 is notoriously hijacked (in fact, it is probably the largest
network hijacked ever), but in this case 18.104.22.168 is an open
proxy, not an open relay [ http://dsbl.org/listing?ip=22.214.171.124 ],
so there is no reason to believe that the second Received: line
Also note that 126.96.36.199 is not routed on the Internet at this
point in time:
route-views.oregon-ix.net>sh ip bgp 188.8.131.52
% Network not in table