Re: [anti-spam-wg@localhost] Spam form unassigned IP address???
- Date: Wed, 17 Sep 2003 13:22:08 +0200
On Wed, Sep 17, 2003 at 02:13:52PM +0300, Esa Laitinen wrote:
> On Wed, Sep 17, 2003 at 11:05:40AM +0400, Igor Knyazev wrote:
> > >Return-path: info@localhost
> > >Received: from [184.108.40.206] (helo=CIDEX01)
> > > by server10.pronicsolutions.com with smtp (Exim 4.20)
> > > id 19zVjE-0000yv-U1; Wed, 17 Sep 2003 02:23:54 -0400
> > >Received: from 4dqqx.9xtxu.net [220.127.116.11] by CIDEX01 for chairman@localhost; Wed, 17 Sep 2003 10:17:24
> Somebody is forging your e-mail address, and using open relays to do it.
> 18.104.22.168 is owned by a company in India, see
> http://www.geektools.com/whois.php?query=22.214.171.124 . It seems to be
> an open relay.
> http://www.geektools.com/whois.php?query=126.96.36.199 points to
> Halliburton. Do they have zombie address ranges?
34/8 is notoriously hijacked (in fact, it is probably the largest
network hijacked ever), but in this case 188.8.131.52 is an open
proxy, not an open relay [ http://dsbl.org/listing?ip=184.108.40.206 ],
so there is no reason to believe that the second Received: line
Also note that 220.127.116.11 is not routed on the Internet at this
point in time:
route-views.oregon-ix.net>sh ip bgp 18.104.22.168
% Network not in table