You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2006/08/19 08:52:46 UTC
path continuity
Hi,
I just came across a nice spam with forged received lines.
It is normal for a meswsage with multiple hops that the machine sending out a mail is not
exactly the one receiving it, but they usually should be in the same domain (or at least related,
like the t-online hop which receives with a .de and delivers through a related .com)
Now this one looks like the first receiver puts the data into a brown bag and snail mails them
elsewhere for re-injection into the smtp world :)
Is this something to derive "bonus" points from?
Wolfgang Hamann
Received: from fwdallmx.t-online.com [194.25.134.91]
by localhost with POP3 (fetchmail-6.2.3)
for wolfgang@localhost (single-drop); Fri, 18 Aug 2006 13:30:37 +0200 (CEST)
Received: from mailin22.aul.t-online.de (mailin22.aul.t-online.de [172.20.26.75])
by mhead22 with LMTP; Fri, 18 Aug 2006 11:06:37 +0200
X-Sieve: CMU Sieve 2.2
Received: from mydomain.com ([196.209.36.251]) by mailin22.sul.t-online.de
with esmtp id 1GE0Iv-06fIVU0; Fri, 18 Aug 2006 11:06:13 +0200
Received: from esmtp.genuity.com ([80.142.172.219]) by singularity.inreach.com with SMTP
id 12ACC82B;
Fri, 18 Aug 2006 09:06:37 -0000
Received: from abyss.banelco.com.ar ([254.136.135.205]) by maelstrom.mx.aol.com with ESMTP
id 0A579587;
Fri, 18 Aug 2006 09:06:27 -0000
Received: from nk1.hotmail.com ([0.153.153.217]) by nk2.mail.lycos.com with esmtp (Exim 3.35 #1)
id 0AE5CE36;
Fri, 18 Aug 2006 09:06:17 -0000
Date: Fri, 18 Aug 2006 11:06:17 +0200
From: davidkanfo_900@yahoo.com
To: davidkanfo_900@yahoo.com