[clue-admin] Fwd: [spry.com #430594] [SpamCop (64.79.210.234) id:3189128524]The results of your email commands

Jed S. Baer cluemail at jbaer.cotse.net
Thu Jun 12 17:21:53 MDT 2008 

On Thu, 12 Jun 2008 12:21:31 -0600
Jeff Cann wrote:

> This looks not good...

Well, a quick look makes this look like a joe-job. Though without full
headers from end-to-end (i.e. being sure I'm looking at the e-mail that
started the chain of events), I really can't say. We do have a lot of
remote-bounce errors from people trying to spam the lists, and also
attempting to e-mail non-existent addresses at our domain. I'm not
surprised at someone forging a clue mailing list address as a sender, and
forging a sender to any of the clue lists that turns out to be a
legitimate address.

I do have a volunteer to work on our mail configuration, and I've been
delaying contacting him to get started, not for any good reason -- just
doing things on CLUE time, you know? It's Chris Hirsch, if anyone knows
him. The name sounds familiar enough to me that I think he's been active
on the lists for a while, or maybe I've met him. Anyways, I'll e-mail him
right away.

As for the immediate response, it looks like we need to contact both
Spamcop re. the report (otherwise we risk being blackholed) and SpryNet.
I'm not sure how to contact Spry, except by using the address listed
below, with the incident ID number. One of those Spamcop URLs is a
response form. I guess we need to use that to indicate we're working on
the problem.

jed

> ---------- Forwarded message ----------
> From: Spry Support via RT <vps-hostingsupport at rt342.spry.com>
> Date: Thu, Jun 12, 2008 at 11:05 AM
> Subject: [spry.com #430594] [SpamCop (64.79.210.234) id:3189128524]The
> results of your email commands
> To: jccann at gmail.com, president at cluedenver.org
> 
> 
> Hello,
> 
> We have received the following 2 reports of spam being sent from your
> VPS.  This is a direct violation of both our Acceptable Usage Policy, as
> well as our Terms of Service.  You have 24 hours to respond to this
> notice, and agree to cooperate with VPSLink staff in the resolution of
> this issue.  You must stop the spam that is coming from your VPS, and
> take measures to prevent this from occurring in the future.
> 
> Failure to respond to this notice within the time limit will result in
> suspension and/or cancellation of services with VPSLink.  We await your
> response.
> 
> ---
> VPSLink Abuse
> 
> 
> 
> > [3189128525 at reports.spamcop.net - Thu Jun 12 04:33:59 2008]:
> >
> > [ SpamCop V2 ]
> > This message is brief for your comfort.  Please use links below for
> details.
> >
> > Unsolicited bounce from: 64.79.210.234
> > http://www.spamcop.net/w3m?i=z3189128525zf346c397edddeebc90c01ad9c90ecf94z
> > 64.79.210.234 appears to be sending unsolicited bounces, please see:
> > http://www.spamcop.net/fom-serve/cache/329.html
> >
> > [ Offending message ]
> > "From clue-cert-bounces at cluedenver.org  Thu Jun 12 11:29:36 2008"
> > Return-Path: <clue-cert-bounces at cluedenver.org>
> > X-Original-To: x
> > Delivered-To: x
> > Received: from cluedenver.org (unknown [64.79.210.234])
> >       by neo-u2.ops-netman.net (Postfix) with ESMTP id 78F51C380F9
> >       for <x>; Thu, 12 Jun 2008 11:29:36 +0000 (UTC)
> > Received: from cluedenver.org (cluedenver.org [127.0.0.1])
> >       by cluedenver.org (Postfix) with ESMTP id 7261B2D4C0B8
> >       for <x>; Thu, 12 Jun 2008 05:29:28 -0600 (MDT)
> > Subject: The results of your email commands
> > From: clue-cert-bounces at cluedenver.org
> > To: x
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed; boundary="===============0004820524=="
> > Message-ID: <mail______________________________cert at cluedenver.org>
> > Date: Thu, 12 Jun 2008 05:29:28 -0600
> > Precedence: bulk
> > X-BeenThere: clue-cert at cluedenver.org
> > X-Mailman-Version: 2.1.5
> > List-Id: CLUE certification <clue-cert.cluedenver.org>
> > X-List-Administrivia: yes
> > Sender: clue-cert-bounces at cluedenver.org
> > Errors-To: clue-cert-bounces at cluedenver.org
> >
> > --===============0004820524==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> >
> > The results of your email command are provided below. Attached is your
> > original message.
> >
> > - Results:
> >     Ignoring non-text/plain MIME parts
> >
> > - Unprocessed:
> >     http://ulateke=2Ecom/
> >
> > - Done.
> >
> >
> > --===============0004820524==
> > Content-Type: message/rfc822
> > MIME-Version: 1.0
> >
> > Return-Path: <agretope at oe-consulting.com>
> > X-Original-To: x
> > Delivered-To: x
> > Received: from tee.gr (unknown [77.41.41.253])
> >       by cluedenver.org (Postfix) with SMTP id 2D4CB2D4C0B8
> >       for <x>;
> >       Thu, 12 Jun 2008 05:29:25 -0600 (MDT)
> > Received: from 144.202.0.38 (HELO mail02.ops-netman.net)
> >       by cluedenver.org with esmtp ({nChar[8-12]} {nChar[4-6]})
> >       id tRCxg-Qn6Ge0-Tj
> >       for x; Thu, 12 Jun 2008 15:29:29 +0400
> > Message-ID: <378201c8cc7f$93c5b620$4d2929fd at Chris>
> > From: "Chris Gleason" <Chris at oe-consulting.com>
> > To: "x" <x>
> > Subject: Your new way to greater satisfaction
> > Date: Thu, 12 Jun 2008 15:29:29 +0400
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative;
> >       boundary="----=_NextPart_14208_37EA_01C8CCA1.1AD75620"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2900.2869
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
> >
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_14208_37EA_01C8CCA1.1AD75620
> > Content-Type: text/plain;
> >         charset="Windows-1252"
> > Content-Transfer-Encoding: quoted-printable
> >
> > Don't be scared to improve your life-style this spring!
> > http://ulateke=2Ecom/
> > ------=_NextPart_14208_37EA_01C8CCA1.1AD75620
> > Content-Type: text/html;
> >         charset="Windows-1252"
> > Content-Transfer-Encoding: quoted-printable
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN">
> > <HTML><HEAD>
> > <META http-equiv=3DContent-Type content=3D"text/html;
> > charset=3DWindows-1= 252">
> > <META content=3D"MSHTML 6=2E00=2E2900=2E2869" name=3DGENERATOR>
> > </HEAD>
> > <BODY><font face=3D"tahoma" size=3D"+1"><b>Don't be scared to improve
> > you= r life-style this spring!</b>
> > <br><a href=3D"http://ulateke=2Ecom/"> http://ulateke=2Ecom/
> > </a></font></=
> > BODY></HTML>
> >
> > ------=_NextPart_14208_37EA_01C8CCA1.1AD75620--
> >
> > --===============0004820524==--
> >
> >
> >
> 
> 
> 
> 
> -- 
> Read my blog at http://www.isuma.org/
> 
> "You may never know what results come of your action, but if you do
> nothing there will be no result."
> - Mahatma Gandhi
> 


--

More information about the clue-admin mailing list