xpbargains.net spam [was: Re: 'Broadcom Wireless b/g
(BCM4315/BCM22062000)']
Chris Brennan
xaero at xaerolimit.net
Sat Dec 11 15:42:11 UTC 2010
On Fri, Dec 10, 2010 at 8:47 AM, Ian Smith <smithi at nimnet.asn.au> wrote:
> In freebsd-questions Digest, Vol 340, Issue 11, Message: 27
> On Fri, 10 Dec 2010 00:54:37 -0500
> > On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol <onemda at gmail.com> wrote:
>
> No, he didn't. These mails are FORGED as being from freebsd-questions
> participants, and on first glance may appear to be list postings. They
> used to get posted to the list itself also, but postmaster@ blocked the
> nuisance source back in August. However that doesn't stop them from
> targetting individual list participants, like you.
>
> If you examine the full mail headers, it's likely to have originated
> from the following IP address. If so, you just need to block that
> address at your mailserver. But if they've moved, we need to know ..
>
> Quoting from a message to postmaster@ in August:
>
> > As Roland pointed out, the phishing/virus/whatever referral has switched
> > from downwind.com.au to xpbargains.net, and possibly some others.
> >
> > Here's the business:
> >
> > % dig +short -x 64.38.11.26
> > allmail.0b2.net.
> > % dig +short allmail.0b2.net.
> > 64.38.11.26
> > % dig +short dusk.parklogic.com
> > 64.38.11.26
> >
> > If you can discard by Message-ID then every one of these, including the
> > privately mailed ones, has @dusk.parklogic.com there.
> >
> > If you can block by IP, then that's the one. Or by hostname, every one
> > so far has been relayed by allmail.0b2.net (that's a zero).
>
> So if the full headers reveal coming from that hostname or that IP or
> any other IP in 64.38.11.26/29, just block that and move on.
>
> If it's a different address range now, please provide the full headers
> for the message you received, with a copy to postmaster at freebsd.org
>
> Thanks, Ian (please cc me on any reply, I take this list as a digest)
>
Of all the mail I got on this subject, yours was the most informative.
Thanks. But my question is this. Does GMail provide access to the full
headers? For example when I click 'Show Details' I see the following and not
much else
> from Paul B Mahol <xx at xx.xx>
> sender-time Sent at 4:30 AM (GMT+11:00). Current time there: 2:35 AM.
> to Chris Brennan <xx at xx.xx>
> cc FreeBSD-Questions <xx-xx at xx.xx>, Mark <xx at xx.xx>
> date Mon, Nov 8, 2010 at 4:30 AM
> subject Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)'
The above header just arrived as I was typing this so I thought it an
excellent example. Obviously, I've masked addresses but the point is the
same, g-mail doesn't give much in the way of detail. Short of flagging one
item as spam has the potential risk of sending all FreeBSD-Questions mail to
the spam folder which is just a swirling vortex of nothingness that gets
deleted. If it's managed to get routed there, it stays there, I rarely go
digging for mail in my spam folder because I rarely find stuff that was sent
to detention without rightfully being there.
C-
More information about the freebsd-questions
mailing list