spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "JPP" <j...@frws.com>
Subject Re: Hundreds of spam from same email
Date Wed, 20 Jul 2011 02:12:33 GMT
On Tue, 19 Jul 2011 20:15:15 -0500, Taylor, Jonn wrote
> I seeing hundreds of emails from mail.com but it's not coming from them.
> Every few hours it jumps to a new sever. Is anyone else getting them?
> 
> Jonn
> 
> Here is the current one I am getting.
> 
> Return-Path: <asterisk@sreg.dynalias.org>
> Received: from qmta12.emeryville.ca.mail.comcast.net ([76.96.27.227] 
verified)
>   by taylortelephone.com (CommuniGate Pro SMTP 5.4.0)
>   with ESMTP id 6361267 for jonnt@taylortelephone.com; Tue, 19 Jul 2011 
19:25:30 -0500
> Received-SPF: none
>  receiver=taylortelephone.com; client-ip=76.96.27.227; envelope-
from=asterisk@sreg.dynalias.org
> Received: from omta21.emeryville.ca.mail.comcast.net ([76.96.30.88])
> 	by qmta12.emeryville.ca.mail.comcast.net with comcast
> 	id A0PY1h0031u4NiLAC0Phqo; Wed, 20 Jul 2011 00:23:41 +0000
> Received: from sreg.dynalias.org ([67.181.18.78])
> 	by omta21.emeryville.ca.mail.comcast.net with comcast
> 	id A0Nb1h00B1h46uz8h0NfxZ; Wed, 20 Jul 2011 00:22:39 +0000
> Received: by sreg.dynalias.org (Postfix, from userid 100)
> 	id 0C7116B220D; Tue, 19 Jul 2011 02:29:54 -0700 (PDT)
> Date: Tue, 19 Jul 2011 02:29:54 -0700
> To: jonnt@taylortelephone.com
> From: mail@inbox.com
> Reply-To: 
> Subject: d
> Message-ID: <919924b561ed090d805ab8ca9bb656a1@67.181.18.78>
> X-Priority: 3
> X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> Content-Type: text/html; charset="iso-8859-1"
> 
> hi how are you nb
> 
> And one from earlier.
> 
> Return-Path: <asterisk@pbx.local>
> Received: from [69.65.18.26] (HELO pbx.local)
>   by taylortelephone.com (CommuniGate Pro SMTP 5.4.0)
>   with ESMTP id 6357066 for jonnt@taylortelephone.com; Tue, 19 Jul 2011 
04:33:01 -0500
> Received: by pbx.local (Postfix, from userid 100)
> 	id 1F6401F68893; Tue, 19 Jul 2011 04:31:17 -0500 (CDT)
> Date: Tue, 19 Jul 2011 04:31:17 -0500
> To: jonnt@taylortelephone.com
> From: info@me.com
> Reply-To: 
> Subject: ljh
> Message-ID: <06dcebafac021a1a687dbd69364d43c2@69.65.18.26>
> X-Priority: 3
> X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> Content-Type: text/html; charset="iso-8859-1"
> 
> hi how are you
> 
> And one more.
> 
> Return-Path: <asterisk@voipstarsystems.com>
> Received: from mail2.dotsterhost.com ([72.5.54.127] verified)
>   by taylortelephone.com (CommuniGate Pro SMTP 5.4.0)
>   with SMTPS id 6357182 for jonnt@taylortelephone.com; Tue, 19 Jul 2011 
04:56:38 -0500
> Received-SPF: pass
>  receiver=taylortelephone.com; client-ip=72.5.54.127; envelope-
from=asterisk@voipstarsystems.com
> Received: (qmail 9270 invoked from network); 19 Jul 2011 09:54:53 -0000
> Received: from unknown (HELO trixbox1.voipstarsystems.com) 
(asterisk@voipstarsystems.com@[66.238.61.86])
>   by 72.5.54.127 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 19 Jul 2011 
09:54:53 -0000
> Received: by trixbox1.voipstarsystems.com (Postfix, from userid 100)
> 	id 072CE316188D; Tue, 19 Jul 2011 02:29:01 -0700 (PDT)
> Date: Tue, 19 Jul 2011 02:29:00 -0700
> To: jonnt@taylortelephone.com
> From: info@me.com
> Reply-To: 
> Subject: kj
> Message-ID: <fb7d3e26468545ce646206da7aaaa50f@66.238.61.86>
> X-Priority: 3
> X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> Content-Type: text/html; charset="iso-8859-1"
> 
> hi how are you

Looks to me like they are using a PHPMailer script off one of your 
webservers? Does it send an email to an address they provide? Maybe they are 
trying to exploit it?
Just a thought!

JPP

--
FRWS WebMail (http://www.frws.com)
Cause you deserve Spam and Virus free email...


Mime
View raw message