new message

Lyle Bickley lbickley at bickleywest.com
Thu Nov 12 22:58:38 CST 2015 

On Thu, 12 Nov 2015 21:25:58 -0600
"Jay West" <jwest at classiccmp.org> wrote:

> Apologies, not sure how that got through.
> 
> Maybe a listmember got address-book-malware. Will see if the headers reveal
> anything that is easy to spot.

I'm a member of spamcop and submitted all of the spam posts to spamcop (since becoming a member, I've submitted over 15,000 spams to them). At any rate, here's the detail of who posted it - and the ISP who got the spam post:

--------------------------------------------
Here are the results of your submission:

   Processing spam:

   From: katelists at trouts.org
   Subject: Fw: new message
   
   0: Received: from huey.classiccmp.org ([199.188.211.196]:24115) by biz170.inmotionhosting.com with esmtp (Exim 4.85) (envelope-from <cctalk-bounces at classiccmp.org>) id 1Zx1HS-002Mnq-NF for lbickley at bickleywest.com; Thu, 12 Nov 2015 15:27:51 -0800
   Hostname verified: huey.classiccmp.org
   inmotionhosting.com received mail from sending system 199.188.211.196
   
   1: Received: from huey.classiccmp.org (localhost [127.0.0.1]) by huey.classiccmp.org (Postfix) with ESMTP id 51C3C2073F99; Thu, 12 Nov 2015 17:27:41 -0600 (CST)
   Internal handoff or trivial forgery
   
   2: Received: from mx2.ezwind.net (unknown [172.20.1.95]) by huey.classiccmp.org (Postfix) with ESMTP id CB3BD2073F8F; Thu, 12 Nov 2015 17:27:38 -0600 (CST)
   Internal handoff or trivial forgery
   
   3: Received: from mx2.ezwind.net (localhost [127.0.0.1]) by mx2.ezwind.net (Postfix) with ESMTP id B14D74E6AA; Thu, 12 Nov 2015 17:27:38 -0600 (CST)
   Internal handoff or trivial forgery
   
   4: Received: from mailout.ish.de (mailout.ish.de [80.69.98.247]) by mx2.ezwind.net (Postfix) with ESMTP id 5855C4E6B4; Thu, 12 Nov 2015 17:27:37 -0600 (CST)
   Hostname verified: mailout.ish.de
   warning:Possible forgery.  Supposed receiving system not associated with any of your mailhosts
   Will not trust this Received line.
   Tracking message source:199.188.211.196:

   Cached whois for 199.188.211.196 : noc at xiolink.com
   Using abuse net on noc at xiolink.com
   abuse net xiolink.com = abuse at xiolink.com
   Using best contacts abuse at xiolink.com
   warning:Yum, this spam is fresh!
   Message is  0 hours old
   199.188.211.196 not listed in cbl.abuseat.org
   199.188.211.196 not listed in dnsbl.sorbs.net
Spam report id 6380971842 sent to: abuse at xiolink.com
May be saved for future reference:
http://www.spamcop.net/sc?id=z6193526037z09bcbf8ca61934833a230d5cac9df43dz


   Processing spam:

   From: katelists at trouts.org
   Subject: Fw: new message
   
   0: Received: from huey.classiccmp.org ([199.188.211.196]:34299) by biz170.inmotionhosting.com with esmtp (Exim 4.85) (envelope-from <cctalk-bounces at classiccmp.org>) id 1Zx1J4-002O8P-9m for lbickley at bickleywest.com; Thu, 12 Nov 2015 15:29:30 -0800
   Hostname verified: huey.classiccmp.org
   inmotionhosting.com received mail from sending system 199.188.211.196
   
   1: Received: from huey.classiccmp.org (localhost [127.0.0.1]) by huey.classiccmp.org (Postfix) with ESMTP id 6C13E2073F84; Thu, 12 Nov 2015 17:29:29 -0600 (CST)
   Internal handoff or trivial forgery
   
   2: Received: from mx1.ezwind.net (unknown [172.20.1.26]) by huey.classiccmp.org (Postfix) with ESMTP id E9D542073F6B for <cctalk at classiccmp.org>; Thu, 12 Nov 2015 17:29:27 -0600 (CST)
   Internal handoff or trivial forgery
   
   3: Received: from mx1.ezwind.net (localhost [127.0.0.1]) by mx1.ezwind.net (Postfix) with ESMTP id 974C34E743 for <cctalk at classiccmp.org>; Thu, 12 Nov 2015 17:29:28 -0600 (CST)
   Internal handoff or trivial forgery
   
   4: Received: from eu1.nethat.com (eu1.nethat.com [81.223.254.166]) by mx1.ezwind.net (Postfix) with ESMTP id 247FF4E718 for <cctalk at classiccmp.org>; Thu, 12 Nov 2015 17:29:27 -0600 (CST)
   Hostname verified: eu1.nethat.com
   warning:Possible forgery.  Supposed receiving system not associated with any of your mailhosts
   Will not trust this Received line.
   Tracking message source:199.188.211.196:

   Cached whois for 199.188.211.196 : noc at xiolink.com
   Using abuse net on noc at xiolink.com
   abuse net xiolink.com = abuse at xiolink.com
   Using best contacts abuse at xiolink.com
   warning:Yum, this spam is fresh!
   Message is  0 hours old
   199.188.211.196 not listed in cbl.abuseat.org
   199.188.211.196 not listed in dnsbl.sorbs.net
Spam report id 6380971843 sent to: abuse at xiolink.com
--------------------------------------

Cheers,
Lyle
-- 
73      AF6WS
Bickley Consulting West Inc.
http://bickleywest.com

"Black holes are where God is dividing by zero"

More information about the cctalk mailing list