[CentOS] This is a test of Nixnet blocking
John R Pierce
pierce at hogranch.com
Mon Sep 16 21:05:34 UTC 2013
On 9/16/2013 1:53 PM, m.roth at 5-cent.us wrote:
> Received: from [206.214.95.82] (port=57577 helo=03e6231b.buhlgymgagate.us)
> by host290.hostmonster.com with esmtp (Exim 4.80)
> (envelope-from<KohlsGiftCardSurvey at buhlgymgagate.us>)
> id 1VLfOH-0003sR-20
> form.roth at 5-cent.us; Mon, 16 Sep 2013 14:27:25 -0600
> Received: by 03e6231b.bw31almxu.buhlgymgagate.us
> (amavisd-new, port 10268) with ESMTP id 03NGCCNSDRE623JKCXHVTJ1B; for
> <m.roth at 5-cent.us>; Mon, 16 Sep 2013 13:27:24 -0700
> To:m.roth at 5-cent.us
> List-Unsubscribe:
> <mailto:unsub-2268-733-2332-11-65411647 at buhlgymgagate.us?subject=unsubscribe>,
> <http://www.buhlgymgagate.us/unsubscribe/2268/733/2332/11/65411647/~~m.roth@5-cent.us>
> X-Priority: 3 (Normal)
> From: "Kohls Gift Card Survey"<KohlsGiftCardSurvey at buhlgymgagate.us>
>
> So, it looks like mmm, (check whois) Jeff Martinez should be blocked at
> buhlgymgagate.us. On the other hand, I look at the headers to one of my
> posts, and I see that it's coming from, ta-da, 5-cent.us. If I were
> sending out spam, then you'd be perfectly justified in blocking 5-cent.us.
assuming host290.hostmonster.com is considered a trustworthy server by
you, that spam came from 206.214.95.82, which whois says is...
Sendrillion CUST-NETBLK-PHX-206-214-95-64-27-2332 (NET-206-214-95-64-1)
206.214.95.64 - 206.214.95.95
anything else in the headers is forgable. that said, the domain name
used by that spam was registered yesterday. its a throwaway account.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
More information about the CentOS
mailing list