Received: from unknown (HELO genie.de) (211.185.197.130) by mx0.gmx.net (mx021-rz3) with SMTP; 20 Feb 2002 13:56:10 -0000 GMX got this mail from 211.185.197.130 (who said that it was "genie.de", which is not true, as "genie.de" has a different ip).
Received: (qmail 20586 invoked by uid 0); 20 Feb 2002 13:56:10 -0000 GMX delivered the mail to their central server, although it doesn't say anywhere, you will get this line on all mails which go over GMX.
Delivered-To: GMX delivery to thiemo@gmx.ch this line should have been next, don't know why it's on the top of the received headers.
Received: from 213.165.64.20 [213.165.64.20] by localhost with POP3 (fetchmail-5.8.0) for mail_thiemo@localhost (single-drop); Wed, 20 Feb 2002 15:00:08 +0100 (CET)
fetchmail picked off the mail from 213.165.64.20 (which is the GMX pop server sproxy.gmx.net) ...
Received: from localhost (localhost [127.0.0.1]) by nyffeltrach.thiam.ch (Postfix on SuSE Linux 7.2 (i386)) with ESMTP id 1BE6DC0D1 for
; Wed, 20 Feb 2002 15:00:08 +0100 (CET)
... and put it into your postfix mailbox (postfix knows that your local domain is nyffeltrach.thiam.ch that's why it appears here). of course the headers are german because you use a german mail reader, but nontheless the mail reader should use the standard-fields like Subject, etc. If the header you supplied is complete this even means that your mail reader removed the standard Subject and From fields and replaced them with their german counterparts - which it shouldn't do because it simply doesn't comply with rfc822 (http://community.roxen.com/developers/idocs/rfc/rfc822.html) -- it just confused me a bit, non-standard stuff is usually what microsoft does.
Hm, plausible means ok? The way it has to go?
yes it does. if you want to complain, the originating ip is 211.185.197.130 (and you could write to abuse@genie.de to get the mailbox blocked, but this won't hurt the spammer a lot). the closest I could traceroute it to, was the korean telekom.
340 ms 210.204.249.203 336 ms 172.20.28.26 327 ms 211.185.197.130
whereas whois 210.204.249.203 returns [ Admin Contact Information] Name : YONGBAE KIM Org Name : KOREA TELECOM State : SEOUL Address : 128-9 YOUNKUN-DONG JONGNO-KU Zip Code : 110-460 Phone : +82-2-3675-2201 Fax : +82-2-3675-0220 E-Mail : baekim@kt.co.kr
172.20.28.26 is a private subnet, so you can't do a lot with that information and 211.185.197.130 is your spammer.
cheers, michael
participants (1)
-
Michael Stern