Boat Drinks  

Go Back   Boat Drinks > General > Computer and Consoles
Reload this Page Is it spam?
Register FAQ Members List Calendar Mark Forums Read

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 02-01-2007, 20:57   #1
Richard Slater
Long Island Iced Tea
 
Join Date: Sep 2006
Location: Brighton, UK
Posts: 285
Default Is it spam?
Someone has suggested that signing up to the website I run has resulted in his e-mail receiving spam, I have asked the Administrator Team to change their passwords and check their machines (only way I can think of that you could "use" phpBB to get e-mail addresses). I have checked the hosting and removed everything that isn't used at the moment, and checked the login log for my web host in case something was in there.

I asked the person in question to send me the "spam" and this is what I got back:

Quote:
Return-Path: <chlfirm@server7.jiffynet-hosting.net>
X-Envelope-To: Thor@TheAsgard
X-Spam-Status: No, hits=1.2 required=5.0
tests=AWL: 1.046,NO_REAL_NAME: 0.124
X-Spam-Level: *
Return-Path: <chlfirm@server7.jiffynet-hosting.net>
Received: from punt3.mail.demon.net by mailstore
for hhh@<USER IN QUESTIONS ISP DOMAIN> id 1H1muE-2VcGPo-06-G65;
Tue, 02 Jan 2007 16:54:30 +0000
Received: from [194.217.242.210] (lhlo=lon1-hub.mail.demon.net)
by punt3.mail.demon.net with lmtp id 1H1muE-2VcGPo-06
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 16:54:30 +0000
Received: from [216.67.224.66] (helo=server7.jiffynet-hosting.net)
by lon1-hub.mail.demon.net with esmtp id 1H1muE-0000PG-Id
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 16:54:30 +0000
Received: from chlfirm by server7.jiffynet-hosting.net with local (Exim 4.63)
(envelope-from <chlfirm@server7.jiffynet-hosting.net>)
id 1H1muT-0001iR-MP
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 11:54:45 -0500
X-Boxtrapper: EDfHOJm2sPPcn3ODICrbMxuKw_vM6qPU
From: r.choueiri@chlfirm.com
To: hhh@<USER IN QUESTIONS ISP DOMAIN>
Subject: Your email requires verification verify#D5paaQrSsvuQCwmmT80fUFcjxgylc6JY
Message-Id: <E1H1muT-0001iR-MP@server7.jiffynet-hosting.net>
Date: Tue, 02 Jan 2007 11:54:45 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server7.jiffynet-hosting.net
X-AntiAbuse: Original Domain - <USER IN QUESTIONS ISP DOMAIN>
X-AntiAbuse: Originator/Caller UID/GID - [32035 12] / [47 12]
X-AntiAbuse: Sender Address Domain - server7.jiffynet-hosting.net
X-Source: /usr/local/cpanel/bin/boxtrapper
X-Source-Args: /usr/local/cpanel/bin/boxtrapper r.choueiri@chlfirm.com
X-Source-Dir: /tmp

The message you sent requires that you verify that you
are a real live human being and not a spam source.

To complete this verification, simply reply to this message and leave
the subject line intact.

The headers of the message sent from your address are show below:

>From hhh@<USER IN QUESTIONS ISP DOMAIN> Tue Jan 02 11:54:45 2007
Received: from [196.206.91.227] (helo=adsl196-227-91-206-196.adsl196-3.iam.net.ma)
by server7.jiffynet-hosting.net with smtp (Exim 4.63)
(envelope-from <hhh@<USER IN QUESTIONS ISP DOMAIN>>)
id 1H1muN-0001hJ-Bt
for r.choueiri@chlfirm.com; Tue, 02 Jan 2007 11:54:45 -0500
Received: from hvrk ([227.235.166.74])
by adsl196-227-91-206-196.adsl196-3.iam.net.ma (8.13.1/8.13.1) with SMTP id l02GtX2B059306;
Tue, 2 Jan 2007 16:55:33 +0000
Message-ID: <001f01c72e8e$947640c0$4aa6ebe3@hvrk>
From: "Joy" <hhh@<USER IN QUESTIONS ISP DOMAIN>>
To: <r.choueiri@chlfirm.com>
Subject: multiply
Date: Tue, 2 Jan 2007 16:49:29 +0000
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C72E8E.94729740"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409


__________ NOD32 1952 (20070102) Information __________

This message was checked by NOD32 antivirus system.

http://www.eset.com
Quote:
Return-Path: <>
X-Envelope-To: Thor@TheAsgard
X-Spam-Status: No, hits=0.3 required=5.0
tests=NO_REAL_NAME: 0.124,VIRUS_WARNING268B: 0.2
X-Spam-Level:
Return-Path: <>
Received: from punt3.mail.demon.net by mailstore
for qumhfx@<USER IN QUESTIONS ISP DOMAIN> id 1H1lkQ-4cIknw-06-8jN;
Tue, 02 Jan 2007 15:40:18 +0000
Received: from [194.217.242.223] (lhlo=lon1-hub.mail.demon.net)
by punt3.mail.demon.net with lmtp id 1H1lkQ-4cIknw-06
for qumhfx@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 15:40:18 +0000
Received: from [195.238.4.117] (helo=outmx018.isp.belgacom.be)
by lon1-hub.mail.demon.net with esmtp id 1H1lkQ-0000m4-Ct
for qumhfx@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 15:40:18 +0000
Received: from outmx018.isp.belgacom.be (localhost [127.0.0.1])
by outmx018.isp.belgacom.be (8.12.11.20060308/8.12.11/Skynet-OUT-2.22) with ESMTP id l02FeABx009841
for <qumhfx@<USER IN QUESTIONS ISP DOMAIN>>; Tue, 2 Jan 2007 16:40:10 +0100
(envelope-from <>)
Received: from hvhp.be (34.103-240-81.adsl-dyn.isp.belgacom.be [81.240.103.34])
by outmx018.isp.belgacom.be (8.12.11.20060308/8.12.11/Skynet-OUT-2.22) with ESMTP id l02FeA1A009835
for <qumhfx@<USER IN QUESTIONS ISP DOMAIN>>; Tue, 2 Jan 2007 16:40:10 +0100
(envelope-from <>)
Message-Id: <200701021540.l02FeA1A009835@outmx018.isp.belgacom .be>
Reply-To: No-one@hvhp.be
From: Mailer_Daemon@hvhp.be
To: qumhfx@<USER IN QUESTIONS ISP DOMAIN>
Subject: Mail Delivery Failure
Date: Tue, 2 Jan 2007 16:45:13 +0100

Delivery Failure Report.
The following message was incorrectly addressed.
Recipient: "gorissenrudi@hvhp.be" is unrecognised.

Please contact "postmaster@hvhp.be" for further assistance


---------------------------------------
Received: from mail.hvhp.be by hvhp.be (VPOP3) with POP3 (Tue, 2 Jan 2007 16:45:13 +0100); Tue, 02 Jan 2007 16:03:57 +0100
Return-path: <qumhfx@<USER IN QUESTIONS ISP DOMAIN>>
Envelope-to: gorissenrudi@hvhp.be
Delivery-date: Tue, 02 Jan 2007 16:03:57 +0100
Received: from mail by host01.tela.be with spam-scanned (Exim 4.42)
id 1H1lBF-0003X3-CI
for gorissenrudi@hvhp.be; Tue, 02 Jan 2007 16:03:57 +0100
Received: from in.dishatech.com ([220.225.70.109])
by host01.tela.be with smtp (Exim 4.42)
id 1H1lBB-0003Wy-KE
for gorissenrudi@hvhp.be; di, 02 jan 2007 16:03:57 +0100
Received: (qmail 15941 invoked from network); Tue, 2 Jan 2007 20:42:18 +0530
Received: from unknown (HELO nlhtoa) (207.127.228.141)
by in.dishatech.com with SMTP; Tue, 2 Jan 2007 20:42:18 +0530
Message-ID: <459A7652.1000009@<USER IN QUESTIONS ISP DOMAIN>>
Date: Tue, 2 Jan 2007 20:42:18 +0530
From: Kelly I. Essie <qumhfx@<USER IN QUESTIONS ISP DOMAIN>>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: gorissenrudi@hvhp.be
Subject: luscious Hindu
Content-Type: multipart/related;
boundary="------------080707000701010106080101"
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on host01.tela.be
X-Spam-Level: **
X-Spam-Status: No, score=2.9 required=5.0 tests=HTML_20_30,HTML_IMAGE_ONLY_16,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=no version=3.0.1

__________ NOD32 1949 (20061230) Information __________

This message was checked by NOD32 antivirus system.

http://www.eset.com
Quote:
Return-Path: <chlfirm@server7.jiffynet-hosting.net>
X-Envelope-To: Thor@TheAsgard
X-Spam-Status: No, hits=2.2 required=5.0
tests=MISSING_SUBJECT: 1.109,NO_REAL_NAME: 0.124,SARE_FROM_NONAME: 0.983
X-Spam-Level: **
Return-Path: <chlfirm@server7.jiffynet-hosting.net>
Received: from punt3.mail.demon.net by mailstore
for hhh@<USER IN QUESTIONS ISP DOMAIN> id 1H1muB-2xLGPo-05-G68;
Tue, 02 Jan 2007 16:54:27 +0000
Received: from [194.217.242.223] (lhlo=lon1-hub.mail.demon.net)
by punt3.mail.demon.net with lmtp id 1H1muB-2xLGPo-05
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 16:54:27 +0000
Received: from [216.67.224.66] (helo=server7.jiffynet-hosting.net)
by lon1-hub.mail.demon.net with esmtp id 1H1muB-0002h8-HD
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 16:54:27 +0000
Received: from chlfirm by server7.jiffynet-hosting.net with local (Exim 4.63)
(envelope-from <chlfirm@server7.jiffynet-hosting.net>)
id 1H1muT-0001iW-NP
for hhh@<USER IN QUESTIONS ISP DOMAIN>; Tue, 02 Jan 2007 11:54:45 -0500
To: "Joy" <hhh@<USER IN QUESTIONS ISP DOMAIN>>
X-Autorespond: multiply
X-Loop: "Joy" <hhh@<USER IN QUESTIONS ISP DOMAIN>>
From: "" <r.choueiri@chlfirm.com>
Content-type: text/plain; charset=us-ascii
Subject:
Message-Id: <E1H1muT-0001iW-NP@server7.jiffynet-hosting.net>
Date: Tue, 02 Jan 2007 11:54:45 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server7.jiffynet-hosting.net
X-AntiAbuse: Original Domain - <USER IN QUESTIONS ISP DOMAIN>
X-AntiAbuse: Originator/Caller UID/GID - [32035 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - server7.jiffynet-hosting.net
X-Source: /usr/local/cpanel/bin/autorespond
X-Source-Args: /usr/local/cpanel/bin/autorespond r.choueiri@chlfirm.com /home/chlfirm/.autorespond
X-Source-Dir: /



























__________ NOD32 1952 (20070102) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com
There are more of them, however they are all similar to the second e-mail posted above.

Does anyone know enough about this stuff to explain how this could happen?
Richard Slater is offline   Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 15:41.

Contact Us - Boat Drinks - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.