 |
 |
Just remember to be careful when looking at headers. You can not rely on any of the email headers beyond the last hop that actually delivered the mail to MSU; That IP cannot be forged. Any hops before that can easily be forged by a virus/spammer/etc. In this case, it doesn't matter because there is only one hop in the header. -Russell Lee Duynslager wrote: > One of the ways I handle these types of emails is that I determine who is > responsible for the IP address of the machine that sent this message out: > > If you look in the headers this is: 165.189.17.51 > > I used a tool on the net called sam spade to determine who is responsible > for this IP. You can click on the link below. There are links within this > page so you can send the network abuse person a message ( or call ) about > these problems you are having and they will have something done. > > > > http://www.samspade.org/t/lookat?a=165.189.17.51 > > > Lee > > Lee Duynslager > Information Technologist > Integrated Plant Systems > Michigan State University > > (517) 432-5296 > > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Tim Potter > Sent: Wednesday, May 12, 2004 8:27 AM > To: [log in to unmask] > Subject: [MSUNAG] Suspect files of zero-length > > I've been receiving suspicious files of the usual viral extensions (.exe, > .scr, .com, etc.) about every day from this same individual (see below) but > all of the files have been zero length and not detected by my AV software > as infected (Norton AV CE 7.61 and Kaspersky KAV 4.5.0.95 Trial). Anyone > else see files like this slipping thru their AV and the mail.msu.edu AV? > > Can this sender be blocked at the mail.msu.edu server? > Tim > > > Return-path: <[log in to unmask]> > Envelope-to: [log in to unmask] > Delivery-date: Wed, 12 May 2004 08:53:37 -0400 > Received: from [165.189.17.51] (helo=W17269.org) > by sys16.mail.msu.edu with smtp (Exim 4.32 #22) > id 1BNtEv-00030N-1m > for [log in to unmask]; Wed, 12 May 2004 08:53:37 -0400 > Date: Wed, 12 May 2004 07:52:42 -0600 > To: "Pottert" <[log in to unmask]> > From: "Mark.ibach" <[log in to unmask]> > Subject: Re: Msg reply > Message-ID: <[log in to unmask]> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------bvhkxpkbmvushehovkub" > X-Virus: None found by Clam AV > X-Spam-Status: No, hits=0.9 required=5.0 tests=HTML_30_40,HTML_MESSAGE, > MIME_HTML_ONLY autolearn=no version=2.63 > X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on sys16.mail.msu.edu > X-Spam-Level: > > ********************** > Tim Potter <>< > Information Officer > MSU Alumni Association > E. Lansing, MI 48824 > Toll-free: 877/ MSU-ALUM (678-2586) > Ph: 517/432-1160 > Fax: 517/432-7769 > Stay Connected! www.msualum.com > > . >