Is my email server being used for spam?

am 18.07.2005 20:21:43 von p2000j

Hi!

I have two email servers. I know running dnsstuff.com (spam tests),
says I passed and don't relay,, BUT, I'm wondering if my first email
server is Hacked?, of which being used to forward SPAM to my other
email server and users? Here is the output header of a message that is
SPAM, coming to Me on my Other email server through my first email
server:

-----------------------
Return-Path:
Received: from localhost.localdomain ("MyFirstServer"jollySpam.com
["MyIP"66.87.106.15])
by "MySecondServer"rcofe.com (8.13.0/8.13.0) with ESMTP id
j6II5snI014359
for ; Mon, 18 Jul 2005 14:05:54
-0400
Received: from COM ([211.207.95.176])
by localhost.localdomain (8.13.0/8.13.0) with SMTP id
j6II0SlE022027
for ; Mon, 18 Jul 2005 14:00:32
-0400
X-Message-Info: LlWYW99glERtPRsi46ACnh6+JVnhro31yaoQIGOH
Received: from zpwdrzabqsn0.outgun.com (48) by v9-s67.outgun.com with
Microsoft SMTPSVC(5.0.2195.6824);
Mon, 18 Jul 2005 18:49:43 +0300
Received: from Olal2nle0uus8a (80) by qmgbl2.outgun.com
(InterMail vM.5.01.06.05 961-102-027-271-136-03203) with SMTP
id
<404074038.XG53.tmdtlx2079.outgun.com@backboardfde32yvw96dm76nbf>
for ; Mon, 18 Jul 2005 21:48:43
+0600
Message-ID: <9136d5oz18$4598151$rlm55ok0@Olao26gg472to8bkq>
From: ""Lucy Oneal""
To:
Subject: Re: ..check this method out for your site...
Date: Mon, 18 Jul 2005 11:56:43 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--180635436468606885"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
ns.MYDNSEmailServer.com
X-Spam-Status: No, hits=0.0 required=3.0 tests=none autolearn=ham
version=2.63
X-Spam-Level:
CHARITY CONTACT:

...email your web site to 4,600,000+ opt-in email addresses for free...

http://www.optin2millions.net
-----------------------
The email server users on each server are about equal, but on Email
server two, the amount of email transfer per day is 200% higher than
the email server 1.

Any Thoughts?

Re: Is my email server being used for spam?

am 19.07.2005 03:35:02 von Alan Connor

On comp.mail.misc, in <1121710902.981940.322960@f14g2000cwb.googlegroups.com>, "p2000j@yahoo.com" wrote:

If you can't even use a real newsreader, there's no way
you could understand the answer to your question.

[Note: I don't read the posts of "Sam" or any of his
many aliases, nor any responses to them. Before this
jerk's posts (and any responses to them) reach my
newsreader, the subjects are replaced by XXXXXXX.]

AC

--
If you are posting through google for any purpose
other than learning to use a real newsreader,
many of us will not answer your questions.
---- news.software.readers ----

Re: Is my email server being used for spam?

am 19.07.2005 07:35:48 von p2000j

Your a Dork Speaking From Out Of Your As*!!

Re: Is my email server being used for spam?

am 19.07.2005 08:54:10 von NormanM

On 18 Jul 2005 22:35:48 -0700, p2000j@yahoo.com wrote:

> Your a Dork Speaking From Out Of Your As*!!

You win a genuine Cuban cigar!

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Re: Is my email server being used for spam?

am 19.07.2005 15:58:00 von Steve Baker

On 18 Jul 2005 11:21:43 -0700, p2000j@yahoo.com wrote:

> Hi!
>
> I have two email servers. I know running dnsstuff.com (spam tests),
>says I passed and don't relay,, BUT, I'm wondering if my first email
>server is Hacked?, of which being used to forward SPAM to my other
>email server and users? Here is the output header of a message that is
>SPAM, coming to Me on my Other email server through my first email
>server:

It looks like server First is accepting, and then relaying, email
addressed to users at server Second. There's nothing wrong with that.
Possibly server First is listed as a backup MX for addresses at server
Second? Spammers often try "less preferred" MX servers to try to sneak
through filters.
Is 66.87.106.15 really the IP address? If so, something seems broken,
it isn't answering on port 25. They might be trying a secondary server
just because the primary is down.

Steve Baker

>
>-----------------------
>Return-Path:
>Received: from localhost.localdomain ("MyFirstServer"jollySpam.com
>["MyIP"66.87.106.15])
> by "MySecondServer"rcofe.com (8.13.0/8.13.0) with ESMTP id
>j6II5snI014359
> for ; Mon, 18 Jul 2005 14:05:54
>-0400
>Received: from COM ([211.207.95.176])
> by localhost.localdomain (8.13.0/8.13.0) with SMTP id
>j6II0SlE022027

Re: Is my email server being used for spam?

am 20.07.2005 00:48:48 von Sam

FAQ: Canonical list of questions Beavis refuses to answer (V1.40) (was Re: Is my email server

am 20.07.2005 00:49:14 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-14077-1121737535-0005
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> On comp.mail.misc, in <1121710902.981940.322960@f14g2000cwb.googlegroups.com>, "p2000j@yahoo.com" wrote:
>
>
>
> If you can't even use a real newsreader, there's no way
> you could understand the answer to your question.

If you can't even answer questions to your own FAQ, Beavis, you should not
be posting to this newsgroup.

> [Note: it's not my fault that I'm a complete dumbass. I was dropped
> on my head as a child. See http://angel.1jh.com/nanae/kooks/alanconnor.shtml
> for more information]

FAQ: Canonical list of questions Beavis refuses to answer (V1.40)

This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.

For more information on Beavis, see:

http://angel.1jh.com/nanae/kooks/alanconnor.shtml

Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.

============================================================ ================

1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?

2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?

3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)

4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?

5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?

6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?

7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?

8) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?

9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."

Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?

10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?

11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?

12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?

13) You complain about some arch-nemesis of yours always posting forged
messages in your name. Can you come up with even a single URL, as an example
of what you're talking about?

14) You always complain about some mythical spammers that pretend to be
spamfighters (http://tinyurl.com/br4td). Who exactly are those people, and
can you post a copy of a spam that you supposedly received from them, that
proves that they're really spammers, and not spamfighters?

--=_mimegpg-commodore.email-scan.com-14077-1121737535-0005
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC3Fs/x9p3GYHlUOIRAo1AAJ0TJaUxxlcbBNLmUA5EasYQCqtwFgCd EqRZ
GUhsJ8olBoduv4PHbpcG0gA=
=qFcR
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-14077-1121737535-0005--