[WBEL-users] (no subject)
bill davidsen
davidsen@tmr.com
Wed, 28 Jan 2004 12:31:22 -0500
In article <1075287163.25534.34.camel@myth.home.local> you write:
>Not that it really matters ... but the W32.Novarg.A@mm virus that was
>sent into this list yesterday with the from address of
>mailing-lists@hughesjr.com did not originate at hughesjr.com.
>
>I had no infected computers here. Novarg spoofs the from field in it's
>e-mails, but if you are curious where an e-mail actually came from, you
>can look at the IP address in the e-mail headers.
This tells us several things, one of them being that the M/L host
machine or list software might want to put certain messages in a
set-aside queue for human check.
I doubt anyone actually thought you originated the message...
|
| In the case of this specific e-mail that made it into this list with my
| address spoofed into the from field it says:
|
| "Received: from hughesjr.com ([81.185.63.249]) by odin.library.beau.org
| (8.11.6/8.11.6) with ESMTP id i0RGM1i29656 for
| <whitebox-users@beau.org>; Tue, 27 Jan 2004 10:22:01 -0600"
|
| The computer that actually sent the e-mail was 81.185.63.249 and the
| information from the www.ripe.net whois database shows that the IP
| originates from a telecom in France. He is the info:
|
| inetnum: 81.185.0.0 - 81.185.255.255
| netname: FR-9-TELECOM-20021230
| descr: Provider Local Registry
| descr: 9 Telecom
| country: FR
|
| Thanks,
|
| -Johnny Hughes
|
| On Tue, 2004-01-27 at 10:22, mailing-lists@hughesjr.com wrote:
| > Mail transaction failed. Partial message is available.
| >
| >
--
bill davidsen <davidsen@tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.