From owner-freebsd-questions@freebsd.org Mon Jun 6 14:56:23 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D3CDB6DEE2 for ; Mon, 6 Jun 2016 14:56:23 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90]) by mx1.freebsd.org (Postfix) with ESMTP id D71191696; Mon, 6 Jun 2016 14:56:22 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 9CD93CB8CA7; Mon, 6 Jun 2016 09:56:21 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 6 Jun 2016 09:56:21 -0500 (CDT) Message-ID: <28332.128.135.52.6.1465224981.squirrel@cosmo.uchicago.edu> Date: Mon, 6 Jun 2016 09:56:21 -0500 (CDT) Subject: Re: Fwd: Undeliverable: Re: sh[it] and What am I missing here? From: "Valeri Galtsev" To: "Ian Smith" Cc: "jd1008" , freebsd-questions@freebsd.org, postmaster@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal References: <20160606170212.P15883@sola.nimnet.asn.au> In-Reply-To: <20160606170212.P15883@sola.nimnet.asn.au> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 14:56:23 -0000 On Mon, June 6, 2016 2:29 am, Ian Smith wrote: > In freebsd-questions Digest, Vol 626, Issue 8, Message: 21 > On Sun, 05 Jun 2016 12:40:27 -0600 jd1008 > > > Why am I getting this after I reply to a post? > > The list must have a subscriber who is on a spamming server. > > If this continues, I believe I may have to unsubscribe to > > protect my machine from possible malware. > > > > > > Yo > > > > > > -------- Forwarded Message -------- > > Subject: Undeliverable: Re: sh[it] and What am I missing here? Date: Sun, 5 Jun 2016 13:36:55 -0500 > > From: Postmaster > > To: jd1008@gmail.com > [..] > > There was a problem delivering your email to: > > > > > > krad@snaffler.net > > Please DO NOT FORWARD spam and related material to this (or any) list. > Ian, I fully agree with you: people, do not amplify spam by forwarding the who thing to everybody. Here is just a piece of information that I can vouch for to be true about my copy of this spam. These are relevant lines added by _my_ server (which I trust) about the host that delivered it (name and IP of my server are obliterated purposefully): Received: from mx09.bounceio.net (mx09.bounceio.net [192.237.151.9]) by XXXX.uchicago.edu (Postfix) with ESMTP id 93F4DCB8C82 for ; Sun, 5 Jun 2016 22:04:56 -0500 (CDT) Now, the rest of the header as well as the content of what that machine sent me is not to be trusted (at least until one contacts that server admin and decides to trust him/her/them). The domain it came from has nothing to do with the recipient of undelivered message, therefore this server that delivered message to me either rogue server, or is poorly configured and is a source of backscatter (or trusts different server that is being source of backscatter). In any case it will be blocked on my servers. This server, however, is a part of group of the same setup, and I prefer to block the whole group. To get details I just use whois: $ whois 192.237.151.9 ... BounceIO RACKS-8-1375277654480348 (NET-192-237-151-8-1) 192.237.151.8 - 192.237.151.15 ... (now I have the whole range of IPs I will block). Is it reasonable to find out whether krad@snaffler.net is subscribed to mail list? No, in my opinion. He may be just an innocent victim, or his domain (snaffler.net) may be a victim of provider with poor configuration. Either way, the above list of IP addresses are the culprit for me. Nice way would be to attempt to contact their sysadmin (by sending e-mail to the postmaster postmaster@snaffler-net.bounceio.net, - address bounce message claimed to be sent from, and yes, it seems to be existing in DNS). > Then other people will lazily top-post and quote the whole bloody lot again, and again .. as just amply demonstrated. > > If you have any sort of problem with spam, or this sort of issue - that comes up here repeatedly - the correct thing to do is to forward the mail in question - including absolutely ALL of the mail headers - to postmaster@freebsd.org > > It is pointless, and annoying, to say "will someone pleae unsubscribe so-and-so from the list." Postmaster is responsible for _scores_ of lists, and certainly hasn't time to read this one. Direct mail to postmaster@, with sufficient detail to actually reveal the problem, usually has good results in my experience. > > Deleting all the crap, at the bottom of your (digest) message was: > > > -------------- next part -------------- > > An embedded message was scrubbed... > > From: jd1008 > > Subject: Re: sh[it] and What am I missing here? > > Date: Sun, 05 Jun 2016 12:26:28 -0600 > > Size: 7858 > > URL: > > > If you download that attachment you than have all the headers needed by postmaster@ to see the problem delivery. Hint: the message was actually > > Delivered-To: chrisscott1066@tiscali.co.uk > Received: from cm12gb1 (10.101.251.12) by > mail.svcgb1.int.opaltelecom.net > (8.6.141.03) id 574E52E2004546F2 for chris_scott@ukgateway.net; Sun, 5 Jun 2016 19:26:59 +0100 > Received: from mx2.freebsd.org ([8.8.178.116]) by mx.talktalk.net with SMTP > id 9clFbbvm5kpdi9clGbuKNn; Sun, 05 Jun 2016 19:26:59 +0100 > X-Delivered-To: chris_scott@ukgateway.net > Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) > (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) > (No client certificate requested) > by mx2.freebsd.org (Postfix) with ESMTPS id 6D77E6CAA2; > Sun, 5 Jun 2016 18:26:56 +0000 (UTC) > (envelope-from owner-freebsd-questions@freebsd.org) > > And as you'll see, went through a very circuitous path, via some very screwy looking servers .. note this one: > > X-SMTP-MAILFROM: > <srs0=hysflox2=r5=freebsd.org=owner-freebsd-questions@tiscali.co.uk> > > Seems tiscali.co.uk is in the mix; owner-freebsd-questions@freebsd.org was the original sender, so that one at least is forged. > > I'll do you the favour of copying this mail to postmaster@freebsd.org but in future please don't spam the list with this sort of stuff, ta! > > Ian > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++