Единорог изо льда...
кто расшифрует заголовок спам-мыла?
Этот спамер использовал домен Сиботаку. Вроде не вижу, чтобы он использовал мой смтп. Может я ошибаюсь и как с ним бороться?
"Исходный текст письма"Return-Path: <[email protected]>
Received: from sibotaku.ru (122.2.126.192.pldt.net [122.2.126.192] (may be forged))
by kravtb.vtb.ru (8.12.11/8.12.11) with ESMTP id l4PF4E4M018080;
Fri, 25 May 2007 23:04:14 +0800 (KRAST)
(envelope-from [email protected])
Message-Id: <[email protected]>
Received: from [122.2.126.192] by [212.41.11.122] with ESMTP; Sat, 26 May 2007 00:13:24 +0800
From: =?koi8-r?B?69LV0M7B0SDQ0s/J2tfPxNPU18XOzsHRIMvPzdDBzsnR?= <[email protected]>
To: bywrlkofc <[email protected]>
Subject: =?koi8-r?B?8PLp5+zh++Hl7SDu4SDy4eLv9PUg8/Ty7/Dh7Pj96evv9ywg7eH76e7p8/Tv9yDr8uHu7/csIPfv?=
=?koi8-r?B?5On05ezl6g==?=
Date: Fri, 25 May 2007 19:05:40 +0300
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4656FAEF.C390D376"
X-Spam-Flag: YES
X-Spam-Status: Yes, score=11.2 required=4.0 tests=BAYES_99,FORGED_RCVD_HELO,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_DOUBLE_IP_LOOSE,RCVD_IN_NJABL_DUL,
RCVD_IN_XBL,SUBJECT_ENCODED_TWICE autolearn=no version=3.1.1
X-Spam-Level: ***********
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on kravtb.vtb.ru
------------=_4656FAEF.C390D376
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Spam detection software, running on the system "kravtb.vtb.ru", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: =EB=D2=D5=D0=CE=C1=D1 =D0=D2=CF=C9=DA=D7=CF=C4=D3=D4=D7=
=C5=CE=CE=C1=D1 =CB=CF=CD=D0=C1=CE=C9=D1 =D0=D2=C9=C7=CC=C1=DB=C1=C5=D4 =CE=
=C1
=D0=CF=D3=D4=CF=D1=CE=CE=D5=C0 =D2=C1=C2=CF=D4=D5 =D7 =C2=CC=C9=D6=C1=CA=
=DB=C5=CD =F0=EF=E4=ED=EF=F3=EB=EF=F7=F8=E5: =E2=F2=E9=E7=E1=E4=E9=F2=EF=F7
=D0=CF=C7=D2=D5=DA=CF-=D2=C1=DA=C7=D2=D5=DA=CF=DE=CE=D9=C8 =D2=C1=C2=CF=
=D4 =F3=F4=F2=EF=F0=E1=EC=F8=FD=E9=EB=EF=F7, =F5=FE=E5=EE=E9=EB=EF=F7 =F3=
=F4=F2=EF=F0=E1=EC=F8=FD=E9=EB=EF=F7
=ED=E1=FB=E9=EE=E9=F3=F4=EF=F7 =CD=CF=D3=D4=CF=D7=D9=C8 =C9 =CB=CF=DA=CC=
=CF=D7=D9=C8 =CB=D2=C1=CE=CF=D7 =F7=EF=E4=E9=F4=E5=EC=E5=EA =EB=E1=F4. =E5=
. [...]=20
Content analysis details: (11.2 points, 4.0 required)
pts rule name desсriрtion
---- ---------------------- ---------------------------------------------=
-----
1.7 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9997]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[122.2.126.192 listed in sbl-xbl.spamhaus.org=
]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[122.2.126.192 listed in combined.njabl.org]
0.0 RCVD_DOUBLE_IP_LOOSE Received: by and from look like IP addresses
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4656FAEF.C390D376
Content-Type: message/rfc822; x-spam-type=original
Content-Desсriрtion: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 7bit
X-Envelope-From: <[email protected]>
X-Envelope-To: <[email protected]>
Received: from sibotaku.ru (122.2.126.192.pldt.net [122.2.126.192] (may be forged)) by kravtb.vtb.ru; Fri, 25 May 2007 23:04:14 +0800 (KRAST)
X-Envelope-To: <[email protected]>
Received: from [122.2.126.192] by [212.41.11.122] with ESMTP; Sat, 26 May 2007 00:13:24 +0800
From: =?koi8-r?B?69LV0M7B0SDQ0s/J2tfPxNPU18XOzsHRIMvPzdDBzsnR?= <[email protected]>
To: bywrlkofc <[email protected]>
Subject: =?koi8-r?B?8PLp5+zh++Hl7SDu4SDy4eLv9PUg8/Ty7/Dh7Pj96evv9ywg7eH76e7p8/Tv9yDr8uHu7/csIPfv?=
=?koi8-r?B?5On05ezl6g==?=
Date: Fri, 25 May 2007 19:05:40 +0300
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: text/html; charset="koi8-r"
<HTML><HEAD>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<TABLE style="FONT-FAMILY: Arial, Helvetica, sans-serif" borderColor=#ff0000
cellSpacing=0 cellPadding=11 width=700 align=center border=1>
<TBODY>
<TR>
<TD bgColor=#ffff99>
<P align=center><FONT color=#000099 size=4>лТХРОБС РТПЙЪЧПДУФЧЕООБС
ЛПНРБОЙС <BR>РТЙЗМБЫБЕФ ОБ РПУФПСООХА ТБВПФХ Ч<BR><b>ВМЙЦБКЫЕН
рпднпулпчше:</b></FONT></P>
<UL>
<LI><FONT size=5><b><FONT
color=#ff0000>втйзбдйтпч</FONT></b></FONT><b><FONT
color=#ff0000 size=4> РПЗТХЪП-ТБЪЗТХЪПЮОЩИ ТБВПФ </FONT></b></LI>
<LI><FONT color=#ff0000 size=5><b>уфтпрбмшэйлпч</b>,
<b>хюеойлпч уфтпрбмшэйлпч</b> </FONT></LI>
<LI><FONT color=#ff0000 size=4><b><FONT size=5>нбыйойуфпч</FONT>
НПУФПЧЩИ Й ЛПЪМПЧЩИ ЛТБОПЧ </b></FONT></LI>
<LI><FONT color=#ff0000 size=4><b><FONT size=5>чпдйфемек лбф.
е.</FONT></b></FONT><FONT color=#ff0000 size=5> </FONT></LI></UL>
<P><FONT color=#000099 size=4>фТЕВПЧБОЙС: </FONT><FONT size=4><BR><FONT
color=#ff0000><b>зТБЦДБОУФЧП тж, вЕМПТХУУЙЙ, нПМДПЧЩ,
хЛТБЙОЩ.</b></FONT><BR>пРЩФ ТБВПФЩ ЦЕМБФЕМЕО. </FONT></P>
<P><FONT color=#000099 size=4>хУМПЧЙС ТБВПФЩ: </FONT></P>
<UL>
<LI><FONT size=3>ЧЩУПЛБС Й УФБВЙМШОБС ЪБТБВПФОБС РМБФБ</FONT></LI>
<LI><FONT size=3>ПЖЙГЙБМШОПЕ ФТХДПХУФТПКУФЧП</FONT></LI>
<LI><FONT size=3>ВЕУРМБФОЩЕ ПВЕДЩ</FONT></LI>
<LI><FONT size=3>ПВЭЕЦЙФЙЕ, ЧБИФПЧЩК ЗТБЖЙЛ</FONT></LI></UL>
<P><b><FONT color=#ff0000 size=4>рТЙЗМБЫБЕН Л УПФТХДОЙЮЕУФЧХ
АТЙДЙЮЕУЛЙИ Й ЖЙЪЙЮЕУЛЙИ МЙГ, ПЛБЪЩЧБАЭЙИ ХУМХЗЙ РП РПДВПТХ
РЕТУПОБМБ ДМС УФТПЙФЕМШОЩИ Й РТПЙЪЧПДУФЧЕООЩИ
ЛПНРБОЙК.</FONT></b></P>
<P><FONT size=4>фЕМЕЖПО:<b> <FONT color=#000099
size=5>8-916-698-76-51</FONT></b><BR>e-mail: <A
href="mailto:[email protected]">[email protected]</A>
</FONT></P></TD></TR></TBODY></TABLE></FONT></DIV></BODY></HTML>
------------=_4656FAEF.C390D376--
Этот спамер использовал домен Сиботаку. Вроде не вижу, чтобы он использовал мой смтп. Может я ошибаюсь и как с ним бороться?
"Исходный текст письма"Return-Path: <[email protected]>
Received: from sibotaku.ru (122.2.126.192.pldt.net [122.2.126.192] (may be forged))
by kravtb.vtb.ru (8.12.11/8.12.11) with ESMTP id l4PF4E4M018080;
Fri, 25 May 2007 23:04:14 +0800 (KRAST)
(envelope-from [email protected])
Message-Id: <[email protected]>
Received: from [122.2.126.192] by [212.41.11.122] with ESMTP; Sat, 26 May 2007 00:13:24 +0800
From: =?koi8-r?B?69LV0M7B0SDQ0s/J2tfPxNPU18XOzsHRIMvPzdDBzsnR?= <[email protected]>
To: bywrlkofc <[email protected]>
Subject: =?koi8-r?B?8PLp5+zh++Hl7SDu4SDy4eLv9PUg8/Ty7/Dh7Pj96evv9ywg7eH76e7p8/Tv9yDr8uHu7/csIPfv?=
=?koi8-r?B?5On05ezl6g==?=
Date: Fri, 25 May 2007 19:05:40 +0300
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4656FAEF.C390D376"
X-Spam-Flag: YES
X-Spam-Status: Yes, score=11.2 required=4.0 tests=BAYES_99,FORGED_RCVD_HELO,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_DOUBLE_IP_LOOSE,RCVD_IN_NJABL_DUL,
RCVD_IN_XBL,SUBJECT_ENCODED_TWICE autolearn=no version=3.1.1
X-Spam-Level: ***********
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on kravtb.vtb.ru
------------=_4656FAEF.C390D376
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Spam detection software, running on the system "kravtb.vtb.ru", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: =EB=D2=D5=D0=CE=C1=D1 =D0=D2=CF=C9=DA=D7=CF=C4=D3=D4=D7=
=C5=CE=CE=C1=D1 =CB=CF=CD=D0=C1=CE=C9=D1 =D0=D2=C9=C7=CC=C1=DB=C1=C5=D4 =CE=
=C1
=D0=CF=D3=D4=CF=D1=CE=CE=D5=C0 =D2=C1=C2=CF=D4=D5 =D7 =C2=CC=C9=D6=C1=CA=
=DB=C5=CD =F0=EF=E4=ED=EF=F3=EB=EF=F7=F8=E5: =E2=F2=E9=E7=E1=E4=E9=F2=EF=F7
=D0=CF=C7=D2=D5=DA=CF-=D2=C1=DA=C7=D2=D5=DA=CF=DE=CE=D9=C8 =D2=C1=C2=CF=
=D4 =F3=F4=F2=EF=F0=E1=EC=F8=FD=E9=EB=EF=F7, =F5=FE=E5=EE=E9=EB=EF=F7 =F3=
=F4=F2=EF=F0=E1=EC=F8=FD=E9=EB=EF=F7
=ED=E1=FB=E9=EE=E9=F3=F4=EF=F7 =CD=CF=D3=D4=CF=D7=D9=C8 =C9 =CB=CF=DA=CC=
=CF=D7=D9=C8 =CB=D2=C1=CE=CF=D7 =F7=EF=E4=E9=F4=E5=EC=E5=EA =EB=E1=F4. =E5=
. [...]=20
Content analysis details: (11.2 points, 4.0 required)
pts rule name desсriрtion
---- ---------------------- ---------------------------------------------=
-----
1.7 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9997]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[122.2.126.192 listed in sbl-xbl.spamhaus.org=
]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[122.2.126.192 listed in combined.njabl.org]
0.0 RCVD_DOUBLE_IP_LOOSE Received: by and from look like IP addresses
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4656FAEF.C390D376
Content-Type: message/rfc822; x-spam-type=original
Content-Desсriрtion: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 7bit
X-Envelope-From: <[email protected]>
X-Envelope-To: <[email protected]>
Received: from sibotaku.ru (122.2.126.192.pldt.net [122.2.126.192] (may be forged)) by kravtb.vtb.ru; Fri, 25 May 2007 23:04:14 +0800 (KRAST)
X-Envelope-To: <[email protected]>
Received: from [122.2.126.192] by [212.41.11.122] with ESMTP; Sat, 26 May 2007 00:13:24 +0800
From: =?koi8-r?B?69LV0M7B0SDQ0s/J2tfPxNPU18XOzsHRIMvPzdDBzsnR?= <[email protected]>
To: bywrlkofc <[email protected]>
Subject: =?koi8-r?B?8PLp5+zh++Hl7SDu4SDy4eLv9PUg8/Ty7/Dh7Pj96evv9ywg7eH76e7p8/Tv9yDr8uHu7/csIPfv?=
=?koi8-r?B?5On05ezl6g==?=
Date: Fri, 25 May 2007 19:05:40 +0300
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: text/html; charset="koi8-r"
<HTML><HEAD>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<TABLE style="FONT-FAMILY: Arial, Helvetica, sans-serif" borderColor=#ff0000
cellSpacing=0 cellPadding=11 width=700 align=center border=1>
<TBODY>
<TR>
<TD bgColor=#ffff99>
<P align=center><FONT color=#000099 size=4>лТХРОБС РТПЙЪЧПДУФЧЕООБС
ЛПНРБОЙС <BR>РТЙЗМБЫБЕФ ОБ РПУФПСООХА ТБВПФХ Ч<BR><b>ВМЙЦБКЫЕН
рпднпулпчше:</b></FONT></P>
<UL>
<LI><FONT size=5><b><FONT
color=#ff0000>втйзбдйтпч</FONT></b></FONT><b><FONT
color=#ff0000 size=4> РПЗТХЪП-ТБЪЗТХЪПЮОЩИ ТБВПФ </FONT></b></LI>
<LI><FONT color=#ff0000 size=5><b>уфтпрбмшэйлпч</b>,
<b>хюеойлпч уфтпрбмшэйлпч</b> </FONT></LI>
<LI><FONT color=#ff0000 size=4><b><FONT size=5>нбыйойуфпч</FONT>
НПУФПЧЩИ Й ЛПЪМПЧЩИ ЛТБОПЧ </b></FONT></LI>
<LI><FONT color=#ff0000 size=4><b><FONT size=5>чпдйфемек лбф.
е.</FONT></b></FONT><FONT color=#ff0000 size=5> </FONT></LI></UL>
<P><FONT color=#000099 size=4>фТЕВПЧБОЙС: </FONT><FONT size=4><BR><FONT
color=#ff0000><b>зТБЦДБОУФЧП тж, вЕМПТХУУЙЙ, нПМДПЧЩ,
хЛТБЙОЩ.</b></FONT><BR>пРЩФ ТБВПФЩ ЦЕМБФЕМЕО. </FONT></P>
<P><FONT color=#000099 size=4>хУМПЧЙС ТБВПФЩ: </FONT></P>
<UL>
<LI><FONT size=3>ЧЩУПЛБС Й УФБВЙМШОБС ЪБТБВПФОБС РМБФБ</FONT></LI>
<LI><FONT size=3>ПЖЙГЙБМШОПЕ ФТХДПХУФТПКУФЧП</FONT></LI>
<LI><FONT size=3>ВЕУРМБФОЩЕ ПВЕДЩ</FONT></LI>
<LI><FONT size=3>ПВЭЕЦЙФЙЕ, ЧБИФПЧЩК ЗТБЖЙЛ</FONT></LI></UL>
<P><b><FONT color=#ff0000 size=4>рТЙЗМБЫБЕН Л УПФТХДОЙЮЕУФЧХ
АТЙДЙЮЕУЛЙИ Й ЖЙЪЙЮЕУЛЙИ МЙГ, ПЛБЪЩЧБАЭЙИ ХУМХЗЙ РП РПДВПТХ
РЕТУПОБМБ ДМС УФТПЙФЕМШОЩИ Й РТПЙЪЧПДУФЧЕООЩИ
ЛПНРБОЙК.</FONT></b></P>
<P><FONT size=4>фЕМЕЖПО:<b> <FONT color=#000099
size=5>8-916-698-76-51</FONT></b><BR>e-mail: <A
href="mailto:[email protected]">[email protected]</A>
</FONT></P></TD></TR></TBODY></TABLE></FONT></DIV></BODY></HTML>
------------=_4656FAEF.C390D376--
-
-
26.05.2007 в 10:52хотя айпишник 212.41.11.122 интересен...
-
-
26.05.2007 в 17:13Вот этот вообще на филиппинах находится https://www.nic.ru/whois/?query=122.2.126.192
Всё равно не приятно...