webeinspunktnull
24.03.2004, 18:09
Ich bekomme, weil meine Mailaddy benutzt wird für den einen aktuellen Virus ja täglich ein paar Bounces. Die meisten kenne ich, da sie in dieser Form öfters auftreten, typische Mitteilungen eben. Die erste Zeile kenni ch schon vonm andern Bounces, aberd er Rest ist komplett neu, so ausführlich wurd noch nie gebounced
So einen Bounce hatte ich noch nie und ich frage mich da, was genau beinhaltet der Bounce. Hat da wer Ahnung von?
Header interpretieren geht ja schon ganz gut, mich würde mal Bounce interpretieren interessieren... Kanns wer mal ein bissel umreissen - auch warum da mehrere Absender mit drin sind?
Hi. This is the qmail-send program at upsilon.pair.com.
I`m afraID: [ID filtered]
This is a permanent error; I`ve given up. Sorry it didn`t work out.
<crenz-wekemann at web42.com>:
No executables, please.
Message rejected.
--- Below this line is a copy of the message.
Return-Path: <meinemailaddy>
Received: (qmail 73799 invoked from network); 24 Mar 2004 xx:xx:xx -0000
Received: from web12.manitu.net (217.11.48.112)
by upsilon.pair.com with SMTP; 24 Mar 2004 xx:xx:xx -0000
Received: from wekemann.dyndns.org (G7e67.g.pppool.de [80.185.126.103])
by web12.manitu.net (8.10.2-SOL3/8.10.2) with ESMTP ID: [ID filtered]
for <crenz-wekemann at web42.com>; Wed, 24 Mar 2004 xx:xx:xx +0100
Received: by wekemann.dyndns.org (Postfix)
ID: [ID filtered]
Delivered-To: crenz at wekemann.de
Received: by wekemann.dyndns.org (Postfix, from userID: [ID filtered]
ID: [ID filtered]
Received: from localhost (localhost [127.0.0.1])
by wekemann.dyndns.org (Postfix) with ESMTP ID: [ID filtered]
for <postmaster [at] localhost>; Wed, 24 Mar 2004 xx:xx:xx +0100 (CET)
Envelope-to: postmaster at rehamarkt.de
Delivery-date: Wed, 24 Mar 2004 xx:xx:xx +0100
Received: from mail.LF.net [212.9.160.2]
by localhost with POP3 (fetchmail-5.9.11)
for postmaster [at] localhost (multi-drop); Wed, 24 Mar 2004 xx:xx:xx +0100 (CET)
Received: from exim by mail.LF.net with spam-scanned (Exim 4.22)
ID: [ID filtered]
for postmaster at rehamarkt.de; Wed, 24 Mar 2004 xx:xx:xx +0100
Received: from localhost [127.0.0.1] by isc.lf.net
with SpamAssassin (2.60 1.212-2003-09-23-exp);
Wed, 24 Mar 2004 xx:xx:xx +0100
From: meineaddy
To: info at rehamarkt.de
Subject: [SPAM] Re: Excel file
Date: Wed, 24 Mar 2004 xx:xx:xx +0100
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40612EEA.8D174925"
X-UIDL: [UID filtered]
X-Spam-Status: No, hits=2.6 required=5.0
tests=MICROSOFT_EXECUTABLE,NO_REAL_NAME,UPPERCASE_25_50
version=2.55
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
This is a multi-part message in MIME format.
------------=_40612EEA.8D174925
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "isc.lf.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn`t spam) or block
similar future email. If you have any questions, see
support [at] LF.net for details.
Content preview: Your document is attached. [skipped
application/octet-stream attachment] [...]
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 NO_REAL_NAME From: does not include a real name
0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
[score: 0.5122]
0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program
3.0 MSGID_FROM_MTA_SHORT Message-ID: [ID filtered]
0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender dID: [ID filtered]
[80.128.119.30 listed in dnsbl.njabl.org]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[80.128.119.30 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[80.128.119.30 listed in dnsbl.sorbs.net]
1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.2 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_40612EEA.8D174925
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from p5080771e.dip.t-dialin.net ([80.128.119.30] helo=rehamarkt.de)
by mail.LF.net with esmtp (Exim 4.22)
ID: [ID filtered]
for info at rehamarkt.de; Wed, 24 Mar 2004 xx:xx:xx +0100
From: meineaddy
To: info at rehamarkt.de
Subject: Re: Excel file
Date: Wed, 24 Mar 2004 xx:xx:xx +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_00002436.0000177C"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: [ID filtered]
This is a multi-part message in MIME format.
------=_NextPart_000_0011_00002436.0000177C
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Your document is attached.
------=_NextPart_000_0011_00002436.0000177C
Content-Type: application/octet-stream;
name="document_excel.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="document_excel.pif"
--
Wehret den Anfängen!
So einen Bounce hatte ich noch nie und ich frage mich da, was genau beinhaltet der Bounce. Hat da wer Ahnung von?
Header interpretieren geht ja schon ganz gut, mich würde mal Bounce interpretieren interessieren... Kanns wer mal ein bissel umreissen - auch warum da mehrere Absender mit drin sind?
Hi. This is the qmail-send program at upsilon.pair.com.
I`m afraID: [ID filtered]
This is a permanent error; I`ve given up. Sorry it didn`t work out.
<crenz-wekemann at web42.com>:
No executables, please.
Message rejected.
--- Below this line is a copy of the message.
Return-Path: <meinemailaddy>
Received: (qmail 73799 invoked from network); 24 Mar 2004 xx:xx:xx -0000
Received: from web12.manitu.net (217.11.48.112)
by upsilon.pair.com with SMTP; 24 Mar 2004 xx:xx:xx -0000
Received: from wekemann.dyndns.org (G7e67.g.pppool.de [80.185.126.103])
by web12.manitu.net (8.10.2-SOL3/8.10.2) with ESMTP ID: [ID filtered]
for <crenz-wekemann at web42.com>; Wed, 24 Mar 2004 xx:xx:xx +0100
Received: by wekemann.dyndns.org (Postfix)
ID: [ID filtered]
Delivered-To: crenz at wekemann.de
Received: by wekemann.dyndns.org (Postfix, from userID: [ID filtered]
ID: [ID filtered]
Received: from localhost (localhost [127.0.0.1])
by wekemann.dyndns.org (Postfix) with ESMTP ID: [ID filtered]
for <postmaster [at] localhost>; Wed, 24 Mar 2004 xx:xx:xx +0100 (CET)
Envelope-to: postmaster at rehamarkt.de
Delivery-date: Wed, 24 Mar 2004 xx:xx:xx +0100
Received: from mail.LF.net [212.9.160.2]
by localhost with POP3 (fetchmail-5.9.11)
for postmaster [at] localhost (multi-drop); Wed, 24 Mar 2004 xx:xx:xx +0100 (CET)
Received: from exim by mail.LF.net with spam-scanned (Exim 4.22)
ID: [ID filtered]
for postmaster at rehamarkt.de; Wed, 24 Mar 2004 xx:xx:xx +0100
Received: from localhost [127.0.0.1] by isc.lf.net
with SpamAssassin (2.60 1.212-2003-09-23-exp);
Wed, 24 Mar 2004 xx:xx:xx +0100
From: meineaddy
To: info at rehamarkt.de
Subject: [SPAM] Re: Excel file
Date: Wed, 24 Mar 2004 xx:xx:xx +0100
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40612EEA.8D174925"
X-UIDL: [UID filtered]
X-Spam-Status: No, hits=2.6 required=5.0
tests=MICROSOFT_EXECUTABLE,NO_REAL_NAME,UPPERCASE_25_50
version=2.55
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
This is a multi-part message in MIME format.
------------=_40612EEA.8D174925
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "isc.lf.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn`t spam) or block
similar future email. If you have any questions, see
support [at] LF.net for details.
Content preview: Your document is attached. [skipped
application/octet-stream attachment] [...]
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 NO_REAL_NAME From: does not include a real name
0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
[score: 0.5122]
0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program
3.0 MSGID_FROM_MTA_SHORT Message-ID: [ID filtered]
0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender dID: [ID filtered]
[80.128.119.30 listed in dnsbl.njabl.org]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[80.128.119.30 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[80.128.119.30 listed in dnsbl.sorbs.net]
1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.2 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_40612EEA.8D174925
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from p5080771e.dip.t-dialin.net ([80.128.119.30] helo=rehamarkt.de)
by mail.LF.net with esmtp (Exim 4.22)
ID: [ID filtered]
for info at rehamarkt.de; Wed, 24 Mar 2004 xx:xx:xx +0100
From: meineaddy
To: info at rehamarkt.de
Subject: Re: Excel file
Date: Wed, 24 Mar 2004 xx:xx:xx +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_00002436.0000177C"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: [ID filtered]
This is a multi-part message in MIME format.
------=_NextPart_000_0011_00002436.0000177C
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Your document is attached.
------=_NextPart_000_0011_00002436.0000177C
Content-Type: application/octet-stream;
name="document_excel.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="document_excel.pif"
--
Wehret den Anfängen!