Es ist wieder Mugu-Time:
header:
01: Received: from smtp23.services.sfr.fr (smtp23.services.sfr.fr
02: [93.17.128.19])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Wed, 9 Sep 2009 xx:xx:xx +0200 (CEST)
05: Received: from User (unknown [115.134.221.71])
06: by msfrf2303.sfr.fr (SMTP Server) with ESMTP ID: [ID filtered]
07: Wed, 9 Sep 2009 xx:xx:xx +0200 (CEST)
IP: 115.134.221.71 ---> TELEKOM MALAYSIA BERHAD
die Madrid-Konnektion:
header:
01: Received: from 30.Red-88-25-45.staticIP.rima-tde.net (EHLO
02: mx4.hotmail.com) [88.25.45.30]
03: by mx0.gmx.net (mx035) with SMTP; 10 Sep 2009 xx:xx:xx +0200
Muguphon: +34-656462003 ---> France Telecom Espana
gecrackter Uni-Account der Amsterdam-Mafia:
header:
01: Received: from puma.mail.utk.edu (puma.mail.utk.edu [160.36.178.106])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Thu, 10 Sep 2009 xx:xx:xx +0200 (CEST)
06: Received: from User (ip254-30-210-87.adsl2.static.versatel.nl
07: [87.210.30.254])
08: (authenticated bits=0)
09: by puma.mail.utk.edu (8.13.6/8.13.4) with ESMTP ID: [ID filtered]
10: Wed, 9 Sep 2009 xx:xx:xx -0400
header:
01: Received: from mail.fjord.eu
02: (host131-66-static.114-81-b.business.telecomitalia.it [81.114.66.131])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Thu, 10 Sep 2009 xx:xx:xx +0200 (CEST)
07: Received: from User ([82.128.70.218])
08: (authenticated user info [at] fjord.eu)
09: by mail.fjord.eu;
10: Thu, 10 Sep 2009 xx:xx:xx +0200
IP: 82.128.70.218 ---> Multilinks Telecommunications Limited, Nigeria
die Madrid-Konnektion:
header:
01: Received: from dns1.imagechem.com.tw (unknown [210.243.245.250])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Thu, 10 Sep 2009 xx:xx:xx +0200 (CEST)
04: Received: by dns1.imagechem.com.tw (Postfix, from userID: [ID filtered]
05: ID: [ID filtered]
06: Received: from User (unknown [77.209.165.215])
07: by dns1.imagechem.com.tw (Postfix) with ESMTP
08: ID: [ID filtered]
IP: 77.209.165.215 ---> VODAFONE_SPAIN_NETWORK
Da steht beim Server mal wieder der Hosenlatz offen:
header:
01: Received: from ds00000199.customer-net.de (ds00000199.customer-net.de
02: [62.116.166.199])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Thu, 10 Sep 2009 xx:xx:xx +0200 (CEST)
07: Received: from ds00000199.customer-net.de (localhost [127.0.0.1])
08: by ds00000199.customer-net.de (8.13.4/8.13.4/Debian-3sarge3) with ESMTP
09: ID: [ID filtered]
10: (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
11: for xxxxx; Thu, 10 Sep 2009 xx:xx:xx +0200
12: Received: (from www-data [at] localhost)
13: by ds00000199.customer-net.de (8.13.4/8.13.4/Submit) ID: [ID filtered]
14: Thu, 10 Sep 2009 xx:xx:xx +0200
header:
01: Received: from ardweb01.ardit.lv (mail.ardit.lv [62.85.27.11])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Fri, 11 Sep 2009 xx:xx:xx +0200 (CEST)
06: Received: from User (unknown [82.128.33.2])
07: by ardweb01.ardit.lv (Postfix) with ESMTP ID: [ID filtered]
08: Thu, 10 Sep 2009 xx:xx:xx +0300 (EEST)
IP: 82.128.33.2 ---> Multilinks Telecommunications Limited, Nigeria
Muguphon: 1-772 778 6138 ---> Bellsouth Telecom Inc Dba Southern Bell Tel
Mugufax: 1-772 778 6091 ---> Bellsouth Telecom Inc Dba Southern Bell Tel
header:
01: Received: from mail.millenniumforum.co.uk (mail.millenniumforum.co.uk
02: [81.137.52.9])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
05: Received: from User ([82.128.32.64]) by mail.millenniumforum.co.uk with
06: Microsoft SMTPSVC(6.0.3790.3959);
07: Sat, 12 Sep 2009 xx:xx:xx +0100
IP: 82.128.32.64 ---> Multilinks Telecommunications Limited, Nigeria
Muguphon: +44-704-570-4369 ---> Open Telecom International Ltd., UK
header:
01: Received: from apsem1.atlanta.k12.ga.us (mail2.atlanta.k12.ga.us
02: [207.203.164.19])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
der Dauer-Mugu:
header:
01: Received: from n21.bullet.mail.ukl.yahoo.com
02: (n21.bullet.mail.ukl.yahoo.com [87.248.110.138])
03: by xxxxx (Postfix) with SMTP ID: [ID filtered]
04: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
05: Received: from [217.146.182.180] by n21.bullet.mail.ukl.yahoo.com with
06: NNFMP; 12 Sep 2009 xx:xx:xx -0000
07: Received: from [87.248.110.111] by t6.bullet.ukl.yahoo.com with NNFMP;
08: 12 Sep 2009 xx:xx:xx -0000
09: Received: from [127.0.0.1] by omp216.mail.ukl.yahoo.com with NNFMP; 12
10: Sep 2009 xx:xx:xx -0000
11: X-Yahoo-Newman-Property: ymail-3
12: X-Yahoo-Newman-ID: [ID filtered]
13: Received: (qmail 78306 invoked by UID: [UID filtered]
14: Received: from [41.220.75.3] by web87005.mail.ird.yahoo.com via HTTP;
15: Sat, 12 Sep 2009 xx:xx:xx GMT
IP: 41.220.75.3 ---> MTN Nigeria
Muguphon: +44-701-118-3680 ---> PNC Telecom Services Limited, UK
header:
01: Received: from mail.sumiden-zs.com (unknown [59.33.121.42])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
04: Received: from User ([82.128.33.107]) by mail.sumiden-zs.com with
05: Microsoft SMTPSVC(6.0.3790.3959);
06: Sat, 12 Sep 2009 xx:xx:xx +0800
IP: 82.128.33.107 ---> Multilinks Telecommunications Limited, Nigeria
der Dauer-Mugu via gecracktem Squirrel-Mail:
header:
01: Received: from webmail1.one.com (webmail1.b-one.net [195.47.247.29])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
04: Received: from webmail01.one.com (localhost [127.0.0.1])
05: by webmail1.one.com (Postfix) with ESMTP ID: [ID filtered]
06: Sat, 12 Sep 2009 xx:xx:xx +0200 (CEST)
07: Received: from 212.116.219.112 (proxying for 41.220.75.3)
08: (SquirrelMail authenticated user poor [at] spamvictim.tld)
09: by webmail01.one.com with HTTP;
10: Sat, 12 Sep 2009 xx:xx:xx +0200
IP: 41.220.75.3 ---> MTN Nigeria
die Madrid-Konnektion:
header:
01: Received: from loteria (mx.loteriadecordoba.com.ar [200.123.130.145])
02: by spammotel.com (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx -0400 (EDT)
04: Received: from User ([88.0.71.138])
05: by loteriadecordoba.com.ar ([172.16.0.16])
06: with SMTP (MDaemon.PRO.v6.5.1.R)
07: for xxxxx; Sat, 12 Sep 2009 xx:xx:xx -0300
IP: 88.0.71.138 ---> Telefonica de Espana SAU
Muguphon: +34-658-654-308 ---> France Telecom Espana
Mugufax: +34911414351 ---> Jazz Telecom, S.a.u.
wieder ein gecrackter Uni-Account:
header:
01: Received: from jaguar.mail.utk.edu (jaguar.mail.utk.edu [160.36.0.84])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx +0200 (CEST)
06: Received: from User ([82.128.82.127])
07: (authenticated bits=0)
08: by jaguar.mail.utk.edu (8.13.6/8.13.4) with ESMTP ID: [ID filtered]
09: Sat, 12 Sep 2009 xx:xx:xx -0400
IP: 82.128.82.127 ---> Multilinks Telecommunications Limited, Nigeria
header:
01: Received: from puma.mail.utk.edu (puma.mail.utk.edu [160.36.178.106])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx +0200 (CEST)
06: Received: from User (58.228.211.41.client58.directonpc.net
07: [41.211.228.58] (may be forged))
08: (authenticated bits=0)
09: by puma.mail.utk.edu (8.13.6/8.13.4) with ESMTP ID: [ID filtered]
10: Sat, 12 Sep 2009 xx:xx:xx -0400
IP: 41.211.228.58 ---> Direct-on-PC Limited, Nigeria
header:
01: Received: from omr17.networksolutionsemail.com
02: (omr17.networksolutionsemail.com [205.178.146.67])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx +0200 (CEST)
05: Received: from mail.networksolutionsemail.com
06: (ns-omr17.mgt.hosting.dc2.netsol.com [10.49.6.80])
07: by omr17.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id
08: n8D7fe4K018304
09: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx -0400
10: Message-ID: [ID filtered]
11: Received: (qmail 4754 invoked by UID: [UID filtered]
12: Received: from unknown (HELO User)
13: (makemoni1 [at] willyg-gardens.net@196.207.234.226)
14: by ns-omr17.lb.hosting.dc2.netsol.com with SMTP; 13 Sep 2009 xx:xx:xx
15: -0000
IP: 196.207.234.226 ---> SONATELNET, SN
Muguphon: +44-703 185 5725 ---> Magrathea Telecommunications Limited, UK
Tja, und hier kriegt ein Möchtegern-Admin mal wieder seine Kiste nicht dicht:
header:
01: Received: from mailout08.t-online.de (mailout08.t-online.de [194.25.134.20])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx +0200 (CEST)
04: Received: from fwd02.aul.t-online.de
05: by mailout08.t-online.de with smtp
06: ID: [ID filtered]
07: Received: from User
08: (SOU5IMZpot+d2MCIyUyRS1rlrJNVs1wS9KrFZWWnrd-DebAbfdteVS2eqj8ltDH1ifpoD3gAIz@[82.128.71.98&#
09: 3;)
10: by fwd02.t-online.de
11: with esmtp ID: [ID filtered]
IP: 82.128.71.98 ---> Multilinks Telecommunications Limited, Nigeria
und wieder mal gecracktes SquirrelMail:
header:
01: Received: from mail.hrline.ro (mail.hrline.ro [195.225.40.8])
02: by spammotel.com (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sun, 13 Sep 2009 xx:xx:xx -0400 (EDT)
04: Received: from mail.hrline.ro (mail.hrline.ro [127.0.0.1])
05: by mail.hrline.ro (Postfix) with ESMTP ID: [ID filtered]
06: Sun, 13 Sep 2009 xx:xx:xx +0300 (EEST)
07: Received: from 64.255.180.66 (proxying for 41.217.2.8)
08: (SquirrelMail authenticated user poor [at] spamvictim.tld)
09: by mail.hrline.ro with HTTP;
10: Sun, 13 Sep 2009 xx:xx:xx +0300 (EEST)
IP: 41.217.2.8 ---> ZOOM Mobile Nigeria Ltd.
Und die Moral von der Geschicht': die IPs von MTN Nigeria, Multilinks, Zoom Nigeria, Direct-on-PC Limited sollten eigentlich in jedem gut gepflegtem Filter verrotten, bis die Hölle zufriert. Denn diese 'Provider' sind entweder inkompetent bis zum es-geht-nicht-mehr oder anscheinend fest in der Hand krimineller Banden. Mich wundert, dass denen noch irgendein ISP überhaupt Peering anbietet...
- kjz