So, die nächste Lieferung rollt:
die Amsterdam-Konnektion mit gecracktem SquirrelMail, da hilft dann weder Sophos noch Ironport:
header:
01: Received: from mx.educacional.com.br (ironport1-mx.educacional.com.br
02: [200.186.179.64])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Thu, 28 Jan 2010 xx:xx:xx +0100 (CET)
05: X-IronPort-AV: E=Sophos;i="4.49,361,1262570400";
06: d="scan'208";a="86096924"
07: Received: from 82.179.186.200.sta.positivo.com.br (HELO
08: webmail.up.edu.br) ([200.186.179.82])
09: by smtp.educacional.com.br with ESMTP; 28 Jan 2010 xx:xx:xx -0200
10: Received: from 192.168.100.35 (proxying for 92.67.178.66)
11: (SquirrelMail authenticated user poor [at] spamvictim.tld);
12: by webmail.up.edu.br with HTTP;
13: Thu, 28 Jan 2010 xx:xx:xx -0200 (BRST)
header:
01: Received: from mx.educacional.com.br (ironport1-mx.educacional.com.br
02: [200.186.179.64])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Thu, 28 Jan 2010 xx:xx:xx +0100 (CET)
05: X-IronPort-AV: E=Sophos;i="4.49,360,1262570400";
06: d="scan'208";a="86084731"
07: Received: from 82.179.186.200.sta.positivo.com.br (HELO
08: webmail.up.edu.br) ([200.186.179.82])
09: by smtp.educacional.com.br with ESMTP; 28 Jan 2010 xx:xx:xx -0200
10: Received: from 192.168.100.35 (proxying for 92.67.178.66)
11: (SquirrelMail authenticated user poor [at] spamvictim.tld);
12: by webmail.up.edu.br with HTTP;
13: Thu, 28 Jan 2010 xx:xx:xx -0200 (BRST)
IP: 92.67.178.66 ---> static.kpn.net
Muguphon: +31-619-221-392 ---> Telfort B.V.,NL
Mugufax: +31-84 717 1925 ---> J2 Global (Netherlands) B.V.
Auch Freenet ist dabei:
header:
01: Received: from mout3.freenet.de (EHLO mout3.freenet.de) [195.4.92.93]
02: by mx0.gmx.net (mx069) with SMTP; 29 Jan 2010 xx:xx:xx +0100
03: Received: from [195.4.92.11] (helo=1.mx.freenet.de)
04: by mout3.freenet.de with esmtpa (ID: [ID filtered]
05: (Exim 4.70 #1)
06: ID: [ID filtered]
07: Received: from h-213-80-118-132.na.cust.bahnhof.se
08: ([213.80.118.132]:1660 helo=User)
09: by 1.mx.freenet.de with esmtpa (ID: [ID filtered]
10: (Exim 4.69 #94)
11: ID: [ID filtered]
header:
01: Received: from ns3.9experts.com
02: (static-54-6.worldinternetworkcorporation.com [202.44.54.6])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Fri, 29 Jan 2010 xx:xx:xx +0100 (CET)
07: Received: (qmail 14806 invoked from network); 27 Jan 2010 xx:xx:xx -0000
08: Received: from unknown (HELO User) (41.217.65.4)
09: by static-54-7.worldinternetworkcorporation.com with SMTP; 27 Jan 2010
10: xx:xx:xx -0000
header:
01: Received: from ns3.9experts.com
02: (static-54-6.worldinternetworkcorporation.com [202.44.54.6])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Sat, 30 Jan 2010 xx:xx:xx +0100 (CET)
07: Received: (qmail 30744 invoked from network); 29 Jan 2010 xx:xx:xx -0000
08: Received: from unknown (HELO User) (41.217.65.4)
09: by static-54-7.worldinternetworkcorporation.com with SMTP; 29 Jan 2010
10: xx:xx:xx -0000
header:
01: Received: from pgengineering.com
02: (s41.n57.n84.n66.static.myhostcenter.com [66.84.57.41])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Sat, 30 Jan 2010 xx:xx:xx +0100 (CET)
07: Received: from User ([41.217.65.4])
08: (authenticated bits=0)
09: by pgengineering.com (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
10: Sat, 30 Jan 2010 xx:xx:xx -0500
IP: 41.217.65.4 ---> ZOOM Mobile Nigeria Ltd.
Muguphon: +2348038828069 ---> MTN Nigeria Communications Ltd.
header:
01: Received: from mail.clhb.com.bo (unknown [200.87.203.102])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: Sat, 30 Jan 2010 xx:xx:xx +0100 (CET)
dia Amsterdam-Konnektion:
header:
01: Received: from fletcherandfriends.com (unknown [216.117.140.151])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 30 Jan 2010 xx:xx:xx +0100 (CET)
04: Received: from User [62.140.137.153] by fletcherandfriends.com with ESMTP
05: (SMTPD32-8.05) ID: [ID filtered]
IP: 62.140.137.153 ---> VODAFONE-NL
header:
01: Received: from barracuda.lead-mgt.com (unknown [203.125.0.146])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 30 Jan 2010 xx:xx:xx +0100 (CET)
04: X-ASG-Debug-ID: [ID filtered]
05: Received: from lmserver1.lead-mgt.local ([192.168.100.1]) by
06: barracuda.lead-mgt.com with ESMTP ID: [ID filtered]
07: xxxxx; Sun, 31 Jan 2010 xx:xx:xx +0800 (SGT)
08: X-Barracuda-Envelope-From: wangyan.2010 [at] sify.com
09: Received: from User ([125.21.254.134]) by lmserver1.lead-mgt.local with
10: Microsoft SMTPSVC(6.0.3790.3959);
11: Sun, 31 Jan 2010 xx:xx:xx +0800
die Madrid-Konnektion:
header:
01: Received: from IMPaqm4.telefonica.net (impaqm4.telefonica.net
02: [213.4.129.24])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sun, 31 Jan 2010 xx:xx:xx +0100 (CET)
05: Received: from IMPmailhost4.adm.correo ([10.20.102.125])
06: by IMPaqm4.telefonica.net with bizsmtp
07: ID: [ID filtered]
08: Received: from User ([59.167.217.114])
09: by IMPmailhost4.adm.correo with BIZ IMP
10: ID: [ID filtered]
IP: 59.167.217.114 ---> ppp217-114.static.internode.on.net
Muguphon: +34-615-711-231 ---> France Telecom España, S.a./Orange
- kjz