Die nächste Mugu-Runde:
header:
01: Received: from jingrui.hk (unknown [61.143.101.72])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Thu, 10 Dec 2009 xx:xx:xx +0100 (CET)
04: Received: from User [41.138.180.205] by jingrui.hk with ESMTP
05: (SMTPD-8.22) ID: [ID filtered]
IP: 41.138.180.205 ---> Visafone Communications Limited, Nigeria
Anscheinend in PL durch Spamassassin gejagt, als positiv erkannt und trotzdem weitergeleitet. Hirnloser geht's nimmer...
Zitat:
Content analysis details: (9.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.0 MISSING_MID Missing Message-Id: header
2.1 SUBJ_ALL_CAPS Subject is all capitals
1.3 MISSING_HEADERS Missing To: header
2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
[score: 0.8667]
1.2 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419)
1.4 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419)
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
header:
01: Received: from poczta.otvk.pl (unknown [195.68.233.235])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Thu, 10 Dec 2009 xx:xx:xx +0100 (CET)
06: Received: by poczta.otvk.pl (Postfix, from userID: [ID filtered]
07: ID: [ID filtered]
08: Received: from localhost by poczta.otvk.pl
09: with SpamAssassin (version 3.2.5);
10: Thu, 10 Dec 2009 xx:xx:xx +0100
Muguphon: +234-7025685280 ---> Visafone Communications Ltd., Nigeria
und wieder:
Zitat:
Content analysis details: (7.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.0 MISSING_MID Missing Message-Id: header
2.1 SUBJ_ALL_CAPS Subject is all capitals
0.5 RAZOR2_CHECK Listed in Razor2 ()
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
-0.0 AWL AWL: From: address is in the auto white-list
header:
01: Received: from poczta.otvk.pl (unknown [195.68.233.235])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Fri, 11 Dec 2009 xx:xx:xx +0100 (CET)
06: Received: by poczta.otvk.pl (Postfix, from userID: [ID filtered]
07: ID: [ID filtered]
08: Received: from localhost by poczta.otvk.pl
09: with SpamAssassin (version 3.2.5);
10: Thu, 10 Dec 2009 xx:xx:xx +0100
header:
01: Received: from poczta.otvk.pl (unknown [195.68.233.235])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Fri, 11 Dec 2009 xx:xx:xx +0100 (CET)
06: Received: by poczta.otvk.pl (Postfix, from userID: [ID filtered]
07: ID: [ID filtered]
08: Received: from localhost by poczta.otvk.pl
09: with SpamAssassin (version 3.2.5);
10: Thu, 10 Dec 2009 xx:xx:xx +0100
header:
01: Received: from srv-aol-02.byalnet.com.br (unknown [200.202.201.4])
02: by xxxxx (Postfix) with SMTP ID: [ID filtered]
03: for xxxxx; Fri, 11 Dec 2009 xx:xx:xx +0100 (CET)
04: Received: (qmail 24222 invoked by UID: [UID filtered]
05: Received: from 59.154.25.30 by srv-aol-02.byalnet.com.br (envelope-from
06: <mrscedric [at] gala.net>, UID: [UID filtered]
07: (uvscan: v4.4.00/v4999. spamassassin: 3.0.4.
08: Clear:RC:1(59.154.25.30):.
09: Processed in 17.491534 secs); 10 Dec 2009 xx:xx:xx -0000
10: Received: from unknown (HELO User) (adm [at] 59.154.25.30)
11: by arv-aol-02.byalnet.com.br with SMTP; 10 Dec 2009 xx:xx:xx -0200
IP: 59.154.25.30 ---> OPTUS Customer Network, AU
Muguphon: +22549505075 ---> Côte D'Ivoire
Muguphon: +2675353994 ---> Botswana
header:
01: Received: from smtpgate2.pacific.net.sg (smtpgate2.pacific.net.sg
02: [203.120.90.32])
03: by xxxxx (Postfix) with SMTP ID: [ID filtered]
04: for xxxxx; Fri, 11 Dec 2009 xx:xx:xx +0100 (CET)
05: Received: (qmail 17821 invoked from network); 11 Dec 2009 xx:xx:xx -0000
06: Received: from c-76-105-54-210.hsd1.ca.comcast.net (HELO User)
07: (debandmike [at] pacific.net.sg@76.105.54.210)
08: by smtpgate2.pacific.net.sg with ESMTPA; 11 Dec 2009 xx:xx:xx -0000
header:
01: Received: from mail.sulanet.net (EHLO mail.sulanet.hn) [190.6.192.12]
02: by mx0.gmx.net (mx022) with SMTP; 11 Dec 2009 xx:xx:xx +0100
03: Received: from (unknown [190.6.192.12]) by webshield.sulanet.net with smtp
04: ID: [ID filtered]
05: Fri, 11 Dec 2009 xx:xx:xx -0600
06: Received: from sulanet.hn ([127.0.0.1])
07: by mail.sulanet.hn (Servidor ESMTP - SULANET)
08: with ESMTP ID: [ID filtered]
09: 11 Dec 2009 xx:xx:xx -0600 (CST)
10: Received: from [190.6.192.12] by mail.sulanet.hn (mshttpd); Fri,
11: 11 Dec 2009 xx:xx:xx +0100
header:
01: Received: from Mail.unionradio.com.ve (mail.unionradio.com.ve
02: [190.60.40.17])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sat, 12 Dec 2009 xx:xx:xx +0100 (CET)
05: Received: from User [41.217.2.8] by Mail.unionradio.com.ve with ESMTP
06: (SMTPD-10.02) ID: [ID filtered]
IP: 41.217.2.8 ---> ZOOM Mobile Nigeria Ltd.
Muguphon: +234 803 514 8270 ---> MTN Nigeria Communications Ltd.
Horde gecrackt:
header:
01: Received: from mx1.sunstar.com.ph (mail.sunstar.com.ph [203.177.140.155])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sat, 12 Dec 2009 xx:xx:xx +0100 (CET)
04: Received: by mx1.sunstar.com.ph (Postfix, from userID: [ID filtered]
05: ID: [ID filtered]
06: Received: from mx1.sunstar.com.ph (localhost.sunstar.com.ph [127.0.0.1])
07: by mx1.sunstar.com.ph (Postfix) with ESMTP ID: [ID filtered]
08: Sat, 12 Dec 2009 xx:xx:xx +0800 (PHT)
09: Received: from 41.138.180.208 ([41.138.180.208]) by mail.sunstar.com.ph
10: (Horde MIME library) with HTTP for <poor [at] spamvictim.tld>; Sat,
11: 12 Dec 2009 xx:xx:xx +0800
IP: 41.138.180.208 ---> Visafone Communications Limited, Nigeria
Muguphon: +44 704 570 4952 ---> Open Telecom International Ltd., UK
header:
01: Received: from lucky-int.com (114.223.76.219.static.netvigator.com
02: [219.76.223.114])
03: by xxxxx (Postfix) with SMTP ID: [ID filtered]
04: for xxxxx; Sun, 13 Dec 2009 xx:xx:xx +0100 (CET)
05: Received: (qmail 30070 invoked from network); 12 Dec 2009 xx:xx:xx -0000
06: Received: from unknown (HELO User) (test [at] 82.128.36.213)
07: by 0 with SMTP; 12 Dec 2009 xx:xx:xx -0000
IP: 82.128.36.213 ---> Multilinks Telecommunications Limited, Nigeria
header:
01: Received: from mail.insivumeh.gob.gt (mail.insivumeh.gob.gt [200.49.167.82])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sun, 13 Dec 2009 xx:xx:xx +0100 (CET)
04: MIME-version: 1.0
05: Content-transfer-encoding: 7BIT
06: Content-type: text/plain; charset=Windows-1251
07: Received: from User ([82.128.68.239])
08: by mail.insivumeh.gob.gt (Sun Java(tm) System Messaging Server 6.3-0.15
09: (built
10: Feb 9 2007)) with ESMTPA ID: [ID filtered]
11: xxxxx; Sat, 05 Dec 2009 xx:xx:xx -0600 (CST)
IP: 82.128.68.239 ---> Multilinks Telecommunications Limited, Nigeria
header:
01: Received: from CENTRALSEGSRV.centralseg.local
02: (195-23-29-78.static.net.novis.pt [195.23.29.78])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sun, 13 Dec 2009 xx:xx:xx +0100 (CET)
05: Received: from User ([67.224.95.178]) by CENTRALSEGSRV.centralseg.local
06: with Microsoft SMTPSVC(6.0.3790.3959);
07: Sun, 13 Dec 2009 xx:xx:xx +0000
Muguphon: +44-702-405-4556 ---> Magrathea Telecommunications Limited, UK
Muguphon: +44-702-404-4756 ---> Magrathea Telecommunications Limited, UK
die Amsterdam-Konnektion:
header:
01: Received: from cpsmtpb-ews04.kpnxchange.com
02: (cpsmtpb-ews04.kpnxchange.com [213.75.39.7])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Sun, 13 Dec 2009 xx:xx:xx +0100 (CET)
05: Received: from cpbrm-ews20.kpnxchange.com ([10.94.84.151]) by
06: cpsmtpb-ews04.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959);
07: Sun, 13 Dec 2009 xx:xx:xx +0100
08: Received: from CPSMTPM-EML03.kpnxchange.com ([213.75.39.73]) by
09: cpbrm-ews20.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959);
10: Sun, 13 Dec 2009 xx:xx:xx +0100
11: Received: from localhost ([10.94.77.199]) by
12: CPSMTPM-EML03.kpnxchange.com with Microsoft SMTPSVC(7.0.6001.18000);
13: Sun, 13 Dec 2009 xx:xx:xx +0100
- kjz