Aus allen Ecken und Enden....
gecracktes SquirrelMail:
header:
01: Received: from web3.heritagewebdesign.com
02: (host-117.pl1211120-1.fiber.net [209.90.87.117])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Tue, 7 Jul 2009 xx:xx:xx +0200 (CEST)
05: Received: from www.heritagewebdesign.com (localhost [127.0.0.1])
06: by web3.heritagewebdesign.com (Postfix) with ESMTP ID: [ID filtered]
07: Mon, 6 Jul 2009 xx:xx:xx -0600 (MDT)
08: Received: from 82.128.55.202
09: (SquirrelMail authenticated user poor [at] spamvictim.tld)
10: by www.heritagewebdesign.com with HTTP;
11: Mon, 6 Jul 2009 xx:xx:xx -0400 (EDT)
IP: 82.128.55.202 ---> Multilinks Telecommunications Limited, Nigeria
wieder SquirrelMail gecrackt:
header:
01: Received: from cp.offshorededi.com (unknown [93.174.93.46])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Tue, 7 Jul 2009 xx:xx:xx +0200 (CEST)
06: Received: from localhost ([127.0.0.1] helo=webmail.abbeygroupplc.com)
07: by cp.offshorededi.com with esmtpa (Exim 4.69)
08: (envelope-from <jsmith.t88 [at] gmail.com>)
09: ID: [ID filtered]
10: Received: from 82.128.32.29 ([82.128.32.29])
11: (SquirrelMail authenticated user poor [at] spamvictim.tld)
12: by webmail.abbeygroupplc.com with HTTP;
13: Mon, 6 Jul 2009 xx:xx:xx -0400 (EDT)
IP: 82.128.32.29 ---> Multilinks Telecommunications Limited, Nigeria
header:
01: Received: from jccapitals.com (unknown [65.59.190.45])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Tue, 7 Jul 2009 xx:xx:xx +0200 (CEST)
04: Received: from User [58.51.197.246] by jccapitals.com with ESMTP
05: (SMTPD32-7.07) ID: [ID filtered]
IP:58.51.197.246 ---> CHINANET Hubei
header:
01: Received: from web4210.mail.ogk.yahoo.co.jp
02: (web4210.mail.ogk.yahoo.co.jp [124.83.212.30])
03: by xxxxx (Postfix) with SMTP ID: [ID filtered]
04: for xxxxx; Tue, 7 Jul 2009 xx:xx:xx +0200 (CEST)
05: Received: (qmail 78721 invoked by UID: [UID filtered]
06: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
07: s=yj20050223; d=yahoo.co.jp;
08: h=Message-ID:Received:X-RocketDSI:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
09: b=pdTN7I86LCLDvP0SBozORsDXgxMh/q9a1WQFLWo9IlkqBGpNUI2leIByIsEUWJTqzmi7PHCDp/LYKgq802GkDlVEzt/W/
10: Hw3CjSKgj0//G+Sc1jb71V6/6FgHgJROQK
11: ;
12: Message-ID: [ID filtered]
13: Received: from [82.128.32.230] by web4210.mail.ogk.yahoo.co.jp via HTTP;
14: Tue, 07 Jul 2009 xx:xx:xx JST
IP: 82.128.32.230 ---> Multilinks Telecommunications Limited, Nigeria
die Amsterdam-Konnektion:
header:
01: Received: from mailscanner.connect.com.fj (smtp.connect.com.fj
02: [202.62.124.233])
03: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
04: for xxxxx; Tue, 7 Jul 2009 xx:xx:xx +0200 (CEST)
05: Message-ID: [ID filtered]
06: X-IronPort-Anti-Spam-Filtered: true
07: X-IronPort-Anti-Spam-Result:
08: AtH+AHjQUkpN+6t8PGdsb2JhbAAEAY5KiT93AQEBHxgnhi2zTg
09: X-IronPort-AV: E=McAfee;i="5300,2777,5668"; a="17675997"
10: X-IronPort-AV: E=Sophos;i="4.42,362,1243771200";
11: d="scan'208";a="17675997"
12: Received: from dhcp-077-251-171-124.chello.nl (HELO User) ([77.251.171.124])
13: by mailscanner.connect.com.fj with ESMTP; 07 Jul 2009 xx:xx:xx +1200
Der Mugu-Preis des Tages geht an:
Multilinks Nigeria, your friendly, criminal, mugu-owned company.....
Und nicht zu vergessen: besonderer Dank an alle unfähigen Admins, die noch nicht mal eine sichere SquirrelMail-Installation gebacken bekommen, aber meinen, sie müssten unbedingt einen eigenen Mailserver betreiben....
- kjz