Bad Email

[greatfolios sysop]

I received an email this eve.... I don't think it was good, seems malitious to me -but you can be the judge.

 

this is the header: (any thoughts?)

 

Return-path: <joejitte@server12.totalchoicehosting.com>

Envelope-to: operator@greatfolios.com

Delivery-date: Tue, 04 Nov 2003 21:09:49 -0500

Received: from joejitte by server12.totalchoicehosting.com with local-bsmtp (Exim 4.24)

id 1AHD6j-0006ps-Gc

for operator@greatfolios.com; Tue, 04 Nov 2003 21:09:48 -0500

Received: from [207.69.200.148] (helo=granger.mail.mindspring.net)

by server12.totalchoicehosting.com with esmtp (Exim 4.24)

id 1AHD6i-0006pm-Ir

for operator@greatfolios.com; Tue, 04 Nov 2003 21:09:16 -0500

Received: from user170.net952.mo.sprint-hsd.net ([69.34.117.170] helo=Aiieucx)

by granger.mail.mindspring.net with smtp (Exim 3.33 #1)

id 1AHD6d-0000HG-00

for operator@greatfolios.com; Tue, 04 Nov 2003 21:09:11 -0500

From: newmodel <newmodel@apollo1media.com>

To: operator@greatfolios.com

Subject: A new website

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary=K668nG04zK60G029tdG5PBui

Message-Id: <E1AHD6d-0000HG-00@granger.mail.mindspring.net>

Date: Tue, 04 Nov 2003 21:09:11 -0500

X-Spam-Status: No, hits=2.3 required=5.0

tests=HTML_20_30,HTML_MESSAGE,MICROSOFT_EXECUTABLE,

MIME_HTML_NO_CHARSET,MIME_HTML_ONLY

version=2.55

X-Spam-Level: **

X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

 

--K668nG04zK60G029tdG5PBui

Content-Type: text/html;

Content-Transfer-Encoding: quoted-printable

 

<HTML><HEAD></HEAD><BODY>

 

<FONT>This is a special new website<br>

I expect you would like it.</FONT></BODY></HTML>

 

--K668nG04zK60G029tdG5PBui

Content-Type: application/octet-stream;

name=april chasten@www.mymodelcenter[1].bat

Content-Transfer-Encoding: base64

Content-ID: <P3V4NR789gZDH1>

[Head Guru]

Agree something looks odd.

 

From the server logs..

 

[Tue Nov 4 21:09:17 2003] [user: ***] [Path Info: Path() File() Cmd()] Message SENT

[Tue Nov 4 21:09:49 2003] [user: ***] [Path Info: Path() File() Cmd()] [Count: 2] Message SENT

 

Those are emails sent from your account.

 

Im still looking..

[Head Guru]

Ok i have this figured out.

 

The first line of the header is this.

 

Return-path:

Envelope-to: operator@greatfolios.com

Delivery-date: Tue, 04 Nov 2003 21:09:49 -0500

Received: from joejitte by server12.totalchoicehosting.com with local-bsmtp (Exim 4.24)

id 1AHD6j-0006ps-Gc

 

This is exim filters and spam assasin doing their job. Thus the sent emails in your log.

 

THIS is line sender identification.

 

Received: from user170.net952.mo.sprint-hsd.net ([69.34.117.170] helo=Aiieucx)

 

I would call this a typical spam email.

 

I dont think there is anything to be concerned about.

 

Bill

[greatfolios sysop]

Phew!

 

( originaly I was concerned about the bat file in the email, but for a second you had me woried that I had a virus or an email hack going on....)

 

Oddly enough it seems to be connected with a compeditors website.... can I do an ip block on the email account from my cpanel?

 

BTW: Thank you Bill for your quick response!

[Head Guru]

Here ya go.

 

Country: UNITED STATES

 

NOTE: More information appears to be available at SAN6-ORG-ARIN.

 

 

OrgName: Sprint DSL Network

OrgID: SDSL

Address: 500 N New York Ave

City: Winter Park

StateProv: FL

PostalCode: 32789

Country: US

 

NetRange: 69.34.0.0 - 69.34.255.255

CIDR: 69.34.0.0/16

NetName: SDSL-NET3-03

NetHandle: NET-69-34-0-0-1

Parent: NET-69-0-0-0-0

NetType: Direct Allocation

NameServer: DNS1.UTELFLA.COM

NameServer: DNS2.UTELFLA.COM

Comment:

RegDate: 2003-03-26

Updated: 2003-06-02

 

AbuseHandle: ROLEA5-ARIN

AbuseName: Role Account

AbusePhone: +1-800-603-8044

AbuseEmail: abuse@sprintnetops.net

 

OrgTechHandle: SAN6-ORG-ARIN

OrgTechName: Sprint Advanced Network Services

OrgTechPhone: +1-407-741-0500

OrgTechEmail: dns-admin@utelfla.com

 

# ARIN WHOIS database, last updated 2003-11-04 19:15

# Enter ? for additional hints on searching ARIN's WHOIS database.