[ngw] GW Ceasing Support
trevor at harrison.org
Tue Jul 10 19:41:28 UTC 2001
Eric Toll wrote:
> Ok, so now we know it didn't come from Novell.
> Has Microsoft lowered it self to paying "open relay" spammers to trash
> Looks pretty bad, they are using Exchange and forged their address,
> open relay
> etc. Domain that email came from Seems to belong to this guy.
> Elfellah, Khalid (KE2214 <whois?%21KE2214&id=0> )
> khalid at AIM.NET.MA
> Global Digitec
> 7522 Campbell Rd. # 113-181
> Dallas , TX 75248
> Hostname: DALLAS.AIM.NET.MA
> Address: 184.108.40.206 <whois?host+220.127.116.11&id=0>
> System: ? running ?
Actually, AIM.NET.MA was just used as a relay. The important line is the
Received: from asdf (18.104.22.168 [22.214.171.124]) by mail.q-texte.net.ma
The actual client that sent the email (and it appears to be a hand typed
smtp conversation) was 126.96.36.199. According to ARIN, that subnet
belongs to HBO:
HBO & Company (NET-HBO)
5995 Windward Parkway
Alpharetta, GA 30005-4184
Netblock: 188.8.131.52 - 184.108.40.206
Rajagopalan, Umesh (UR1-ARIN) umesh.rajagopalan at hboc.com
404-338-3329 (FAX) 404-338-5150
Domain System inverse mapping provided by:
Record last updated on 07-Sep-2000.
Database last updated on 9-Jul-2001 23:05:15 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Connection closed by foreign host.
More information about the ngw