[lug] mailman and AV
D. Stimits
stimits at comcast.net
Tue Nov 2 22:16:46 MST 2004
...
> Received: from homeoffice.org (adsl-70-240-238-238.dsl.hstntx.swbell.net
> [70.240.238.238])
> by new.community.tummy.com (Postfix) with SMTP id B93B720CCDA4
> for <lug at lug.boulder.co.us>; Mon, 1 Nov 2004 23:09:33 -0700 (MST)
...
host 70.240.238.238
238.238.240.70.in-addr.arpa domain name pointer
adsl-70-240-238-238.dsl.hstntx.swbell.net.
That so far is a forgery.
host homeoffice.org
homeoffice.org has address 216.55.156.109
This too does not match homeoffice.org.
host new.community.tummy.com
new.community.tummy.com has address 198.49.126.209
Perhaps it is coming through tummy.com, I'm not sure, but there is
certainly some forgery going on. The real sender at the start of it all
seems to be from swbell.net, and all in the header is certainly not
correct. Anyone know who has a windows machine on swbell.net that also
has the lug members in their address book? Most of these viruses send to
address book recipients, and if someone has those those LUG people in
their address book, would be a reason why 2 or more people on this list
got it. I'm not great at sleuthing headers, but this one is not
completely honest.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list