[Clipart] My sincere apologies

Jon Phillips jon at rejon.org
Mon Apr 19 13:28:18 PDT 2010 

use linux

On Mon, Apr 19, 2010 at 12:43 PM, J. Alves <alvesjmp at gmail.com> wrote:
> Sorry I can't help you with the virus situation, since I've been using
> Linux for 10 years and have forgotten how the incantations go for
> these Windows problems... Until (if...) this OS gets more popular, I
> hope to be in blissful forgetfulness of such antics. :-)
>
> Looking at the full headers of the email tells you, hopefully, where
> the email came from -- if it wasn't spoofed in any way. Here's what I
> could get from them (an email that arrived on April 11 and I still had
> in the trash; I deleted permanently the one that arrived today or
> yesterday, so I can't compare):
>
> ============================================
> Delivered-To: alvesjmp at gmail.com
> Received: by 10.204.99.82 with SMTP id t18cs48388bkn;
>        Sun, 11 Apr 2010 15:17:03 -0700 (PDT)
> Received: by 10.141.91.3 with SMTP id t3mr2215769rvl.191.1271024221214;
>        Sun, 11 Apr 2010 15:17:01 -0700 (PDT)
> Return-Path: <clipart-bounces at lists.freedesktop.org>
> Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
>        by mx.google.com with ESMTP id 10si10541498pzk.24.2010.04.11.15.17.00;
>        Sun, 11 Apr 2010 15:17:01 -0700 (PDT)
> Received-SPF: pass (google.com: domain of
> clipart-bounces at lists.freedesktop.org designates 131.252.210.177 as
> permitted sender) client-ip=131.252.210.177;
> Authentication-Results: mx.google.com; spf=pass (google.com: domain of
> clipart-bounces at lists.freedesktop.org designates 131.252.210.177 as
> permitted sender) smtp.mail=clipart-bounces at lists.freedesktop.org
> Received: from gabe.freedesktop.org (localhost [127.0.0.1])
>        by gabe.freedesktop.org (Postfix) with ESMTP id C4F1C9EB36;
>        Sun, 11 Apr 2010 15:16:59 -0700 (PDT)
> X-Original-To: clipart at lists.freedesktop.org
> Delivered-To: clipart at lists.freedesktop.org
> X-Greylist: delayed 306 seconds by postgrey-1.31 at gabe;
>        Sun, 11 Apr 2010 15:16:57 PDT
> Received: from localhost (unknown [113.169.33.57])
>        by gabe.freedesktop.org (Postfix) with SMTP id 4BDC09EB22
>        for <clipart at lists.freedesktop.org>;
>        Sun, 11 Apr 2010 15:16:56 -0700 (PDT)
> From: � Pfizer Inc � 1965-2010 <clipart at lists.freedesktop.org>
> To: clipart at lists.freedesktop.org
> MIME-Version: 1.0
> Message-Id: <20100411221657.4BDC09EB22 at gabe.freedesktop.org>
> Date: Sun, 11 Apr 2010 15:16:56 -0700 (PDT)
> Subject: [Clipart] Dear clipart at lists.freedesktop.org April 66% 0FF
>
> ============================================
>
> The important lines here are the "Received:" ones, and the first one
> should be the originator, if everything is correct. In this case, it
> would be IP number 113.169.33.57, which according to whois locates to
> Vietnam:
>
> inetnum:      113.160.0.0 - 113.191.255.255
> netname:      VNPT-VNNIC-VN
> descr:        VietNam Post and Telecom Corporation
> descr:        23 Phan Chau Trinh, Hoan Kiem Dist, Ha Noi
> country:      VN
> ...
>
> So, the email seems to have done the following path:
> 113.169.33.57 -> gabe.freedesktop.org (131.252.210.177, which GMail
> approves of according to the SPF thing in the headers) ->
> mx.google.com (internal Google server, 10.204.99.82) -> my eyes
>
> I guess. :-)
>
> The email body itself is HTML, and asks for images (which I don't
> allow loading automatically, ever).
> It also points to a page with a Russian address:
> http://www.edgehole.ru (I wouldn't go there if I was you) :-)
>
> Again, these things in the headers can be faked, so don't take this as
> 100% certain. But at least the part after the freedesktop.org seems to
> be good, because of the SPF pass.
>
> Any other ideas?
>
> Cheers
> J
>
> On Mon, Apr 19, 2010 at 1:03 PM, chovynz <chovynz at gmail.com> wrote:
>> Jon
>>
>> Is there anyway that the list owners could find those emails and see where
>> they are coming from?
>> Are you able to remove that subscriber if it is found to be some company not
>> legitimate?
>> I recommend looking for any Pfizer subscribers.
>>
>> Cheers
>> Chovynz
>>
>> _______________________________________________
>> clipart mailing list
>> clipart at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/clipart
>>
>>
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> João Marcelo Pereira Alves (J) - Genomics, Molecular Phylogeny and Evolution
> Dept. Microbiology & Immunology - MCV/VCU - Richmond, VA, USA
> f. 1-804-828-3897 / 804-852-1234 - http://bioinfo.lpb.mic.vcu.edu
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
>



-- 
Jon Phillips
http://rejon.org/
http://fabricatorz.com/
http://status.net/
http://rejon.status.net + skype: kidproto
+1.415.830.3884 (sf/global)
+86.134.3957.2035 (china)

More information about the clipart mailing list