[Clipart] My sincere apologies

J. Alves alvesjmp at gmail.com
Mon Apr 19 12:43:07 PDT 2010


Sorry I can't help you with the virus situation, since I've been using
Linux for 10 years and have forgotten how the incantations go for
these Windows problems... Until (if...) this OS gets more popular, I
hope to be in blissful forgetfulness of such antics. :-)

Looking at the full headers of the email tells you, hopefully, where
the email came from -- if it wasn't spoofed in any way. Here's what I
could get from them (an email that arrived on April 11 and I still had
in the trash; I deleted permanently the one that arrived today or
yesterday, so I can't compare):

============================================
Delivered-To: alvesjmp at gmail.com
Received: by 10.204.99.82 with SMTP id t18cs48388bkn;
        Sun, 11 Apr 2010 15:17:03 -0700 (PDT)
Received: by 10.141.91.3 with SMTP id t3mr2215769rvl.191.1271024221214;
        Sun, 11 Apr 2010 15:17:01 -0700 (PDT)
Return-Path: <clipart-bounces at lists.freedesktop.org>
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
        by mx.google.com with ESMTP id 10si10541498pzk.24.2010.04.11.15.17.00;
        Sun, 11 Apr 2010 15:17:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of
clipart-bounces at lists.freedesktop.org designates 131.252.210.177 as
permitted sender) client-ip=131.252.210.177;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
clipart-bounces at lists.freedesktop.org designates 131.252.210.177 as
permitted sender) smtp.mail=clipart-bounces at lists.freedesktop.org
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id C4F1C9EB36;
	Sun, 11 Apr 2010 15:16:59 -0700 (PDT)
X-Original-To: clipart at lists.freedesktop.org
Delivered-To: clipart at lists.freedesktop.org
X-Greylist: delayed 306 seconds by postgrey-1.31 at gabe;
	Sun, 11 Apr 2010 15:16:57 PDT
Received: from localhost (unknown [113.169.33.57])
	by gabe.freedesktop.org (Postfix) with SMTP id 4BDC09EB22
	for <clipart at lists.freedesktop.org>;
	Sun, 11 Apr 2010 15:16:56 -0700 (PDT)
From: � Pfizer Inc � 1965-2010 <clipart at lists.freedesktop.org>
To: clipart at lists.freedesktop.org
MIME-Version: 1.0
Message-Id: <20100411221657.4BDC09EB22 at gabe.freedesktop.org>
Date: Sun, 11 Apr 2010 15:16:56 -0700 (PDT)
Subject: [Clipart] Dear clipart at lists.freedesktop.org April 66% 0FF

============================================

The important lines here are the "Received:" ones, and the first one
should be the originator, if everything is correct. In this case, it
would be IP number 113.169.33.57, which according to whois locates to
Vietnam:

inetnum:      113.160.0.0 - 113.191.255.255
netname:      VNPT-VNNIC-VN
descr:        VietNam Post and Telecom Corporation
descr:        23 Phan Chau Trinh, Hoan Kiem Dist, Ha Noi
country:      VN
...

So, the email seems to have done the following path:
113.169.33.57 -> gabe.freedesktop.org (131.252.210.177, which GMail
approves of according to the SPF thing in the headers) ->
mx.google.com (internal Google server, 10.204.99.82) -> my eyes

I guess. :-)

The email body itself is HTML, and asks for images (which I don't
allow loading automatically, ever).
It also points to a page with a Russian address:
http://www.edgehole.ru (I wouldn't go there if I was you) :-)

Again, these things in the headers can be faked, so don't take this as
100% certain. But at least the part after the freedesktop.org seems to
be good, because of the SPF pass.

Any other ideas?

Cheers
J

On Mon, Apr 19, 2010 at 1:03 PM, chovynz <chovynz at gmail.com> wrote:
> Jon
>
> Is there anyway that the list owners could find those emails and see where
> they are coming from?
> Are you able to remove that subscriber if it is found to be some company not
> legitimate?
> I recommend looking for any Pfizer subscribers.
>
> Cheers
> Chovynz
>
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
>
>



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
João Marcelo Pereira Alves (J) - Genomics, Molecular Phylogeny and Evolution
Dept. Microbiology & Immunology - MCV/VCU - Richmond, VA, USA
f. 1-804-828-3897 / 804-852-1234 - http://bioinfo.lpb.mic.vcu.edu



More information about the clipart mailing list