The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam originated from fake email accounts into my server

Discussion in 'E-mail Discussions' started by tangowebs, Dec 31, 2009.

  1. tangowebs

    tangowebs Well-Known Member

    Joined:
    Oct 12, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    0
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To determine possible solutions one must know where the messages originate from. Do you have the e-mail headers available, including e-mail headers of a bounce message? The full e-mail headers should offer some clues to help proceed further.

    For the affected domain:
    1.) What is the default address set as in cPanel?
    2.) Are SPF and DomainKeys enabled in cPanel?
     
  3. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Email User names

    Why would we care about where the emails originated from, if we could just block, or delete, them? :confused:

    I have just started fighting a battle over emails like this. My hosting IP address has been put on a Blacklist I didn't even know existed. And, no one can tell me why, other than my IP "might" be involved in sending emails that are 'similar' to SPAM, according to senderscore.org. Who, apparently, can't even tell me why I am on their robber-baron blackilist.

    Isn't there away to block invalid/fake email addresses from being sent, or received? That has been an enormous headache of mine for years. Why can't we block all invalid email addresses from being received or sent by our servers? :cool:

    Thanks
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The issue is that the Spam e-mails may have never originated from the system that actually hosts the domain. A spammer can easily spoof e-mail addresses, and it is useful to determine if the messages were either spoofed or if they were actually sent from the server hosting the domain that was spoofed; using e-mail headers is a critical source of information when comparing the message IDs and other headers to what is logged by your mail server. If the default address is used as a catch-all this can lead to increased Spam because all addresses are accepted, regardless if they are spoofed. SPF is at least one counter measure in defending against a Spammer sending spoofed e-mails by having a DNS record (for SPF) that can define the valid addresses that may send e-mail on behalf of the domain; however, whether or not this is enforced depends on the system that receives the original (i.e., spoofed) messages that end up being bounced back to the system that actually hosts the domain name.
     
  5. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    SPAM Explanation

    Thanks for the explanation of how most SPAM emails are created. :)

    Now, how do I protect my IP from being blacklisted. And, how do I fix the problem?

    Thanks
     
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To protect from being blacklisted and fix the problem you'll need to know what method was used to send the Spam, and apply system administration policies to act upon that behavior. Checking the mail headers of a bounced Spam message should help, or you may also ask the blacklist maintainer if they can provide you with this information.

    I recommend searching the forums to see how others have applied security measures; the following area may be of interest as it directly applies to security: cPanel and WHM Security - cPanel Forums
     
  7. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Blacklist robber-barons senderscore.org

    Thanks,

    I could not obtain a copy of any of the accused SPAM emails. So, I can't post any relevant information. Thank you for trying to help.

    I am just spinning my wheels and not getting anywhere with senderscore.org or comcast support, who subscribes to senderscore.org.

    I have been unable to obtain any information on which Domain email(s) are responsible for the blacklisting. So, I could not get a copy of the emails being accused of SPAMMING. After hours of searching, emailing and on the phone the only answers were "We don't know.", "Just request to be removed.", or "Purchase our product to keep from being black listed again.".

    As the Host Provider I am really concerned because senderscore.org, like some of the other black list organizations, can put my IP on a blacklist and they do not have to tell me why, or what caused them to do so. Their answer is a "Generic" web page which starts by saying "There are many reasons for email to be considered SPAM. It might have looked similar to SPAM messages etc..."

    I could not find out which email(s) were targeted by senderscore.org. I could not even find out when they happened. They only wanted me to purchase software from their (illicit?) parent company ReturnPath.net. This is a sales tactic used many times before. I believe the Laws refer to it as Extortion. And, others call it "Protection".

    That is why I now classify Blacklist Organizations as Robber-Barons. They only tell you generic information, so they can continue blacklisting you, until you purchase their software. :mad:

    Thanks
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This might be helpful to you: Why you should use :fail:

    Do any problems show up when you check your server using intoDNS: checks DNS and mail servers health ?
     
  9. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Header information from spoofed Sender Addresses

    Thanks Infopro. I believe I tried to set-up the :fail: a couple times before and only ended up trashing my email server. I'm just a lowly MS Geek who is trying to relearn Unix and Linux. My limited abilities have me relying on GUI's for the most part.

    Anyway, I have just gotten some SPAM emails with Spoofed Sender addresses. And, one of them is mine. So, how do I use this Header Info to track down and block this Cursed SPAMMER?

    The first one listed has one of my clients emails set as the 'Return-path: <info@healingthebody.net>. Maybe this is one of the contributing factors to my getting put on the blacklist.

    Code:
    Return-path: <info@healingthebody.net>
    Envelope-to: info@healingthebody.net
    Delivery-date: Thu, 07 Jan 2010 08:39:03 -0500
    Received: from [198.111.71.22] (helo=[207.74.115.23])
    by host.andeshelp.com with esmtp (Exim 4.69)
    (envelope-from <info@healingthebody.net>)
    id 1NSsaA-0007Cr-50
    for info@healingthebody.net; Thu, 07 Jan 2010 08:39:03 -0500
    Received: from (unknown [10.22.30.91]) by gisdsmtp1.gennet.us with smtp
    id 3168_2286ce3e_fb87_11de_8f1b_00188b314385;
    Thu, 07 Jan 2010 07:21:09 -0500
    From: VIAGRA (c) Best Supplier <info@healingthebody.net>
    To: info@healingthebody.net
    Subject: Visitor info's personal 80% OFF
    MIME-Version: 1.0
    Content-Type: text/HTML;
    charset="utf-8"
    Content-Transfer-Encoding: base64
    X-NAIMIME-Disclaimer: 1
    X-NAIMIME-Modified: 1
    X-Spam-Status: No, score=3.2
    X-Spam-Score: 32
    X-Spam-Bar: +++
    X-Spam-Flag: NO
    
    ************************************************
    
    Return-path: <iwuku3067@unitymediagroup.de>
    Envelope-to: info@healingthebody.net
    Delivery-date: Tue, 05 Jan 2010 10:38:10 -0500
    Received: from ip-88-152-28-133.unitymediagroup.de ([88.152.28.133] helo=unitymediagroup.de)
    by host.andeshelp.com with esmtps (TLSv1:RC4-MD5:128)
    (Exim 4.69)
    (envelope-from <iwuku3067@unitymediagroup.de>)
    id 1NSBUJ-000254-19
    for info@healingthebody.net; Tue, 05 Jan 2010 10:38:10 -0500
    From: VIAGRA (c) Best Supplier <iwuku3067@unitymediagroup.de>
    To: info@healingthebody.net
    Subject: Visitor info's personal 80% OFF
    MIME-Version: 1.0
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    X-Spam-Status: No, score=3.9
    X-Spam-Score: 39
    X-Spam-Bar: +++
    X-Spam-Flag: NO
    
    *************************************************
    
    Return-path: <zyyfeoxoi1890@cslucas.com.br>
    Envelope-to: info@healingthebody.net
    Delivery-date: Wed, 06 Jan 2010 12:37:21 -0500
    Received: from mx.cslucas.com.br ([200.160.111.39] helo=cslucas.com.br)
    by host.andeshelp.com with esmtps (TLSv1:RC4-MD5:128)
    (Exim 4.69)
    (envelope-from <zyyfeoxoi1890@cslucas.com.br>)
    id 1NSZpE-0007nM-7W
    for info@healingthebody.net; Wed, 06 Jan 2010 12:37:21 -0500
    From: VIAGRA (c) Best Supplier <zyyfeoxoi1890@cslucas.com.br>
    To: info@healingthebody.net
    Subject: Visitor info's personal 80% OFF
    MIME-Version: 1.0
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    X-Spam-Status: No, score=3.1
    X-Spam-Score: 31
    X-Spam-Bar: +++
    X-Spam-Flag: NO
    
    *************************************************
    
    Return-path: <unomig4896@cranneycompanies.com>
    Envelope-to: info@healingthebody.net
    Delivery-date: Mon, 04 Jan 2010 20:50:11 -0500
    Received: from [74.92.19.93] (helo=cranneycompanies.com)
    by host.andeshelp.com with esmtps (TLSv1:AES128-SHA:128)
    (Exim 4.69)
    (envelope-from <unomig4896@cranneycompanies.com>)
    id 1NRyZ2-0002Z6-UB
    for info@healingthebody.net; Mon, 04 Jan 2010 20:50:11 -0500
    From: VIAGRA (c) Best Supplier <unomig4896@cranneycompanies.com>
    To: info@healingthebody.net
    Subject: Visitor info's personal 80% OFF
    MIME-Version: 1.0
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    X-Spam-Status: No, score=1.1
    X-Spam-Score: 11
    X-Spam-Bar: +
    
    Thanks
     
    #9 AndesHelp, Jan 8, 2010
    Last edited by a moderator: Mar 29, 2010
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You're in luck then, cPanel has got you covered. :)

    Login to your cPanel account, click the icon titled Default Address. Next page select the domain on the drop down list, tick Discard with error and add this: No Such User Here

    Next, go to WHM, Tweak Settings, Mail section and find this:

    Select fail, and save.

    Nothing to trash here.

    GL!
     
  11. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Thanks. I found the WHM setting easy enough. That should help.

    I found 'Default Address' under the 'Mail' Icon in cPanel. This is what it showed for 'Default Address Maintenance'.
    I changed it to:
    I hope that was the right setting. If so, then I will go to each of my clients cPanels and set them up with the same settings. I am a little concerned because it says that :fail: will 'bounce' the message. Some time ago, message bouncing got me put onto another blacklist for 'back scatter'.

    Thanks
     
  12. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Unfortunately, such blocking is still technically very hard although Sender-Verify is used to try to prevent it, and Domain Keys (hardly ever used) and SPF (more common) help a lot. This is also called a "joe job" so you can Google for that if you need help.

    The other preventive tip for this is to make sure people on your server don't list their email addresses on their webpages in plain text. On average, Project Honeypot (think that's their name) said that each time an email address is harvested from a webpage you get 800 spam messages to that email address.

    You haven't told us the blacklist you're on, as the criteria vary widely, and the solution would also vary widely. However, as far as I know, there are almost no blacklists that will add you for spam sent by other people; you are usually only added when your server is actually sending the spam. There's lots of info around on how to secure your server from sending spam - in summary: SMTP tweak, per-user hourly mail limits, and install something like CSF.

    The other thing that will help enormously if you're in hosting for the long term is to get the server hardened by an expert. Just like it takes years to become proficient at MS admin for servers, it takes some time to get proficient at admin on Unix servers, and getting your server hardened by someone knowledgeable will give you a nice leg-up and save you a lot of time and grief. The Configserver people mentioned previously (CSF) do that service, and Infopro who helped above may also do that (and is well known and trustworthy).
     
    #12 brianoz, Jan 9, 2010
    Last edited: Jan 9, 2010
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  14. AndesHelp

    AndesHelp Member

    Joined:
    Nov 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Blacklist robber-baron senderscore.org

    Thanks brianoz for the information.

    It was SenderScore.org, owned by ReturnPath.net.

    They will not tell you why they blacklisted you. They will only show you a web page with a Generic message. It starts with "There are many reasons why your IP may be listed. Your IP may have sent emails similar to SPAM messages. etc..."

    I came to this Forum searching for answers and recommendations. After spending many hours on the phone with ComCast, who started blocking our emails and subscribes to the SenderScore.org blacklist. They had no answer or recommendation.

    I tried for a few days to get an answer from SenderScore.org and ReturnPath.net to find out why my IP was blacklisted.

    I could never find any way to contact them, unless I wanted to purchase their software, to keep from being blacklisted by them again. Their business philosophy seems to be "We can put you on a blacklist any time we want and we don't have to tell you why. You can't even bother us with an email. Just buy our product to keep from being blacklisted again."

    Thanks
     
  15. tangowebs

    tangowebs Well-Known Member

    Joined:
    Oct 12, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    0
    SPAM email inected on server, generated on random email accounts like @yahoo.com. Ive enabled headers, this is one of the results


    Code:
    #################################
    1NwQUe-0005q9-IG-H
    mailnull 47 12
    <>
    1269913428 0
    -ident mailnull
    -received_protocol local
    -body_linecount 171
    -max_received_linelength 396
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -localerror
    XX
    1
    i_c_q@yahoo.com
    
    148P Received: from mailnull by server2.xxxx.com with local (Exim 4.69)
    id 1NwQUe-0005q9-IG
    for i_c_q@yahoo.com; Mon, 29 Mar 2010 22:43:48 -0300
    229 X-Failed-Recipients: ibarra_dx@att.net,
    evan4re@earthlink.net,
    mlhtn@earthlink.net,
    rajos@earthlink.net,
    scadwell@earthlink.net,
    eric.demars@earthlink.net,
    tuffnutt69420@earthlink.net,
    secondwindkites@earthlink.net
    029 Auto-Submitted: auto-replied
    066F From: Mail Delivery System <Mailer-Daemon@server2.xxxx.com>
    020T To: i_c_q@yahoo.com
    059 Subject: Mail delivery failed: returning message to sender
    055I Message-Id: <E1NwQUe-0005q9-IG@server2.xxxx.com>
    038 Date: Mon, 29 Mar 2010 22:43:48 -0300
    
    
    Another one:
    #################################
    1NwQLn-0004iy-6n-H
    mailnull 47 12
    <i_c_q@yahoo.com>
    1269912879 0
    -helo_name 174.132.180.130
    -host_address 127.0.0.1.38005
    -host_name localhost
    -interface_address 127.0.0.1.25
    -received_protocol esmtp
    -body_linecount 107
    -max_received_linelength 979
    YY jnally@earthlink.net
    YY elorie@earthlink.net
    YY chrisitalbott@earthlink.net
    YY amckerrell@earthlink.net
    YY 948mysteye@cox.net
    YY 325leng888@cox.net
    NN 1082151@cox.net
    YN 720shelleychandler@cox.net
    NN 586louise.pesano@cox.net
    YY a.mehta@cox.net
    NN 957smille3@cox.net
    NN alware@att.net
    YY blbarclay@earthlink.net
    YY artashline@cox.net
    NN ank1@cox.net
    YY b.crotts@att.net
    NN astridmartello@cox.net
    NN bjia87@cox.net
    YN charissamccluskey@cox.net
    NN charfauros@cox.net
    YY dc200@earthlink.net
    YY cjblanc@cox.net
    NN christinescreations@cox.net
    YY clopez9429@juno.com
    NN claborn@cox.net
    NN creates@cox.net
    YY dknapp4@cox.net
    YY dgog@cox.net
    NN dgallagher@cox.net
    NN dgrigsby@cox.net
    YY dscholl2@cox.net
    NN domenic4@cox.net
    NN edmyers@cox.net
    YY greenkl@earthlink.net
    YY fclibrary@earthlink.net
    YY esreily@earthlink.net
    NN eric.demars@earthlink.net
    YY evella@cox.net
    NN evan4re@earthlink.net
    NN faithful-warrior@juno.com
    YY gettone@cox.net
    NN freyalee@cox.net
    NN grandelli@cox.net
    YY jamesnelson@cox.net
    YY hult57@earthlink.net
    NN hallie914@cox.net
    YN isiahjoly@cox.net
    NN ibarra_dx@att.net
    YY jebonnet@cox.net
    NY jb.camp@cox.net
    NN jchann11@cox.net
    amckerrell@earthlink.net
    aoden@bellsouth.net
    dwates@comcast.net
    dangator@comcast.net
    jnally@earthlink.net
    jarman3@bellsouth.net
    artashline@cox.net
    auseeker@comcast.net
    jebonnet@cox.net
    957smille3@cox.net
    hallie914@cox.net
    tom3344@cox.net
    secondwindkites@earthlink.net
    billbane@charter.net
    cabeza22@comcast.net
    a.mehta@cox.net
    cjblanc@cox.net
    tuffnutt69420@earthlink.net
    isiahjoly@cox.net
    dorothyjane@bellsouth.net
    eric.demars@earthlink.net
    1082151@cox.net
    rp5196@earthlink.net
    scadwell@earthlink.net
    careserv@bellsouth.net
    totslady@comcast.net
    caw98@bellsouth.net
    suebarry@optonline.net
    icarpenter@bellsouth.net
    maryhurst1@cox.net
    rajos@earthlink.net
    mdld@earthlink.net
    deebaxter@comcast.net
    alware@att.net
    pokeyhimes@comcast.net
    mlhtn@earthlink.net
    evan4re@earthlink.net
    antapex@comcast.net
    margaretebrann@cox.net
    mjgeorge12@comcast.net
    fclibrary@earthlink.net
    agfowler@comcast.net
    charissamccluskey@cox.net
    christinescreations@cox.net
    bilbreyt@charter.net
    margrett.vansickle@cox.net
    biewer@bellsouth.net
    wwjr@cox.net
    psualum58@earthlink.net
    kinzlad@comcast.net
    across63@comcast.net
    beckymulligan@comcast.net
    gettone@cox.net
    charfauros@cox.net
    tiggettcsi06@earthlink.net
    dgrigsby@cox.net
    devans716@comcast.net
    primo150@cox.net
    sarahben@earthlink.net
    blbarclay@earthlink.net
    jb.camp@cox.net
    astridmartello@cox.net
    lorjo@bellsouth.net
    faithful-warrior@juno.com
    william_farry@bellsouth.net
    ank1@cox.net
    kareen.pauls@cox.net
    greenkl@earthlink.net
    snash1@cox.net
    doggman211@comcast.net
    permestate@comcast.net
    325leng888@cox.net
    lar999@cox.net
    y_patterson45@comcast.net
    patmike.askay@earthlink.net
    lly96@earthlink.net
    rmland@earthlink.net
    petichenor@earthlink.net
    dgallagher@cox.net
    kdevildog@charter.net
    fyrefli9@bellsouth.net
    drengifo@comcast.net
    mkoneill@comcast.net
    wtash720@cox.net
    rrdecris@cox.net
    weadjust@comcast.net
    mec3245@earthlink.net
    jjku@comcast.net
    lachellev8@cox.net
    paulmilsap@comcast.net
    586louise.pesano@cox.net
    pattersonxk@att.net
    creates@cox.net
    nabostic@bellsouth.net
    jchann11@cox.net
    m.calderon_gb@earthlink.net
    charles_batzel@charter.net
    esreily@earthlink.net
    allenshulman@bellsouth.net
    fropa@optonline.net
    laurain@earthlink.net
    renee323@earthlink.net
    craigs@comcast.net
    nppolutta@bellsouth.net
    bcreviere@comcast.net
    patricklewis1@charter.net
    cayanni@comcast.net
    bjia87@cox.net
    bsb_freak@charter.net
    awaisb@comcast.net
    yoheim@comcast.net
    deat4784@bellsouth.net
    freyalee@cox.net
    dgog@cox.net
    valjos@cox.net
    joselyn@earthlink.net
    lesschwartz@charter.net
    mooresb@charter.net
    dc200@earthlink.net
    ccn2003@comcast.net
    chrisitalbott@earthlink.net
    chucksducks@comcast.net
    maureeng1@cox.net
    stevenkolb@cox.net
    msvblang@cox.net
    claborn@cox.net
    clopez9429@juno.com
    walterhayes@earthlink.net
    bomictay@bellsouth.net
    
    199P Received: from localhost ([127.0.0.1] helo=174.132.180.130)
    by server2.xxxxx.com with esmtp (Exim 4.69)
    (envelope-from <i_c_q@yahoo.com>)
    id 1NwQLn-0004iy-6n; Mon, 29 Mar 2010 22:34:39 -0300
    038 Date: Mon, 29 Mar 2010 22:34:39 -0300
    1090T To: ads_n_things@bellsouth.net, elorie@earthlink.net, ltornberg@cox.net, alanmf1233@comcast.net, thau@cox.net, grandelli@cox.net, dknapp4@cox.net, godetroit@comcast.net, domenic4@cox.net, ibarra_dx@att.net, kenweldon@earthlink.net, mayer_rg@att.net, dscholl2@cox.net, jim8037@cox.net, polkadottgiraffe@cox.net, mgconey@bellsouth.net, 720shelleychandler@cox.net, jpd426@cox.net, wheaties1025@cox.net, evella@cox.net, venus619@cox.net, cfuchs22@charter.net, maplemanor@comcast.net, edmyers@cox.net, lkafrina@comcast.net, felixgonzalez@comcast.net, laineyjane@cox.net, irishmom1956@optonline.net, ralves1@cox.net, kevinchristine@comcast.net, mrobnet@comcast.net, aidylm@bellsouth.net, karmul1955@earthlink.net, ogschmidt@cox.net, 948mysteye@cox.net, sskumar@earthlink.net, millerty@bellsouth.net, hult57@earthlink.net, bsimon66@comcast.net, tcstone74@cox.net, smcclellanop@att.net, strodes@bellsouth.net, m.easlick@comcast.net, b.crotts@att.net, hxt@comcast.net, mysusu@comcast.net,
    jamesnelson@cox.net, amckerrell@earthlink.net, aoden@bellsouth.net, dwates@comcast.net, dangator@comcast.net
    034F From: Root User <i_c_q@yahoo.com>
    026R Reply-To: i_c_q@yahoo.com
    024S Sender: i_c_q@yahoo.com
    046 Subject: Body-Building in clinic (best price)
    063I Message-ID: <795f8e1432ae4a4f41bc1719fc6e1767@174.132.180.13 0>
    014 X-Priority: 3
    026 X-MSMail-Priority: Normal
    017 X-Mailer: PhpBB3
    018 X-MimeOLE: phpBB3
    047 X-phpBB-Origin: phpbb://serverip/forums
    048 X-AntiAbuse: Board servername - serverip
    028 X-AntiAbuse: User_id - 8815
    038 X-AntiAbuse: Username - Administrator
    039 X-AntiAbuse: User IP - serverip
    018 MIME-Version: 1.0
    082 Content-Type: multipart/alternative;
    boundary="795f8e1432ae4a4f41bc1719fc6e1767"
    014 X-ACL-Warn: {
    094 X-server2.xxxxx.com-MailScanner-Information: Please contact the ISP for more information
    058 X-server2.xxxxx.com-MailScanner-ID: 1NwQLn-0004iy-6n
    116 X-server2.xxxxx.com-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
    049 X-server2.xxxxx.com-MailScanner-SpamCheck: 
    059 X-server2.xxxxx.com-MailScanner-From: i_c_q@yahoo.com
    018 X-Spam-Status: No 
    
    
    
     
    #15 tangowebs, Mar 29, 2010
    Last edited by a moderator: Mar 29, 2010
Loading...

Share This Page