On Thu, Oct 16, 2003 at 10:33:14AM -0700, Buelna, Derek wrote:
> I'm pleased that these messages are free of viruses but.. I wouldn't
> be surprised if the messages are coming from the same PC. The mail
> server and or the list manager should be able to get the source IP,
> right? I'm thinking that it might be valid. I'd be glad to look into
> this if you could toss me the source IP..
Check the headers:
Received: (from Majordomo@localhost)
by rigel.cs.pdx.edu (8.12.10/8.12.3/Submit) id h9G2fZt3027348
for crime-outgoing; Wed, 15 Oct 2003 19:41:35 -0700 (PDT)
X-Authentication-Warning: rigel.cs.pdx.edu: Majordomo set sender to owner-crime@private using -f
Received: from tuttle.oit.pdx.edu (tuttle.oit.pdx.edu [131.252.120.29])
by rigel.cs.pdx.edu (8.12.10/8.12.10) with ESMTP id h9G2fOK1027326
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
for <crime@private>; Wed, 15 Oct 2003 19:41:25 -0700 (PDT)
Received: from localhost (evrtwa1-ar4-4-47-073-009.evrtwa1.dsl-verizon.net [4.47.73.9])
by tuttle.oit.pdx.edu (8.12.10/8.12.10) with SMTP id h9G2fMx8000787
for <crime@private>; Wed, 15 Oct 2003 19:41:22 -0700 (PDT)
Looks like 4.47.73.9 sent it.
That netblock is owned by Genuity. Best of luck convincing them it is
worth their time to track down a single windows user who didn't care
enough to buy an antivirus tool.
--
The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact
your congressman for details how *you* can buy one today!
This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 11:15:12 PDT