Possible to remove peter at gizmoman.net from users list Was: The "peter at gizmoman.net" dilemma

David Hart ubuntu at tonix.org
Fri Jan 5 02:08:23 UTC 2007

On Thu 2007-01-04 10:42:47 -0400, Derek Broughton wrote:
> David Hart wrote:
> > Take a look at the (forged) headers of the messages and you'll see that
> > they don't go through Ubunutu servers so there's nothing (directly) that
> > the list admins can do about it.
> of course there is - just remove him from the list.  I don't think the
> headers are forged, it's just a very bad autoresponder.

Well of course they're autoresponder messages.  Bounce messages _are_
autoreponder messages but, judging from the messages that I received,
they are _forged_ bounce messages.

Here's the header where my smtp server (mutt) Received a "bounce":

# Received: from beachbum-server.beach-bum-solutions.com (unknown [])
#         by mutt.jynn.tonix.org (Postfix) with ESMTP id DBD906E89
#         for <ubuntu at tonix.org>; Thu,  4 Jan 2007 07:29:08 +0000 (GMT)

I _know_ that the IP address that the message came from is correct
because it was recorded by _my_ server.

# david at mutt:~$ dig +short beach-bum-solutions.com
# david at mutt:~$ dig +short beachbum-server.beach-bum-solutions.com
# david at mutt:~$ dig +short gizmoman.net

So the message is actually coming from the IP address of gizmoman.net.
That doesn't mean that the owner of gizoman.net is responsible for the
spam - many domains could be pointing at - but _someone_
who is able to send smtp from that IP address _is_ responsible.

David Hart <ubuntu at tonix.org>

More information about the ubuntu-users mailing list