Possible to remove peter at gizmoman.net from users list Was: The "peter at gizmoman.net" dilemma

[David Hart]

On Thu 2007-01-04 10:42:47 -0400, Derek Broughton wrote:
> David Hart wrote:
> 
> > Take a look at the (forged) headers of the messages and you'll see that
> > they don't go through Ubunutu servers so there's nothing (directly) that
> > the list admins can do about it.
> 
> of course there is - just remove him from the list.  I don't think the
> headers are forged, it's just a very bad autoresponder.

Well of course they're autoresponder messages.  Bounce messages _are_
autoreponder messages but, judging from the messages that I received,
they are _forged_ bounce messages.

Here's the header where my smtp server (mutt) Received a "bounce":

# Received: from beachbum-server.beach-bum-solutions.com (unknown [202.87.14.34])
#         by mutt.jynn.tonix.org (Postfix) with ESMTP id DBD906E89
#         for <ubuntu at tonix.org>; Thu,  4 Jan 2007 07:29:08 +0000 (GMT)

I _know_ that the IP address that the message came from is correct
because it was recorded by _my_ server.

# david at mutt:~$ dig +short beach-bum-solutions.com
# 64.15.205.242
# david at mutt:~$ dig +short beachbum-server.beach-bum-solutions.com
# 64.15.205.242
# david at mutt:~$ dig +short gizmoman.net
# 202.87.14.34

So the message is actually coming from the IP address of gizmoman.net.
That doesn't mean that the owner of gizoman.net is responsible for the
spam - many domains could be pointing at 202.87.14.34 - but _someone_
who is able to send smtp from that IP address _is_ responsible.

-- 
David Hart <ubuntu at tonix.org>