Weired Spam
Marco Obaid
marco at MUW.EDU
Tue Aug 5 22:28:25 IST 2003
Hi all,
Could someone tell me how this spam is getting through?
I am having to block IP ranges to stop it. But, I am just curious if anyone of
you knows how this spammer is tricking MS to not run spam checks. Or, if there
is anything that I can tweak to stop it from slipping through.
Here is the spam:
Note: Avsmtp01 is mail gatway
sunmuw1 is my mailserver
*****************************
Return-Path: <hkew2002 at yahoo.com.hk>
Received: from avsmtp01.muw.edu (avsmtp01.MUW.Edu [192.231.29.4])
by sunmuw1.muw.edu (8.11.6/8.11.6) with ESMTP id h75LAXD31167;
Tue, 5 Aug 2003 16:10:33 -0500
Received: from x ([61.93.74.68])
by avsmtp01.muw.edu (8.12.8/8.12.8) with SMTP id h75KnOcO023594;
Tue, 5 Aug 2003 15:49:26 -0500
Date: Tue, 5 Aug 2003 15:49:24 -0500
Received: from mail
by saturn.seed.net.tw with SMTP id flr7ms0YXcutjJe2HdAA;
Wed, 06 Aug 2003 04:53:54 +0800
Message-ID: <rmFgV85bpBGdDy at giga.net.tw>
From: hkew2002 at yahoo.com.hk
To: \HK033.TXT at avsmtp01.muw.edu, \HK001.TXT at avsmtp01.muw.edu,
\HK002.TXT at avsmtp01.muw.edu, \HK003.TXT at avsmtp01.muw.edu,
\HK004.TXT at avsmtp01.muw.edu, \HK005.TXT at avsmtp01.muw.edu,
\HK006.TXT at avsmtp01.muw.edu, \HK007.TXT at avsmtp01.muw.edu,
\HK008.TXT at avsmtp01.muw.edu, \HK009.TXT at avsmtp01.muw.edu,
\HK010.TXT at avsmtp01.muw.edu, \HK011.TXT at avsmtp01.muw.edu,
\HK012.TXT at avsmtp01.muw.edu, \HK013.TXT at avsmtp01.muw.edu,
\HK014.TXT at avsmtp01.muw.edu, \HK015.TXT at avsmtp01.muw.edu,
\HK016.TXT at avsmtp01.muw.edu, \HK017.TXT at avsmtp01.muw.edu,
\HK018.TXT at avsmtp01.muw.edu, \HK019.TXT at avsmtp01.muw.edu,
\HK020.TXT at avsmtp01.muw.edu, \HK021.TXT at avsmtp01.muw.edu,
\HK022.TXT at avsmtp01.muw.edu, \HK023.TXT at avsmtp01.muw.edu,
\HK024.TXT at avsmtp01.muw.edu, \HK025.TXT at avsmtp01.muw.edu,
\HK026.TXT at avsmtp01.muw.edu, \HK027.TXT at avsmtp01.muw.edu,
\HK028.TXT at avsmtp01.muw.edu, \HK029.TXT at avsmtp01.muw.edu,
\HK030.TXT at avsmtp01.muw.edu, \HK031.TXT at avsmtp01.muw.edu,
\HK032.TXT at avsmtp01.muw.edu
Subject:
=?big5?Q?=A5~=B6=D7=A1B=B6=C0=AA=F7=A1B=A5=D5=BB=C8=A1B=AA=D1=B2=BC=A7=DE=B3N=A8=AB=B6=D5=A7=EB=B8=EA=A5=FE=A7=F0=B2=A4
=B6g=A4@=B0]=B8g=AEy=BD=CD=B7|?=
MIME-Version: 1.0
Content-type: multipart/mixed;
boundary="__MailScanner_found_Cyrus_boundary_substring_problem__"
X-Mailer: swFfgvA2gSn0ZvjbBqECkw55zHSfr
X-Priority: 3
X-MSMail-Priority: Normal
X-MailScanner: Found to be clean, Not scanned: please contact your Internet
E-Mail Service Provider for details
X-MailScanner-Information: Please contact the ISP for more information
This is a multi-part message in MIME format.
--__MailScanner_found_Cyrus_boundary_substring_problem__
Content-Type: multipart/alternative;
boundary="----=_NextPart_83t8Wg3xbHcq9PFxhaAA"
------=_NextPart_83t8Wg3xbHcq9PFxhaAA
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
=AD^=AC=D3=AA=F7=BF=C4=B6=B0=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q-=A5~=
=B6=D7=A5=E6=A9=F6=B0=D3=B5P=B7=D3:FXT000040
=AD^=AC=D3=AA=F7=B7~=A7=EB=B8=EA=A6=B3=AD=AD=A4=BD=A5q-(=AD^=AC=D3=B6=B0=B9=
=CE=A6=A8=AD=FB)
=A5~=B6=D7=A1B=B6=C0=AA=F7=A1B=A5=D5=BB=C8=A1B=AA=D1=B2=BC=A7=DE=B3N=A8=AB=
=B6=D5=A7=EB=B8=EA=A5=FE=A7=F0=B2=A4 =B6g=A4@=B0]=B8g=AEy=BD=CD=B7|=09
=B6g=A4@=AEy=BD=CD=B7|=A9l=B3=D0=A9=F31997=A6~7=A4=EB=A1A=B6W=B9L270=B3=F5=
=C1=BF=AEy=A1A=B3=F5=B3=F5=BA=A1=AEy=A1C=BCs=B5=B2=A8}=BDt=A1A=AC=B0=A7=EB=
=B8=EA=AA=CC=AB=FC=C2I=B0g=ACz=A1A=B9=F0=B3=D0=A8=CE=C1Z=A1C=BD=F1=A4J6=B6g=
=A6~=A1A=A5[=B1j=B0}=AEe=A1A=B4=A3=A4=C9=A7=EB=B8=EA=A6^=B3=F8=B2v=A1A=AC=
=B0=A7K=A6V=B6=A8=A1A=B1q=B3t=ADq=AEy=A1C
=A9=B9=C1Z=A6^=C5U=A1G
1997=A6~=A6=A8=A5\=B9w=B4=FA=AA=F7=BF=C4=AD=B7=BC=C9=A8=D3=C1{=A1A=B7=ED=A6=
~=B9w=B4=FA=AA=D1=A5=AB=A4=CE=BC=D3=A5=AB=B7|=A4U=B6^30%=A1C
1998=A6~=AB=D8=C4=B3=AB=C8=A4=E1=F9=DA=AB=FC7000=C2I=B6R=A4J=F9=DA=A5=CD=BB=
=C8=A6=E6=A1B=A9M=B6=C0=A1B=A4=A4=ABH=AE=F5=B4I=A1C
1999=A6~=AB=D8=C4=B3=AB=C8=A4=E1=AA=F8=B4=C1=B6R=A4J=B6=C0=AA=F7=A1A=B6R=A4=
J=ABa=ADx=AC=EC=A7=DE=A1B=B3=D0=AC=EC=B9=EA=B7~=A1B=AAF=A4=E8=A4=E9=B3=F8=
=A1C
2000=A6~=A6=A8=A5\=B9w=B4=FA=AC=FC=B0=EA=AC=EC=BA=F4=AA=D1=AAw=AAj=C3z=AF}=
=A1C
2001=A6~=AB=D8=C4=B3=AB=C8=A4=E1=AA=F8=BDu=B6R=A4J=BFD=A4=B8=A4=CE=AF=C3=A4=
=B8=A1B=A5=D5=BB=C8=A1C
2002=A6~=AB=D8=C4=B3=AB=C8=A4=E1=A4j=A4=E2=A7l=A4J=B6=C0=AA=F7=A4=CE=BC=DA=
=C3=B9=A1C
2003=A6~1=A4=EB=AE=C9=BFW=AEa=B1=C0=A4=B6=A4=D3=A5j=ACv=A6=E6A=A1B=A4E=C0s=
=AD=DC=A1B=A5[=A4=B8=A1B=A5=D5=BB=C8=A1B=BC=DA=C3=B9=B7=E7=A4h=A5=E6=A4e=BD=
L=A1B=BFD=ACw=A4=E9=A4=B8=A4e=BDL=A1C
=A5=BC=A8=D3=B1=B4=AF=C1=A1G
1.=B1=D0=A7A=A6p=A6=F3=A7Q=A5=CE=A4Q=A6~=AE=C9=B6=A1=A1A=A7=EB=B8=EA=A6^=B3=
=F8=B2v=B0=AA=B9F1000=AD=BF=AA=BA=A7=EB=B8=EA=B5=A6=B2=A4=A1C
2.=AD=E5=AAR=C1=C8=BF=FA=A4=A7=AF=AB=A1A=C1=C8=BF=FA=A4=DF=AAk=A1A=B2=B4=A5=
=FA=A1A=AD@=A9=CA=A1A=AE=C9=BE=F7=A4=A7=B4x=B4=A4=A1C
3.=B1M=AEa=B1=D0=A7A=A1A=A4=FB=A5=D6=A4W=B8=A8=A5=AB=AA=A3=AAi=B4T=A1A=A8C=
=ACP=B4=C1=C1=C8=A8=FA=B9s=A5=CE=BF=FA=A1C
4.=A6p=A6=F3=A7Q=A5=CE=B3f=B9=F4=A9=CE=AA=D1=B2=BC=B1=BE=B3=A8=C1=C8=A8=FA=
=B0=AA=AE=A7=A1C
5.=A6p=A6=F3=A7Q=A5=CE=F9=DA=AB=FC=BB{=AAf=BD=FC=A4=CE=BB{=C1=CA=BD=FC=A1A=
=A4M=A5J=BF=F7=A4j=BE=F0=A1C
6.=B6R1 3=B8=B9=A9M=B6=C0=A1A=A7=F5=B9=C5=B8=DB=A5=FD=A5=CD=BE=CC=A7=C0=B9B=
=A6=A8=A5@=AC=C9=AD=BA=B4I=A1C
7.=B6=C0=AA=F7=A4=FB=A5=AB=A4v=B1=D2=B0=CA=A1A=B6R=AA=F7=A5i=ABO=AD=C8=A1C
8.=B0=B5=A8=AC=B7=C7=B3=C6=A5\=A4=D2=A1A=AA=EF=B1=B5=A5=D5=BB=C8=A4j=A4=FB=
=A5=AB=A1A=C1=C8=A8=FA3=AD=BF=A7Q=BF=FA=A1C
9.=B1M=B7~=A4=C0=AAR=BC=DA=C3=B9=A1B=A4=E9=A4=B8=A1B=AD^=C2=E9=A1B=B7=E7=A4=
h=AAk=AD=A6=A1B=BFD=A4=B8=A1B=AF=C3=A4=B8=A1B=A5[=A4=B8=A1B=B6=C0=AA=F7=A1B=
=A5=D5=BB=C8=A1A=A8C=B6g=A5=AB=B3=F5=A8=AB=B6=D5=A1A=A7=D6=A4H=A4@=A8B=A1A=
=AC}=B1x=A5=FD=BE=F7=A1C
=C1=BF=AA=CC=A1G=B1i=B7=D8=ACu=A5=FD=A5=CD=A1i=AD^=AC=D3=AA=F7=BF=C4=B6=B0=
=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=C1`=B5=F4=A1j=AD=DD=A1i=B8=EA=B2=
`=A7=EB=B8=EA=B5=FB=BD=D7=AD=FB=A1j=A4w=B1q=A8=C6=A5~=B6=D7=A1B=B6=C0=AA=F7=
=A5=E6=A9=F6=A4G=A4Q=A6~=B8g=C5=E7
=A4=FD=B2=D0=A4=E5=A5=FD=A5=CD=A1i=AD^=AC=D3=AA=F7=BF=C4=B6=B0=
=B9=CE(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=B0=AA=AF=C5=B0=C6=C1`=B5=F4=A1j=
=AD=DD=A1i=AD^=AC=D3=C3=D2=A8=E9(=AD=BB=B4=E4)=A6=B3=AD=AD=A4=BD=A5q=C0=E7=
=B7~=B8g=B2z=A1j=A4w=B1q=A8=C6=A5~=B6=D7=A1B=AA=D1=B2=BC=A5=E6=A9=F6=A4Q=BE=
l=A6~=B8g=C5=E7
=A4=E9=B4=C1=A1G2003=A6~8=A4=EB13=A4=E9=B3{=ACP=B4=C1=A4@=B1=DF=A4W(=B0=B2=
=B4=C1=B0=A3=A5~)
=AE=C9=B6=A1=A1G=B1=DF=A4W=A4C=AE=C9=A4T=A4Q=A4=C0=A6=DC=A4E=AE=C9=A4T=A4Q=
=A4=C0
=A6a=C2I=A1G=AD=BB=B4=E4=C6W=A5J=B0a=A5=A7=B8=D6=B9D288=B8=B9=AD^=AC=D3=B6=
=B0=B9=CE=A4=A4=A4=DF23=BC=D3
=B6O=A5=CE=A1G=A8C=B0=F3=B4=E4=B9=F440=A4=B8=A5=BF
=AFd=AEy=B9q=B8=DC=A1G8105 8580=B6=C0=A5=FD=A5=CD
=AD=B7=C0I=C1n=A9=FA=A1G=A7=EB=B8=EA=AA=CC=C0=B3=A9=FA=A5=D5=A8=EC=A5~=B6=
=D7=A5=AB=B3=F5=AA=BA=AC=D5=C1=AB=AD=B7=C0I=A1A=A9=D2=AD=B1=B9=EF=AA=BA=B7l=
=A5=A2=A5i=AF=E0=B7|=B0=AA=A9=F3=A5I=A5X=AA=BA=ABO=C3=D2=AA=F7=C3B=A1A=A5=
=AB=B3=F5=AD=B7=C0I=A4=A3=A4@=A9w=AF=E0=A6b=B9w=ADp=A4=A7=A4=BA=A1A=BAb=B1=
=EC=A6=A1=A5~=B6=D7=A5=E6=A9=F6=B0=D3=A8=C3=A4=A3=AF=E0=B9=EF=A7=EB=B8=EA=
=AA=CC=A9=D2=AD=B1=B9=EF=AA=BA=AD=B7=C0I=A7@=A5X=ABO=C3=D2=A1C
------=_NextPart_83t8Wg3xbHcq9PFxhaAA--
--__MailScanner_found_Cyrus_boundary_substring_problem__
Content-Type: application/octet-stream;
name="C:\Documents and Settings\Administrator\®à±\¶g¤@°]¸g®y½Í·|.DOC"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="¶g¤@°]¸g®y½Í·|.DOC"
**********************************************
What in the world is HK*.TXT@ ...? There are not such users.
Thanks for any insights
Marco
_________________________________________________________________
This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail
For the latest MUW Events, visit http://www.MUW.Edu/calendar
More information about the MailScanner
mailing list