what am I dealing with here?

admin at lctn.org admin at lctn.org
Mon Mar 31 16:53:29 IST 2008 

I got a call from a school we scan mail for, complaining they are getting some inappropriate email, which is sailing through our scanner with a very low score. 

I found the message shows it is being delivered by some other server from Venezuela, with our relay server listed second from the bottom. The header is not showing accurate information either on some of the messages, as far as To, and From 

What can I do to shut this down? 

I have included info from one of the messages. 

IP Address Hostname Country RBL Spam Virus All 98.136.44.51 n75.bullet.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 
216.252.122.218 t3.bullet.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 
69.147.65.156 omp404.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 
127.0.0.1 relay-4.lctn.org (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 
190.72.118.113 190-72-118-113.dyn.dsl.cantv.net Venezuela [ ] [ ] [ ] [ ] 


ID: DDD5238001C.94591 
Message Headers: Received: from n75.bullet.mail.sp1.yahoo.com (n75.bullet.mail.sp1.yahoo.com [98.136.44.51]) 
by relay-4.lctn.org (Postfix) with SMTP id DDD5238001C 
for <khippen at kms.k12.mn.us>; Sun, 30 Mar 2008 15:52:54 -0500 (CDT) 
Received: from [216.252.122.218] by n75.bullet.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 
Received: from [69.147.65.156] by t3.bullet.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 
Received: from [127.0.0.1] by omp404.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 
X-Yahoo-Newman-Property: ymail-5 
X-Yahoo-Newman-Id: 493512.39708.bm at omp404.mail.sp1.yahoo.com 
Received: (qmail 45004 invoked by uid 60001); 30 Mar 2008 20:52:30 -0000 
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; 
s=s1024; d=yahoo.com; 
h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; 
b=b+ZjzHg4KHt6d2gKflATIw5TohQzUJ2lVPcqPbCiIzlU0n9Skvc3hKz2zcy7/3ZRkqvljZS5DQ7phzi/Dne1Ck4n86QHnd9NDrHSRSrACynu0T1/3K0SzFioRVRMWFoxXX2g8lOTbU3O49yfsL3f5JkzdTeCQe0YnugSXEdj3Qc=; 
X-YMail-OSG: yeipdhMVM1lQDWuM.8hWb8yJBWFZbzK4JI34oV3jP0PoM3jGYlMQ8biezzdcUn_FkPMGvxIVHMnS7QiNtCYcm_FKjPDA.J.e1LI- 
Received: from [190.72.118.113] by web45105.mail.sp1.yahoo.com via HTTP; Sun, 30 Mar 2008 13:52:30 PDT 
Date: Sun, 30 Mar 2008 13:52:30 -0700 (PDT) 
From: joie mudra <joiemudra4458 at yahoo.com> 
Subject: hey 
To: kensmith16123940 at netscape.com 
MIME-Version: 1.0 
Content-Type: multipart/alternative; boundary="0-1647990638-1206910350=:30060" 
Content-Transfer-Encoding: 8bit 
Message-ID: <258826.30060.qm at web45105.mail.sp1.yahoo.com> 

-- 
Raymond Norton 
LCTN 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/8f333349/attachment.html

More information about the MailScanner mailing list