broken emails from techtarget/crn mag? omeda communications?

Michael Scheidell michael.scheidell at secnap.com
Fri Jul 22 17:50:03 CEST 2011 

any of you subscribed to techtarget or crm emails?

seems on june 16th or 17th, something broke. and I am trying to 
determine if its something we did or something they did.

headers come in, received, received, then a BIG BLANK LIKE, then

DATA DKIM

(its almost like they shoved an extra DATA\r\n in there. or SA did.. or 
amavisd-new did)

sometimes they are totally blank.

headers (yes, it looks like spam, this one does) but we do have people 
who subscribed to it. notice the blank line after the received header?
if you grep for 205.162.4[0-7]\.* you might see some like this.
(and, no, this is not after microsoft mangles it.. maybe amavisd/sa/dkim 
version 38 does, but I don't know)


Received: from crnnetwork.com (crnnetwork.com [205.162.47.163])
         by mx2.slpowers.com.ionspam.net (Postfix) with ESMTP id 115F06FE15B
         for <user at domain.com>; Fri, 22 Jul 2011 10:08:50 -0400 (EDT)

DATA
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; 
t=1311343699; d=crnnetwork.com; s=dkim; 
h=date:message-id:from:to:subject:mime-version:content-type:list-unsubscribe; 
bh=WveFEzHxhYkhwXaVxeYtjjm8Q34bjdVex+sTxWOdwXg=; 
b=lL4+c3ymOfW+NTTsa1liqJrB4TPeV5ANFPiFeTkow8XWD796wMJdsCUVh8iNyuThGzngShLI0AByxbZk5g6MmWMNbujzSKf2Tnpm59BcISmOxOsVvUpNSfYO07K2rrqvDlRyiu0SZ6LZz85XAcVJGFHYXYXr1Z+GG6QwByltY4M=; 

Date: Fri, 22 Jul 2011 09:08:19 -0500 (CDT)
Message-ID: 
<4Oz1ccmceDmcBfmLekDNsxjec.mD.1311343694695 at OMS05.crnnetwork.com>
From: CRN <CRNmagazine at crnnetwork.com>
Sender: CRN <CRNmagazine at crnnetwork.com>
Reply-To: CRN <CRNmagazine at crnnetwork.com>
To: user at domain.com
Subject: Confirm Your Free Subscription to CRN Magazine Now
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=----4Oz1ccmceDmcBfmLekDNsxjec.mD
X-MailSessionID: 4Oz1ccmceDmcBfmLekDNsxjec.mD.1311343694695
Referer: http://crnnetwork.com/portal/

------4Oz1ccmceDmcBfmLekDNsxjec.mD

common factors seem to be their ESP

NetRange:       205.162.40.0 - 205.162.47.255
CIDR:           205.162.40.0/21
OriginAS:
NetName:        SPRINTLINK
NetHandle:      NET-205-162-40-0-1
Parent:         NET-205-160-0-0-1
NetType:        Reassigned
RegDate:        2003-11-12
Updated:        2003-11-12
Ref:            http://whois.arin.net/rest/net/NET-205-162-40-0-1

OrgName:        Omeda Communications



-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20110722/4849ffb1/attachment.html>

More information about the amavis-users mailing list