渡る世間でヘマばかり

ただただ、吹き溜まってNIer方面に燻っている中年の痴呆ブログ

ついに俺にも北。

NW



ここ数週間、ごみメールが会社アドレスに届くようになる。
えぇ?変なところに登録しただろ?
ンなことしてないっすよ。(必死)
さて、ムカついたのでヘンタイはとりあえず調べてみるのでした。




■メールの特徴


SMTPのヘッダ書式をなにも知らないので
何が「正」で、何が「誤」なのか・・・(恥)
と、
ごみメールだけ以下の記述に統一性があったので
簡単にフィルタリングできた。

Received: from 送信元IP (HELO host名)
     by 会社のドメイン?.jp with esmtp ({nChar[8-12]} {nChar[4-6]})



この呪文がなんずらか(弱



■届いたメールの元を辿る。
3rdあたりで自社のGW。
送信元はばらばら?

2nd_Received: dc.savechildren.org ([79.139.172.211])
1st_Received: 66.204.18.137 (HELO barracuda.fayar.net)


2nd_Received: 222-4.pppoe.vitebsk.by (222-4.pppoe.vitebsk.by [86.57.222.4])
1st_Received: 12.3.177.20 (HELO cmsproxy1.certifiedreports.com)


2nd_Received: hurontel.on.ca (113-41-113-92.pool.ukrtel.net [92.113.41.113] (may be forged))
1st_Received: 130.253.1.74 (HELO smtpout.cair.du.edu)


2nd_Received: hurontel.on.ca ([88.204.243.4])
1st_Received: 130.253.1.74 (HELO smtpout.cair.du.edu)


2nd_Received: ppp78-37-7-6.pppoe.avangarddsl.ru (ppp91-122-108-111.pppoe.avangarddsl.ru [91.122.108.111])
1st_Received: 66.28.227.61 (HELO MAIL2.PAALP.com)


2nd_Received: urgohotels.com (b-internet.92.125.193.237.snt.ru [92.125.193.237] (may be forged))
1st_Received: 199.249.176.16 (HELO smtp06.express-scripts.com)


2nd_Received: urgohotels.com ([82.160.21.2])
1st_Received: 199.249.176.16 (HELO smtp06.express-scripts.com)


2nd_Received: alltel.net (54-202.adsl.dp.farlep.net [62.221.54.202] (may be forged))
1st_Received: 144.118.31.27 (HELO smtp.mail.drexel.edu)


2nd_Received: alltel.net ([217.20.134.145])
1st_Received: 144.118.31.27 (HELO smtp.mail.drexel.edu)


2nd_Received: gather.cl ([125.135.217.247])
1st_Received: 72.237.117.159 (HELO smtp1.co.durham.nc.us)


2nd_Received: powerlynk.com ([202.69.204.18])
1st_Received: 208.65.144.12 (HELO ptw.com.inbound15.mxlogicmx.net)


2nd_Received: kabsi.at (124.107.87.218.pldt.net [124.107.87.218] (may be forged))
1st_Received: 140.211.127.100 (HELO cougar.wou.edu)


2nd_Received: c24-78.i05-7.onvol.net (c24-78.i05-7.onvol.net [88.203.24.78])
1st_Received: 209.103.196.82 (HELO apdmxap07.athenet.net)


2nd_Received: ps-av.com ([58.54.230.111])
1st_Received: 67.39.166.4 (HELO nospam.ivnet.com)


2nd_Received: nhmccd.edu ([92.82.79.98])
1st_Received: 195.127.52.27 (HELO thor.ed.umuc.edu)


2nd_Received: sr.net (mail.tdkavz.ru [78.108.69.230] (may be forged))
1st_Received: 169.142.1.207 (HELO kcmsd.net)


2nd_Received: ppp91-76-204-146.pppoe.mtu-net.ru (ppp91-76-204-146.pppoe.mtu-net.ru [91.76.204.146])
1st_Received: 193.164.156.40 (HELO smtpa1.tf1.fr)


2nd_Received: uc.usbr.gov ([77.108.102.246])
1st_Received: 208.42.184.15 (HELO vmx.furcommission.com.redcondor.net)


2nd_Received: ppp-124-121-176-130.revip2.asianet.co.th (ppp-124-121-176-130.revip2.asianet.co.th [124.121.176.130])
1st_Received: 64.132.120.232 (HELO 64-132-120-232.static.twtelecom.net)


2nd_Received: bellsouth.net (spb-195-190-116-70.sovintel.ru [195.190.116.70] (may be forged))
1st_Received: 194.193.229.195 (HELO mailgate.davenportlyons.com)


2nd_Received: fmr.com ([121.16.164.119])
1st_Received: 164.119.247.104 (HELO mx04.ne.gov)


2nd_Received: kpmbarchitects.com ([116.18.120.254])
1st_Received: 12.6.41.81 (HELO relaybu2.harland.net)


2nd_Received: adsl-189-199.globonet.hu (adsl-189-199.globonet.hu [82.144.189.199])
1st_Received: 65.83.225.169 (HELO mrelec.com)


2nd_Received: maxgaming.net ([89.208.4.154])
1st_Received: 208.65.144.13 (HELO hipageco.com.inbound15.mxlogicmx.net)


2nd_Received: ppp89-110-9-192.pppoe.avangarddsl.ru (ppp78-37-210-6.pppoe.avangarddsl.ru [78.37.210.6])
1st_Received: 64.18.7.10 (HELO pace.edu.s8a1.psmtp.com)


2nd_Received: stlcop.edu ([125.112.206.216])
1st_Received: 66.199.31.140 (HELO mx.highspd.net)


2nd_Received: sachnoff.com (corporat200-093146210.sta.etb.net.co [200.93.146.210] (may be forged))
1st_Received: 156.65.14.19 (HELO gk-us2.michelin.com)


2nd_Received: aig.com ([41.221.17.93])
1st_Received: 209.215.149.65 (HELO navgw.usxpress.com)



■本文にあるURLは何者?
ぜんぶ、いっしょやんけ。ぬっころす。

astioh.com 118.129.65.81
baccharg.com 118.129.65.81
burivur.com 118.129.65.81
cretlam.com 118.129.65.81
deedigipe.com 118.129.65.81
gerifuea.com 118.129.65.81
goliateu.com 118.129.65.81
hugarred.com 118.129.65.81
jallouc.com 118.129.65.81
jirtuena.com 118.129.65.81
klinenery.com 118.129.65.81
lamcranh.com 118.129.65.81
lemonchi.com 118.129.65.81
miffikitt.com 118.129.65.81
mutyouch.com 118.129.65.81
pitshuni.com 118.129.65.81
placeteh.com 118.129.65.81
plinkimmo.com 118.129.65.81
rawjusm.com 118.129.65.81
sadmoet.com 118.129.65.81
solditen.com 118.129.65.81
swibapalb.com 118.129.65.81
torconus.com 118.129.65.81
uhsuhsh.com 118.129.65.81
weruaign.com 118.129.65.81



■おまえダレ?



% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul
descr: *************************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: http://whois.nic.or.kr/english/index.htm
descr: *************************************
country: KR
admin-c: DB50-AP
tech-c: DB50-AP
status: Allocated Portable
remarks: www.dacom.net
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hm-changed@apnic.net 20070912
source: APNIC

role: DACOM BORANET
address: DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku
address: Seoul
country: KR
phone: +82-2-2089-7755
fax-no: +82-2-2089-0706
e-mail: ipadm@nic.bora.net
e-mail: abuse@bora.net
e-mail: security@bora.net
admin-c: PE32-AP
tech-c: PE32-AP
nic-hdl: DB50-AP
mnt-by: MNT-KRNIC-AP
notify: hostmaster@nic.or.kr
remarks: IP address administrator group of NIC team, DACOM Corp.
remarks: If related with spam, send mail to abuse@bora.net
remarks: If related with security, send mail to security@bora.net
remarks: Only for whois information correction, send mail to ipadm@nic.bora.net
changed: jeonsi@bora.net 20041105
changed: hm-changed@apnic.net 20060428
source: APNIC

inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET-KR
descr: LG DACOM Corporation
country: KR
admin-c: IA5-KR
tech-c: IA5-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr
source: KRNIC