On 2007-12-05, Moe Trin <(E-Mail Removed)> wrote:
> On Wed, 5 Dec 2007, in the Usenet newsgroup comp.os.linux.networking, in
> article <8859813b-18b2-4cff-b9d0-(E-Mail Removed)>,
> Ohmster wrote:
Same shit, cannot even post to comcast now, posted, waiting on
confirmation, it does not come. Switching to slrn with Comcast to see if
I get better results. Don't want to rewrite the entire follow-up, will
try to past response in here and see if it works. Wish me luck.
(Eventually Xnews just hung on the post with the word "Stopped")
(E-Mail Removed) (Moe Trin) wrote in
news:(E-Mail Removed):
> On Wed, 5 Dec 2007, in the Usenet newsgroup comp.os.linux.networking,
> in article
> <8859813b-18b2-4cff-b9d0-(E-Mail Removed)>,
> Ohmster wrote:
>
>>I have to reply with google groups, for some reason, my server will
>>not accept this post. Says posting, done, waiting on confirmation
>>forever and it never goes up to Usenet.
>
> I don't see it here either. Lessee, you were unhappy with the comcast
> (giganews) server for some reason.
No, Comcast has quite a few headers stored because they outsource to
giganews but cut you off HARD at 2Gb per month. So actually I was using
the free nntp.aioe.org server for my Linux discussions. Less binary
clutter, nice and fast, lean and mean. But lately, they have been
refusing to acknowledge posts, Xnews just hangs waiting on confirmation,
slrn tells you the article was refused because so and so lines were too
long and need to be wrapped. Then nntp.aioe.org was telling me that too
many posts from my IP address, so no more posting right now. WTF?! I
tried everything I could and just gave up finally. Not even posting with
Comcast would work but I am trying again now. If that don't work, back
to google groups but I don't like that, many good people filter out
google groups. I will try slrn and Pan and see if I can get anywhere
with them, might even try installing rtin if I have to on my Linux box.
>>> http://www.codecutters.org/spam/smtpheaders.html
>>> http://www.stopspam.org/email/headers.html
>>
>>The codecutters site does not come up but stopspam does. Thanks Moe.
>
> OK - I'll strike them off the list.
I hear that. Really add this one, it seems to work with amazing
accuracy. I wish you would test it and see if you think it is as good as
I do. I could be way off base here but it seems amazing in the way it
deciphers email headers. I tried it on email, including yahoo, from
people all over the globe and it seems to have gotten the point of
origin dead on accurate. My brother in Panama uses yahoomail and it
pegged him dead on as Panama. If this tool is as good as I think it is,
I really need this to weed out scammers. I need to rent this room soon
and these Nigerian nuts are tying me up, asking questions, saying for
sure they want the room, send a deposit any day, can I see pictures,
etc., and all they are doing is preventing me from putting up signs and
getting more local ads out there.
http://www.ip2location.com/emailtracer.aspx
>
>>> IP address-to-country mapping is notoriously inaccurate.
>
>>The headers are too long to paste into a post, they wrap terribly and
>>the servers won't accept them if they are badly wrapped. Here are the
>>headers for you to see:
>>http://www.ohmster.com/~ohmster/email/
>
> I also saw the post in comp.mail.sendmail
>
>>I tried checking them with this email checker and it appears both
>>originate in Nigeria.
>>http://www.ip2location.com/emailtracer.aspx
>
> As noted above - "IP address-to-country mapping is notoriously
> inaccurate"
Yeah but did you try it? It seems to agree with everything you said and
I read every word, Moe.
> Looking at the ~ohmster/email web page you listed, here's a quick one
>
>]Received: from imta22.emeryville.ca.mail.comcast.net ([76.96.30.39])
>
>]X-Originating-IP: [76.96.30.39]
>
> You asked about that in comp.mail.sendmail - something weird put on
> there by comcast. OK
Yeah, I don't understand that at all.
>]Received: from n4.bullet.ukl.yahoo.com ([217.146.182.181])
> by IMTA22.emeryville.ca.mail.comcast.net
[..]
> Seems to be bouncing around yahoo servers - I see no obvious reason to
> disbelieve this, but "do you trust yahoo?".
Agreed, even the mail header tracer page agrees with that opinion.
>]Received: from [196.220.4.134] by web45406.mail.sp1.yahoo.com via
>]HTTP;
> Wed, 05 Dec 2007 02:39:10 PST
>
> Yahoo claims to have received this (and the timestamps don't look
> completely unreasonable) from IP space owned by Netcom Africa Ltd in
> Lagos, and netcomng.com says that the IP is part of a /30 (4
> addresses) that has been sub-assigned to Skye Communications Surulere
> Lagos. If you google for the first three words, you hit
>
> Web Results 1 - 10 of about 138 for Skye Communications Surulere.
> (0.31 seconds)
>
> Your call.
Yeah, the Nigerian bank scam. Scam all over the place from Nigeria.
>
>]This is supposed to come from the Benin Republic, that is in Africa,
>]off
> the coast of Nigeria.
>
> No, Benin is the next country to the West of Nigeria - formerly called
> Dahomey. It has a coastline of about 60-70 miles, and I'm not aware of
> any significant islands off it's coast.
Thanks for the update.
>]Received: by 10.141.52.7
>
>]Received: by 10.115.23.12
>
> No clue, but context suggests google internal servers. Your call.
>
>]Received: from n8.bullet.mail.tp2.yahoo.com
> (n8.bullet.mail.tp2.yahoo.com [203.188.202.89])
> by mx.google.com with SMTP id j6si1937378wah.2007.12.03.11.25.26;
> Mon, 03 Dec 2007 11:25:35 -0800 (PST)
>
>]Received: from [202.43.196.225] by n8.bullet.mail.tp2.yahoo.com
>
> Those two match up to yahoo blocks in Taiwan.
>
>]Received: from [217.12.4.215] by t2.bullet.tpe.yahoo.com
>
>]Received: from [216.252.122.216] by t2.bullet.ukl.yahoo.com
>
>]Received: from [69.147.65.157] by t1.bullet.sp1.yahoo.com
>
>]Received: from [127.0.0.1] by omp405.mail.sp1.yahoo.com
>
> As above. I'm GUESSING that the 216.252 and 69.147 are not in
> Sunnyvale where 'whois' identifies them, as that is about 11000 feet
> as the crow flies from google in Mountain View, and there wouldn't be
> a very good reason to route the packets half way around the world
> instead of just following the perimeter fence around Moffett Field.
>
>]Received: from [41.223.24.125] by web44913.mail.sp1.yahoo.com via
>]HTTP;
> Mon, 03 Dec 2007 11:25:17 PST
>
> 41.223.24.0/22 is a block allocated to "Best Communications Ltd" in
> Lagos, Nigeria. Hitting google again, I see
>
> Web Results 1 - 10 of about 406 for "Best Communications Ltd".
> (0.29 seconds)
>
> Your call.
Nigeria again. Lot of stuff about Nigerian Fraud. Here is one:
http://www.data-wales.co.uk/nigerian_isps.htm
And another:
http://www.data-wales.co.uk/nigerian.htm
That last one actually warns about listing on craigslist, where I put my
room ad:
If you are buying or selling goods or a service on the Web - take care
(especially if you advertise something on CraigsList or Loot ). The
criminals are likely to make you an offer! They will send you stolen or
forged cheques. You will spot some strange requests for shipping and
payment. They are using "Alert Pay" and "AlertPay International Money
Order" in their mail. Let the writer know if you are in doubt, but a
request for movement of funds via Western Union will strongly indicate
a fraud attempt .
> Comment: I don't know Lagos that well (haven't been there since the
> mid 1970s) but this doesn't smell ANYTHING like freshly caught
> seafood.
>
> Old guy
Nope. Definitely not freshly caught is the right word for it alright. It
has to be a scam, just not sure what it is all about, other than running
me around right now. Maybe they will send a fake check for payment or
overpayment and want money sent back, not sure but this for sure is not
getting my room rented. Thank you for your help, Old Guy.
Now slrn/Comcast does not like my signature, wants it kept to 4 lines
which it is. ...sigh. Using vim and I can pull in a sig with the command
:r ~/sig (symlinked to .sigature) Always worked before.
--
~Ohmster | ohmster /a/t/ ohmster dot com
Put "messageforohmster" in message body
(That is MESSAGE BODY, not Subject!)
to pass my spam filter.
Similar Threads
Linear Mode
