On Fri, 10 Feb 2017 13:22:31 -0500, Rich Kulawiec said:
On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote:
On a great many mailing lists, Suresh is spot on as this looks more like infected user but headers would be good.
The one I found in my mailbox yesterday tends to support "multiple users infected with a spamming botnet": Received: from smtp.interfree.it (smtp.interfree.it [80.91.55.53]) by mr3.cc.vt.edu (8.14.7/8.14.7) with ESMTP id v190Ro7i021554 for <Valdis.Kletnieks@vt.edu>; Wed, 8 Feb 2017 19:27:56 -0500 Received: from [59.55.63.88] (helo=jame-PC) by smtp.interfree.it with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <bazzanie@interfree.it>) id 1cbcaI-0007Zj-Cz; Thu, 09 Feb 2017 01:27:42 +0100 Message-id: <1427704941.20170209032724@interfree.it> Subject: look at that, it's amazing! From: "William Herrin" <bazzanie@interfree.it> Date: Thu, 9 Feb 2017 06:27:24 +0600 (Wed 19:27 EST) To: "Ronald F. Guilmette" <rfg@tristatelogic.com>, "Robert Webb" <rwebb@ropeguru.com>, "Valdis Kletnieks" <Valdis.Kletnieks@vt.edu>, "Scott Brim" <scott.brim@gmail.com>