[AusNOG] Westnet Webmail being used for phishing ...

Terry Sweetser terry at skymesh.net.au
Mon Oct 18 10:27:19 EST 2010


 Hello Noggers,

Westnest's ironport and Zimbra is letting some phishing out the front door:

Return-Path: <sjuengling at westnet.com.au>
X-Original-To: terry at staff.skymesh.net.au
Delivered-To: terry at skymesh.net.au
X-Greylist: delayed 548 seconds by postgrey-1.27 at main.skymesh.net.au; Mon, 18 Oct 2010 04:37:00 EST
Received: from outbound-relaysa01.westnet.com.au (outbound-relaysa01.westnet.com.au [202.72.128.4])
	by main.skymesh.net.au (Postfix) with ESMTP id A75224640C3
	for <terry at staff.skymesh.net.au>; Mon, 18 Oct 2010 04:37:00 +1000 (EST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av7/AJbcukzAqCcr/2dsb2JhbACBRY12hSoBAYkNgmgDgT2GMBMDFCYXlx+UGmKBCQQBBQILBwgHSYUSiDGBMoFDDQUIBQsEhnyJFINhhHIMHQF3AQ
X-IronPort-AV: E=Sophos;i="4.57,342,1283702400"; 
   d="scan'208,217";a="107250321"
Received: from unknown (HELO webmail03.westnet.com.au) ([192.168.39.43])
  by outbound-mail01.westnet.com.au with ESMTP; 18 Oct 2010 02:27:50 +0800
Date: Mon, 18 Oct 2010 02:27:50 +0800 (WST)
From: Webmail Support Team <sjuengling at westnet.com.au>
Message-ID: <1240523314.1800271287340070723.JavaMail.root at zim-store03.web.westnet.com.au>
Subject: Attn:Upgrade Your Web-mail Account...
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_113038_303023993.1287340070720"
X-Originating-IP: [60.48.96.6]
X-Mailer: Zimbra 5.0.18_GA_3011.RHEL4_64 (ZimbraWebClient - SAF3 (Win)/5.0.18_GA_3011.RHEL4_64)
To: undisclosed-recipients:;

------=_Part_113038_303023993.1287340070720
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


-- 
Terence C. Sweetser
Engineering Manager

SkyMesh Pty Ltd
Licensed Telecommunications Carrier
ABN 62 113 609 439
37 Baxter Street
FORTITUDE VALLEY Q 4006




More information about the AusNOG mailing list