[AusNOG] qld transport contact

Sean K. Finn sean.finn at ozservers.com.au
Thu Dec 13 11:30:31 EST 2012 

What I'm seeing is a lot of spam pretending to be QLD Transport,

With the QLD Transport servers added to the mail headers, but they are fake headers to make it look like they've passed through QLD Transport.

The actual mail server handing me the email is 

Received: from a24.satur.ba.cust.gts.sk (62.168.71.248)  by
 chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000

I'm pretty sure QLD transport wouldn't be relaying through a24.satur.ba.cust.gts.sk to get to me.

I'm not sure if it's the same email that you're seeing or not, but it looks like a dodgy way to avoid spam detection without ever having touched the QLD transport servers in reality.

S.


Delivered-To: 5-sf at ozservers.com.au
Received: (qmail 15038 invoked from network); 12 Dec 2012 07:50:35 +1000
Received: from a24.satur.ba.cust.gts.sk (62.168.71.248)  by
 chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
X-Apparently-To: <sf at ozservers.com.au> via 206.190.49.94; Tue, 11 Dec 2012 22:50:56 +0100
Return-Path: <prvs=1792db2606=qt_os_prod at transport.qld.gov.au>
X-Originating-IP: [131.242.168.147]
Authentication-Results: mta1209.mail.mud.yahoo.com  from=transport.qld.gov.au; domainkeys=neutral (no sig);  from=transport.qld.gov.au; dkim=neutral (no sig)
Received: from 131.242.168.147  (EHLO mx1.transport.qld.gov.au)
 (131.242.168.147)  by mta1209.mail.mud.yahoo.com with SMTP; Tue, 11 Dec 2012
 22:50:56 +0100
Received: from extmail1.qdot.qld.gov.au ([203.15.170.226]) by
     mx1.transport.qld.gov.au (8.14.1/8.14.1) with ESMTP id o5P30v16021288
     for <<sf at ozservers.com.au>>; Tue, 11 Dec 2012 22:50:56 +0100
Received: from zzlnx020.qdot.qld.gov.au (unverified) by
      extmail1.qdot.qld.gov.au (Clearswift SMTPRS 5.3.2) with ESMTP id
      <T967b9b22f8cb0faae2a98 at extmail1.qdot.qld.gov.au> for
      <<sf at ozservers.com.au>>; Tue, 11 Dec 2012 22:50:56 +0100
Received: from zzlnx066 (localhost [127.0.0.1]) by zzlnx020.qdot.qld.gov.au
      (Postfix) with ESMTP id 7818288566 for <<sf at ozservers.com.au>>; Tue, 11
 Dec 2012 22:50:56 +0100
Date: Tue, 11 Dec 2012 22:50:56 +0100
Subject: Your online payment with Queensland Transport has been


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Andrew Lau
Sent: Thursday, December 13, 2012 10:07 AM
To: Nathan Ridge
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] qld transport contact

Hi Nathan,

Did Queensland Transport get back to you? All our hostmaster/postmaster addresses over at Fairfax have been getting spammed by them for the last 48 hours as well. Most recently yesterday
(12 December 2012) at 16:41 AEST.

Regards,
Andrew Lau

On 12 December 2012 11:45, Nathan Ridge <ridgey at matilda.net.au> wrote:
> Hi,
>
>
>
> If any QLD Transport contacts are listening could you please contact 
> me off list. We are seeing large amounts of spam emailing originating 
> from yahoo ips being bounced off a QLD Transport mail server with scam 
> payment receipt attachments.
>
>
>
> Cheers
>
>
>
> Nathan
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

--
Andrew Lau
Systems Engineer
Fairfax Media

T:  02 9282 3445
E: alau at fairfaxmedia.com.au

--
The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax Media does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. 
Internet communications are not secure, therefore Fairfax Media does not accept legal responsibility for the contents of this message or attached files.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list