[Dshield] Fwd: Delivery failure to virusinfo@w-gruber.tzo.com--Can anyone explain why this would happen?

Gil Price gprice at gilprice.com
Tue Nov 26 03:24:08 GMT 2002


Actually, further investigation reveals his e-mail address to be
100542,325 at compusrve.com (taken from web page at http://w-gruber.tzo.com),
I would surmise that he's not running an e-mail server on the domain...
-- 
Gil Price
Lexington, SC.

rilya byor said:
>
> --- TZO Mailer <mailer at tzo.com> wrote:
>> X-Apparently-To: rilya1 at yahoo.com via
>> 216.136.224.67; 24 Nov 2002 12:47:46 -0800 (PST)
>> Return-Path: <mailer at tzo.com>
>> Received: from 140.239.225.181  (HELO saf.tzo.com)
>> (140.239.225.181)
>>   by mta589.mail.yahoo.com with SMTP; 24 Nov 2002
>> 12:47:44 -0800 (PST)
>> X-TZO-Forward: rilya byor <rilya1 at yahoo.com>
>> Date: Sun, 24 Nov 2002 20:47:02 GMT
>> To: rilya byor <rilya1 at yahoo.com>
>> From: TZO Mailer <mailer at tzo.com>
>> Subject: Delivery failure to
>> virusinfo at w-gruber.tzo.com
>> Content-Length: 1503
>>
>> Delivery was attempted, but failed because:
>> 451 4.1.8 Domain of sender address rilya1 at yahoo.com
>> does not resolve
>>
>> -=-=-=-=-=-=-=-=-
>> Original Message:
>> -=-=-=-=-=-=-=-=-
>>
>> X-TZO-Forward: virusinfo at w-gruber.tzo.com
>> Received: from 63.100.47.43 by saf.tzo.com
>>  id 2002111711134962563 for
>> virusinfo at w-gruber.tzo.com;
>>  Sun, 17 Nov 2002 16:13:49 GMT
>> Received: (qmail 28027 invoked by uid 504); 17 Nov
>> 2002 16:14:41 -0000
>> Received: from localhost (HELO iceman.incidents.org)
>> (127.0.0.1)
>>   by 0 with SMTP; 17 Nov 2002 16:14:41 -0000
>> Received: (qmail 27132 invoked from network); 17 Nov
>> 2002 16:14:35 -0000
>> Received: from chipper2-int (HELO
>> viper.incidents.org) (10.36.0.2)
>>   by 0 with SMTP; 17 Nov 2002 16:14:35 -0000
>> Received: from localhost.localdomain (chipper2
>> [127.0.0.1])
>>  by viper.incidents.org (8.11.6/8.11.6) with ESMTP
>> id gAHGCho10485;
>>  Sun, 17 Nov 2002 11:12:43 -0500
>> Received: from iceman.incidents.org (iceman
>> [10.51.0.3])
>>  by viper.incidents.org (8.11.6/8.11.6) with SMTP id
>> gAH4lCo28837
>>  for <list at viper.uunet>; Sat, 16 Nov 2002 23:47:12
>> -0500
>> Received: (qmail 15762 invoked from network); 17 Nov
>> 2002 04:47:12 -0000
>> Received: from sundown2-int (HELO dshield.org)
>> (10.36.0.9)
>>   by 0 with SMTP; 17 Nov 2002 04:47:12 -0000
>> Received: (from dshield at localhost)
>>  by dshield.org (8.11.6/8.11.6) id gAH4lCL28049
>>  for list at viper.uunet; Sat, 16 Nov 2002 23:47:12
>> -0500
>> Received: from iceman.incidents.org (iceman
>> [10.51.0.3])
>>  by dshield.org (8.11.6/8.11.6) with SMTP id
>> gAH4lBQ28044
>>  for <list at dshield.org>; Sat, 16 Nov 2002 23:47:11
>> -0500
>> Received: (qmail 15759 invoked from network); 17 Nov
>> 2002 04:47:11 -0000
>> Received: from web14503.mail.yahoo.com
>> (216.136.224.66)
>>   by 0 with SMTP; 17 Nov 2002 04:47:11 -0000
>> Message-ID:
>> <20021117044710.96547.qmail at web14503.mail.yahoo.com>
>> Received: from [151.202.80.170] by
>> web14503.mail.yahoo.com via HTTP; Sat, 16 Nov 2002
>> 20:47:10 PST
>> From: rilya byor <rilya1 at yahoo.com>
>> To: list at dshield.org
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset=us-ascii
>> X-Envelope-To: list at dshield.org
>> Subject: [Dshield] port 137 probes
>> Sender: list-admin at dshield.org
>> Errors-To: list-admin at dshield.org
>> X-BeenThere: list at dshield.org
>> X-Mailman-Version: 2.0.13
>> Precedence: bulk
>> Reply-To: list at dshield.org
>> List-Help:
>> <mailto:list-request at dshield.org?subject=help>
>> List-Post: <mailto:list at dshield.org>
>> List-Subscribe:
>> <http://www.dshield.org/mailman/listinfo/list>,
>>  <mailto:list-request at dshield.org?subject=subscribe>
>> List-Id: General DShield Discussion List
>> <list.dshield.org>
>> List-Unsubscribe:
>> <http://www.dshield.org/mailman/listinfo/list>,
>>
>>
> <mailto:list-request at dshield.org?subject=unsubscribe>
>> List-Archive:
>> <http://www.dshield.org/pipermail/list/>
>> Date: Sat, 16 Nov 2002 20:47:10 -0800 (PST)
>>
>> Help... I've lately been logging hundreds of port
>> 137
>> probes a day, which I understand are coming from the
>> Tanatos/Bugbear worm.  Of course, I have netbios
>> disabled and ports 137-138-139 stealthed, but I'm
>> having a terrible time maintaining a usable dialup
>> connection; I log on and a few minutes later the
>> connection freezes up and I have to redial again,
>> and
>> again... Is all this port 137 activity the cause of
>> this?  My ISP has no explanation (but what do they
>> know...)  If so, what can I do to prevent it?  My
>> phone bill is going to be astronomical if this keeps
>> up.
>> Tnx,
>> Rilya1
>>
>>
>> __________________________________________________
>> Do you Yahoo!?
>> Yahoo! Web Hosting - Let the expert host your site
>> http://webhosting.yahoo.com
>>
>> _______________________________________________
>> Dshield mailing list
>> Dshield at dshield.org
>> To change your subscription options (or
>> unsubscribe), see:
>> http://www.dshield.org/mailman/listinfo/list
>>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list



-----------------------------------------
When you get a chance, stop on by to one of my domains.
Feedback is always welcome :-)...


http://www.gilprice.com
http://www.opedworld.com
http://www.it-firm.com
http://www.pcs-sc.com
http://www.myorgbook.com





More information about the list mailing list